[Snort-users] -b binary capture

Greg Sarsons gsarsons at ...530...
Fri Sep 28 09:43:04 EDT 2001


I see that snort by default with binary dump captures 1514.  Well this
is just to much for my little 30 Gig hard drive on a busy school
network.  I'm going to do some analysis with snort after but will also
be using tcptrace, ipfw and a few others.

If I grab 10%, say 150 vice 1514, will I really be limiting what I can
do after?  Doesn't tcpdump by default grab 68.

The traffic bw from what I know on the network has peaked at about
20Mb/sec but the average seems to be 11Mb/sec.  If I plug into another
smaller subnet the traffic bw could drop even more.

Again this has got to fit on a 30Gig drive.  The more days that I can
capture the better for the statistics.  Filling the hard drive in only
one day doesn't really give a nice look.

Any recommendations?

Greg


-------------- next part --------------
A non-text attachment was scrubbed...
Name: gsarsons.vcf
Type: text/x-vcard
Size: 132 bytes
Desc: Card for Greg Sarsons
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010928/2eeeb934/attachment.vcf>


More information about the Snort-users mailing list