[Snort-users] -d packet capture

Greg Sarsons gsarsons at ...530...
Fri Sep 21 15:52:01 EDT 2001

Is there a way to not grab the whole packet with snort?  For example in
tcpdump I can set the size.  If I don't want to grab the whole packet am
I better off grabbing with tcpdump and then using snort after?

When dumping to binary file and is either snort or tcpdump(grabbing the
whole packet) more efficient?


More information about the Snort-users mailing list