[Snort-users] How to know what is "any" ip address???

zT zzahra88 at ...11827...
Mon Feb 2 08:39:36 EST 2015


i add your code at the end of my sonrt.conf file but this error occur:
ERROR: /etc/snort/snort.conf(686) Unknown output plugin: "log_tcpdump
 /etc/snort/tcp_logfile"
Fatal Error, Quitting..

On Mon, Feb 2, 2015 at 5:01 PM, Jack Pepper <pepperjack at ...14319...
> wrote:

> put this in your config file:
>
> output log_tcpdump  tcp_logfile
>
> On Mon, Feb 2, 2015 at 7:11 AM, zT <zzahra88 at ...11827...> wrote:
>
>> hello all i use
>> alert tcp any any -> any any (msg:"network found in packet content!!!";
>> content:"network"; sid:10000; )
>> when snort find a packet with FB content i want to which ip address this
>> packet is comes from (ip header of packet) and store this packet( it
>> content and headers) in a file.
>> how can do this ?
>> With Regards.
>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming. The Go Parallel Website,
>> sponsored by Intel and developed in partnership with Slashdot Media, is
>> your
>> hub for all things parallel software development, from weekly thought
>> leadership blogs to news, videos, case studies, tutorials and more. Take a
>> look and join the conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150202/15b3ed78/attachment.html>


More information about the Snort-users mailing list