[Snort-users] Traffic Capture

wkitty42 at windstream.net wkitty42 at windstream.net
Fri Dec 8 04:45:19 EST 2017

On 12/08/2017 04:20 AM, Syed Hammad Tahir wrote:
> I am specifically interested in capturing the ARP request data. Any help
> will be appreciated.

if all you are wanting to do is capture traffic, why not use tcpdump or 
wireshark? that's what they do... something like this should do...

   tcpdump -i eth0 -s0 -w arp_traffic.pcap 'arp or icmp'

check the tcpdump docs to understand the options given...

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*

More information about the Snort-users mailing list