[Snort-users] snort and tcpdump
dbelliz at ...4880...
Fri Feb 8 00:22:03 EST 2002
Try snort -dve <insert your tcpdump filters here>
and see what you get.
Ganu Skop wrote:
>got this matter to solve;
>anyone got a paper/reference on tcpdump and snort - a
>reference need it pretty badly.
>as in my opinion, tcpdump by default only capture 60
>bytes of data (no payload) and we need to do the
>filter based on abnormal packet behaviour - more or
>less like shadow ids.
>where as snort has all the feature with rules , stream
>assembly and etc.
>therefore it's better to run snort than capture
>tcpdump and load it back to snort ..right ?
>need ur feedback
>Do You Yahoo!?
>Send FREE Valentine eCards with Yahoo! Greetings!
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:
More information about the Snort-users