[Snort-users] snort stream decoders

Kukulkan ismandya at ...5836...
Thu Sep 25 23:46:08 EDT 2003


Hi all,
   is there anyway I can configure the snort so that I can see what 
snort  detected on the  traffic flows? for example, the snort matched a 
pattern for  -> "TOP"; nocase; content:!"|0a|" <-, and then it gives me 
the real traffic matching? I have tried acid and it give me this 
feature. I would like to try the same feature using snortsnarf. Maybe I 
can modify something? or is this snort option that I am not aware 
of?(this is most probably). need advice.






More information about the Snort-users mailing list