[Snort-users] Snort outputing like tcpdump

Gonzalez, Albert albert.gonzalez at ...7950...
Fri Jan 17 05:50:06 EST 2003

check out output tcpdump in your conf file or -b on the command line


-----Original Message-----
From: Christopher Lyon [mailto:cslyon at ...6523...]
Sent: Thursday, January 16, 2003 6:36 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort outputing like tcpdump

Can I have Snort output all packets that it sees to sql is the same
format that tcpdump uses? 

Something like this:  
1.631114 -> TCP 17971 > 4891 [PSH, ACK]
Seq=1969621700 Ack=148993671 Win=13152 Len=84

1.636715 -> SNMP GET

1.636889 -> TCP 4891 > 17971 [PSH, ACK]
Seq=148993671 Ack=1969619212 Win=64400 Len=44

1.638593 -> TCP 17971 > 4891 [PSH, ACK]
Seq=1969621784 Ack=148993715 Win=13152 Len=236

I don't care about the payload just the raw stats. Any idea?

This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache 
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list