[Snort-users] capturing a suspisous traffic stream

Chris Green cmg at ...671...
Mon Oct 22 20:29:06 EDT 2001

"Stan Scalsky" <sscalsk at ...3339...> writes:

> that is cool and just what I was looking to do also - how about in addition
> to # of seconds maybe # of packets? say "tag: session, 50, packets;" to grab
> up to the next 50 packets. or can i already do this elsewhere?

yes. With that same syntax.  docs seem to be messed up on snort.org at
the moment.

We'll get that fixed.
Chris Green <cmg at ...671...>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod

More information about the Snort-users mailing list