[Snort-users] Snort outputing like tcpdump

Gonzalez, Albert albert.gonzalez at ...7950...
Fri Jan 17 05:50:06 EST 2003


check out output tcpdump in your conf file or -b on the command line

Cheers!

-----Original Message-----
From: Christopher Lyon [mailto:cslyon at ...6523...]
Sent: Thursday, January 16, 2003 6:36 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort outputing like tcpdump


Can I have Snort output all packets that it sees to sql is the same
format that tcpdump uses? 

Something like this:  
1.631114 192.168.254.14 -> 192.168.252.10 TCP 17971 > 4891 [PSH, ACK]
Seq=1969621700 Ack=148993671 Win=13152 Len=84

1.636715 192.168.254.10 -> 65.118.203.125 SNMP GET

1.636889 192.168.252.10 -> 192.168.254.14 TCP 4891 > 17971 [PSH, ACK]
Seq=148993671 Ack=1969619212 Win=64400 Len=44

1.638593 192.168.254.14 -> 192.168.252.10 TCP 17971 > 4891 [PSH, ACK]
Seq=1969621784 Ack=148993715 Win=13152 Len=236



I don't care about the payload just the raw stats. Any idea?



-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by
implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache 
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list