[Snort-users] Get one specific attack dump from snort dump file.

Joel Esler joel.esler at ...1935...
Sat Jan 5 10:57:10 EST 2008


You can use Snort or tcpdump to read the pcap files back.

use the -r tag in order to read the contents of the file.

For example.  Snort -r snort_tcpdump.log

J


On Sat, Jan 05, 2008 at 11:28:22AM -0200, it looks like Jorge Luiz Corrêa sent me:
> Hello World. This is my first post.
> 
> I have looked for in the last time a manner to get one specific attack 
> information from the snort dump file. So, I didn't find it. :/
> 
> For example, my snort is configured to gather packets on 
> snort_tcpdump.log and alerts on alert.log. When I see one alert in 
> alert.log, I need to get the packets from snort_tcpdump.log related to 
> this alert. Someone can help me? Do exist one possibility to do this?
> 
> For example, I need a system very similar to that present in Honeywall 
> CDROM (Honeynet Project). In this tool is possible to visualize the 
> occurrences of alerts. By clicking on alerts we can choose a 'decode 
> packets' option that show exactly the packets of this alert.
> 
> Is there an option like this on snort or tcpdump? I think this operation 
> is performed by a set os perl scripts on Honeywall tool.
> 
> Thank for all.
> :)
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 



--




More information about the Snort-users mailing list