[Snort-users] How to review actual packets?

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Mon Jun 11 13:02:28 EDT 2001


Hello,

I'm new to Snort and just installed my first server on Red Hat Linux 7.0. I
am trying to identify why certain machines are setting off alarms. I need to
view the actual packets that were sent by the machine so I can see what URL
they went to etc. How can I view this info in Snort? I've already looked at
our web logs and they don't contain the info I need. I need actual sniffer
traces.

Any help would be appreciated!

Thanks,
Paul




More information about the Snort-users mailing list