[Snort-users] Snort URL logging

Rich Stryker rstryker at ...7794...
Wed Jan 15 09:51:06 EST 2003


	Thank you for your help. I downloaded the Dsniff from www.datanerds.net. I got 4 tools to play with. WOW! I had no idea how exposed people are! I felt kind of naked to coin a phrase. With MailSnarf I was able to read everyone's emails and with URLSnarf I was able to see where everyone was going. 

I am running DSNIFF on a W2K Server.

	My question is how do I log all of this information in a format that is filterable? I can send it to a txt file by going "URLSnarf -i2 > URL.txt" but is that the only way?

I didn't need to install libpcap nor the libnibs-win32. Is that because I have winpcap already? 

What role does the Berkley db have to play in this, libdb? Dsniff says that it is meant to log in that format but I am not sure as to how that is to be done. I downloaded the db but I am a Windows guy and like to find a setup.exe or install.exe but there was none. Any suggestions on how to install this as well would be great.

DSNIFF has these add-ons [-n -D -s -i -r|-w] I have figured out what the -D, -I, and -w do but what about the rest?

All the help you can offer,


-----Original Message-----
From: Erek Adams [mailto:erek at ...950...]
Sent: Wednesday, January 15, 2003 9:56 AM
To: Rich Stryker
Subject: RE: [Snort-users] Snort URL logging

On Wed, 15 Jan 2003, Rich Stryker wrote:

> Thank you for the information... Now all I need to do is know how I take
> this product and make it work with urlscan on my machine? Can you help
> out with this?

Not really.  I'm not a Win32 guy, I'm more of a *NIX/*BSD person.

The basic idea is to install the cgywin packages, then grab the source of
URLsnarf, untar it, and build/compile it.  This would work for quite a few
*NIX programs in addition to that.

Check this message:


According to that there is a Win32 binary available.

Hope that helps!

Erek Adams

   "When things get wierd, the wierd turn pro."   H.S. Thompson

More information about the Snort-users mailing list