[Snort-users] Logging Reassembled Packets

Patrik Nordlén patrik.nordlen at ...6680...
Fri Mar 14 04:05:02 EDT 2008


On Friday 14 March 2008 08.26.26 Kamran Shafi wrote:
> BTW, I just wanted to have a summary record of each session (initiated with
> a 3WHS and terminated by a 4WHS) similar to the Snort's summary log packet
> for portscans - I am not sure how tcpdump or other software mentioned in
> this thread can do that. It looks like I will have to write one myself. In
> addition I also wanted to track UDP and ICMP sessions - any ideas on how to
> do that?

What you describe is argus.

http://qosient.com/argus/

Regards,
Patrik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1390 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20080314/b223a7f0/attachment.bin>


More information about the Snort-users mailing list