[Snort-users] Packet Number in Log file

Beenish Raza beenish.raza at ...125...
Wed Jun 25 10:59:01 EDT 2014


I have to match a set of rules against a traffic trace file (pcap file). I have to report a packet which contains a specified rule. The issue is that I want to log the packet number of the packet as well while logging those packets which contain a match. E.g I have a pcap file with 10 packets and 8th packet gets matched against a certain rule. In this case, I want that the log should also specify that 8th packet contains a match. 
I used   –A alert to log to a file and get something like this in output:08/15-17:27:48.482649  [**] [1:500020:0] Rule no.20 [**] [Priority: 0] {TCP} 244.85.5.101:443 -> 10.34.6.10:38835
Now, I am not getting it where is the packet number because the (testing) pcap file I am using just contains 14 packets. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140625/46d0f1cc/attachment.html>


More information about the Snort-users mailing list