[Snort-users] Capturing only specific data

quantum at ...8823... quantum at ...8823...
Wed Apr 9 08:51:02 EDT 2003


I am interested in capturing a specific session based on a signature match.
I have the local rules set up to watch for specific events and I have stream4 
enabled.  When I do this it only captures the first segment of session which 
has the signature matching data in it.  What I want to do is capture the 
entire  entire session, i.e. entire sequence of packets associated with a 
specifc transaction. 

Any help is appreciated. 

q






More information about the Snort-users mailing list