[Snort-users] Odd characters from ASCII capture?

Martin Roesch roesch at ...421...
Sat Jan 6 01:27:32 EST 2001


Those are escape codes for color on the terminal (i.e. the guy is using ls
with colors).  Turn off the color capabilities? :)

To get non-echo'd traffic, we'd have to move the session capture code into the
stream reassembler (well, integrate it somehow) so it's non-trivial at first
inspection.  OTOH, there might be a way to have the stream reassembler tag a
packet as inbound to server/outbound to client or something....

    -Marty

Lance Spitzner wrote:
> 
> I am using snort to capture keystrokes (ver 1.6.3).  I'm getting
> odd control characters when users do an ls.  The system being
> sniffed in this case is Linux.  Any way to eliminate these
> control characters?
> 
> --- snort capture ---
> 
> ]0;[root at ...1099... /usr]# llss
> 
> [00m[01;34mX11R6[00m  [01;34mdoc[00m    [01;34mi386-redhat-linux[00m  [01;34minfo[00m      [01;34mlibexec[00m
> [01;34msbin[00m   [01;36mtmp[00m
> [01;34mbin[00m    [01;34metc[00m    [01;34mi486-linux-libc5[00m   [01;34mkerberos[00m  [01;34mlocal[00m    [01;
> 34mshare[00m  [01;34mtxt[00m
> [01;34mdict[00m   [01;34mgames[00m  [01;34minclude[00m            [01;34mlib[00m       [01;34mman[00m      [01;
> 34msrc[00m
> 
> --- snip snip ---
> 
> Also, now that 1.7 has TCP-session capabilities, is there any way to
> NOT have the input characters echoed during a telent session?
> 
> Thanks!
> 
> --
> Lance Spitzner
> http://project.honeynet.org
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list