[Snort-users] snort and tcpdump

David Bellizzi dbelliz at ...4880...
Fri Feb 8 00:22:03 EST 2002


Try snort -dve <insert your tcpdump filters here>
and see what you get.
db

Ganu Skop wrote:

>hi all,
>got this matter to solve;
>anyone got a paper/reference  on tcpdump and snort - a
>reference need it pretty badly.
>as in my opinion, tcpdump by default only capture 60
>bytes of data (no payload) and we need to do the
>filter based on abnormal packet behaviour - more or
>less like shadow ids.
>where as snort has all the feature with rules , stream
>assembly and etc.
>therefore it's better to run snort than capture
>tcpdump and load it back to snort ..right ?
>
>need ur feedback
>
>
>=====
>//skopganu
>
>__________________________________________________
>Do You Yahoo!?
>Send FREE Valentine eCards with Yahoo! Greetings!
>http://greetings.yahoo.com
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>






More information about the Snort-users mailing list