[Snort-users] How to dump a certain number of tcp packets (for TCPDUMP) when an alert is fired

Erik Fichtner emf at ...367...
Thu Sep 2 09:56:05 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Sep 02, 2004 at 05:05:02PM +0200, Loch Theary wrote:
> Could you please tell me how to log a certain number of packets when an alert is fired (tcp dump format) ? 

	"tag:session,${NUMBER},packets;"

- -- 
Erik Fichtner
Principal Engineer, Information Security, ServerVault Corp.
703-652-5900
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)

iD8DBQFBN1BXQ7EzrewLMS0RAo44AKDAQNM0GLBXm871a181TEspE0gdvwCgu8fk
DM4p3ty2fTBlymbrsqyv5tA=
=SBUM
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list