[Snort-users] Logging Reassembled Packets
patrik.nordlen at ...6680...
Fri Mar 14 04:05:02 EDT 2008
On Friday 14 March 2008 08.26.26 Kamran Shafi wrote:
> BTW, I just wanted to have a summary record of each session (initiated with
> a 3WHS and terminated by a 4WHS) similar to the Snort's summary log packet
> for portscans - I am not sure how tcpdump or other software mentioned in
> this thread can do that. It looks like I will have to write one myself. In
> addition I also wanted to track UDP and ICMP sessions - any ideas on how to
> do that?
What you describe is argus.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1390 bytes
Desc: not available
More information about the Snort-users