[Snort-users] Tcpdump full conversation capture
joel.esler at ...1935...
Wed Sep 28 13:52:47 EDT 2005
you might want to increase the snaplen...
On Sep 28, 2005, at 4:45 PM, Court Graham wrote:
> I have been performing binary packet captures with tcpdump for
> use in a snort signature!
> ( tcpdump -w "file" host x.x.x.x )
> This string does not capture the full conversation. Does anyone
> know the switch that will enable this functionality!
More information about the Snort-users