[Snort-users] Help

twig les twigles at ...131...
Tue Jan 21 20:32:03 EST 2003


I usually just sniff with tcpdump into a binary file
(or pipe into a text file if there isn't much traffic)
and read it back with Ethereal.  Doesn't get much
easier than hitting the "Follow TCP Stream" button.

--- "Semerjian, Ohanes" <Semerjian.Ohanes at ...4899...>
wrote:
> There is another way of achieving ur goal and that
> is by writing a rule
> something like
> 
> alert tcp employee_IP_address any -> dest_IP 25
> (msg:"whatever u whant";)
> 
> 
> 
> Best Regards
> 
> Ohanes Semerjian
> 
> 
> -----Original Message-----
> From: Guru Cumarasamy
> [mailto:gcumarasamy at ...8044...]
> Sent: Tuesday, 21 January 2003 4:00 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Help
> 
> 
> Is it possible to re-construct TCP packets in snort?
> for example my employer
> wants to know all smtp communication between an
> employee and an outside
> user, can I go and re-construct all TCP port 25
> traffic from the snort log.
> I am running snort with the -b option.
> 
> Thanks in advance
> 
> 
> 
> 
>
-------------------------------------------------------
> This SF.net email is sponsored by: Scholarships for
> Techies!
> Can't afford IT training? All 2003 ictp students
> receive scholarships.
> Get hands-on training in Microsoft, Cisco, Sun,
> Linux/UNIX, and more.
> www.ictp.com/training/sourceforge.asp
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com




More information about the Snort-users mailing list