[Snort-users] Packet Number in Log file

Russ Combs (rucombs) rucombs at ...589...
Wed Jun 25 11:32:21 EDT 2014


________________________________
From: Beenish Raza [beenish.raza at ...125...]
Sent: Wednesday, June 25, 2014 10:59 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Packet Number in Log file

I have to match a set of rules against a traffic trace file (pcap file). I have to report a packet which contains a specified rule. The issue is that I want to log the packet number of the packet as well while logging those packets which contain a match. E.g I have a pcap file with 10 packets and 8th packet gets matched against a certain rule. In this case, I want that the log should also specify that 8th packet contains a match.

I used   –A alert to log to a file and get something like this in output:
08/15-17:27:48.482649  [**] [1:500020:0] Rule no.20 [**] [Priority: 0] {TCP} 244.85.5.101:443 -> 10.34.6.10:38835

Now, I am not getting it where is the packet number because the (testing) pcap file I am using just contains 14 packets.

* Try -A console:test instead.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140625/391e9ab9/attachment.html>


More information about the Snort-users mailing list