[Snort-users] capturing a suspisous traffic stream
cmg at ...671...
Mon Oct 22 20:29:06 EDT 2001
"Stan Scalsky" <sscalsk at ...3339...> writes:
> that is cool and just what I was looking to do also - how about in addition
> to # of seconds maybe # of packets? say "tag: session, 50, packets;" to grab
> up to the next 50 packets. or can i already do this elsewhere?
yes. With that same syntax. docs seem to be messed up on snort.org at
We'll get that fixed.
Chris Green <cmg at ...671...>
"Not everyone holds these truths to be self-evident, so we've worked
up a proof of them as Appendix A." -- Paul Prescod
More information about the Snort-users