[Snort-users] Need to log FULL packets

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Wed Mar 13 10:08:25 EST 2002


I'm doing an investigation on some unusual UDP traffic on my network and am
using Snort 1.9 on Linux to monitor the data. The traces of each packet are
getting cut off in the logs. How can I be sure I am getting ALL of each
packet in the traces? The more info I can gather on each packet during this
test would be ideal (I'm not concerned about speed or missed packets).

Can anyone recommend the correct Snort switches so I can gather the MOST
thorough data?

Thanks in advance!

More information about the Snort-users mailing list