[Snort-users] Tcpdump full conversation capture

Joel Esler joel.esler at ...1935...
Wed Sep 28 13:52:47 EDT 2005


you might want to increase the snaplen...

-s 1514..

Joel


On Sep 28, 2005, at 4:45 PM, Court Graham wrote:

> All,
>
>   I have been performing binary packet captures with tcpdump for  
> use in a snort signature!
>
> (  tcpdump -w "file" host x.x.x.x  )
>
> This string does not capture the full conversation. Does anyone  
> know the switch that will enable this functionality!





More information about the Snort-users mailing list