[Snort-users] Snort outputing like tcpdump

Christopher Lyon cslyon at ...6523...
Thu Jan 16 15:37:01 EST 2003


Can I have Snort output all packets that it sees to sql is the same
format that tcpdump uses? 

Something like this:  
1.631114 192.168.254.14 -> 192.168.252.10 TCP 17971 > 4891 [PSH, ACK]
Seq=1969621700 Ack=148993671 Win=13152 Len=84

1.636715 192.168.254.10 -> 65.118.203.125 SNMP GET

1.636889 192.168.252.10 -> 192.168.254.14 TCP 4891 > 17971 [PSH, ACK]
Seq=148993671 Ack=1969619212 Win=64400 Len=44

1.638593 192.168.254.14 -> 192.168.252.10 TCP 17971 > 4891 [PSH, ACK]
Seq=1969621784 Ack=148993715 Win=13152 Len=236



I don't care about the payload just the raw stats. Any idea?





More information about the Snort-users mailing list