[Snort-users] How to review actual packets?

Chris Green cmg at ...671...
Mon Jun 11 13:41:59 EDT 2001


"Sheahan, Paul (PCLN-NW)" <Paul.Sheahan at ...2218...> writes:

> Hello,
> 
> I'm new to Snort and just installed my first server on Red Hat Linux 7.0. I
> am trying to identify why certain machines are setting off alarms. I need to
> view the actual packets that were sent by the machine so I can see what URL
> they went to etc. How can I view this info in Snort? I've already looked at
> our web logs and they don't contain the info I need. I need actual sniffer
> traces.

log with the -b option and use a sniffer that can read tcpdump files
such as ethereal ( www.ethereal.com ) or tcpdump.
-- 
Chris Green <cmg at ...671...>
This is my signature. There are many like it but this one is mine.




More information about the Snort-users mailing list