[Snort-users] Packet Capture

Al Lewis (allewi) allewi at cisco.com
Thu Jun 29 15:39:42 EDT 2017


Check out the session feature:

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node34.html#SECTION00472000000000000000


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Snort-users <snort-users-bounces at lists.snort.org<mailto:snort-users-bounces at lists.snort.org>> on behalf of Justin Pederson via Snort-users <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>>
Reply-To: Justin Pederson <jpedersm at gmail.com<mailto:jpedersm at gmail.com>>
Date: Thursday, June 29, 2017 at 3:08 PM
To: "snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>" <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>>
Subject: [Snort-users] Packet Capture

Is there a way with snort to start a full pcap on an interface for the entire interface or specific IP based on an alert from the IDS?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170629/8366ebb5/attachment.html>


More information about the Snort-users mailing list