[Snort-users] Snort URL logging
rstryker at ...7794...
Wed Jan 15 09:51:06 EST 2003
Thank you for your help. I downloaded the Dsniff from www.datanerds.net. I got 4 tools to play with. WOW! I had no idea how exposed people are! I felt kind of naked to coin a phrase. With MailSnarf I was able to read everyone's emails and with URLSnarf I was able to see where everyone was going.
I am running DSNIFF on a W2K Server.
My question is how do I log all of this information in a format that is filterable? I can send it to a txt file by going "URLSnarf -i2 > URL.txt" but is that the only way?
I didn't need to install libpcap nor the libnibs-win32. Is that because I have winpcap already?
What role does the Berkley db have to play in this, libdb? Dsniff says that it is meant to log in that format but I am not sure as to how that is to be done. I downloaded the db but I am a Windows guy and like to find a setup.exe or install.exe but there was none. Any suggestions on how to install this as well would be great.
DSNIFF has these add-ons [-n -D -s -i -r|-w] I have figured out what the -D, -I, and -w do but what about the rest?
All the help you can offer,
From: Erek Adams [mailto:erek at ...950...]
Sent: Wednesday, January 15, 2003 9:56 AM
To: Rich Stryker
Subject: RE: [Snort-users] Snort URL logging
On Wed, 15 Jan 2003, Rich Stryker wrote:
> Thank you for the information... Now all I need to do is know how I take
> this product and make it work with urlscan on my machine? Can you help
> out with this?
Not really. I'm not a Win32 guy, I'm more of a *NIX/*BSD person.
The basic idea is to install the cgywin packages, then grab the source of
URLsnarf, untar it, and build/compile it. This would work for quite a few
*NIX programs in addition to that.
Check this message:
According to that there is a Win32 binary available.
Hope that helps!
"When things get wierd, the wierd turn pro." H.S. Thompson
More information about the Snort-users