[Snort-users] whether wireshark can be integrated with snort??

Nigel Houghton nhoughton at ...1935...
Sun May 24 10:46:37 EDT 2009

On Sat, May 23, 2009 at 4:04 PM, Stephen Mullins
<steve.mullins.work at ...11827...> wrote:
> I would suggest you use Sguil with Snort and you can launch wireshark
> from Sguil if needed.
> Or you could use an inline network TAP on the cable running from the
> SPAN port to the Wireshark box to "split" the signal so it goes to
> both the Snort sensor and the Wireshark box.
> Steve Mullins
> On Tue, May 19, 2009 at 12:01 PM, Sadanand Ghagare <sadanandgh at ...11827...> wrote:
>> Hi
>> We are in process to implement snort as network sensor in our network. But
>> problem here is, we already have wireshark machine connected to monitoring
>> port of switch and we don't want to disturb existing setup.
>> So whether it is possible to integrate snort with wireshark so that snort
>> can analyze the packets captured by wireshark as per snort rule base.
>> If yes, how to configure it.
>> I hope I am up to the point for my requirements.

Ignoring all the drawbacks of using a windows box for this, I have to
know exactly what the wireshark instance is doing? Is someone really
looking at the data? Is wireshark being used to dump out all traffic
so that someone can go back and look at it later? Is someone watching
it real time?

Nigel Houghton
Head Mentalist
http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/

More information about the Snort-users mailing list