<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.3315.2870" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Before I spend too much time playing around with
snort, I wonder if someone can confirm whether snort would meet my needs for a
specific application. I need a non-interactive process which will monitor
small network at company to intercept tcp traffic going to a
printer. This process would run continuously, but once the tcp
printer traffic is detected a different program would be initiated to
process data.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Currently I have been playing with a perl script
which continously executes tethereal every 60 sec and I process log for
data of interest.</FONT></DIV>
<DIV><FONT face=Arial size=2>tethereal.exe -f "dst 149.59.152.28" -a duration:60
-w outfile</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>I wondered if I could use snort and create a
specific rule file for tcp traffic (maybe to include only tcp port
515 packets)? My expectation is the log file would only be created
when tcp traffic to printer occurs, and the content of tcp stream is present in
log. If I could start snort in daemon mode and have it constantly append
to log, then I could have another program running which monitors log and when
new data is present, processes the data. </FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Please confirm is snort could work in this manner,
and if so can you provide the correct syntax for snort and rule using detail I
provided above. Any suggestions are appreciated.
THANKS!</FONT></DIV></BODY></HTML>