Re: [Snort-users] [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured
This is a discussion on Re: [Snort-users] [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured within the Snort forums, part of the System Security and Security Related category; On Thu, Dec 06, 2007 at 06:22:41PM +0100, Jordi Espasa Clofent wrote: <snip> > To check ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-06-2007
|
|||
|
|||
Re: [Snort-users] [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured
On Thu, Dec 06, 2007 at 06:22:41PM +0100, Jordi Espasa Clofent wrote:
<snip> > To check the re-injection process I quit the ethernet wire and launch a > tcpdump instance at the same time I lauch the step number 2; I think the > tcpdump should show traffic, so it's completely localhost traffic. > > $ tcpdump -i vr0 -v The difference between your command and Marty's is that yours lacks a '-n', so your host is trying like mad to resolve the IP addresses passing on vr0. If my speculation is correct, if you let that command run long enough, you'll eventually see output. I basically never run tcpdump without a -n. -jon ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
