Re: [Snort-users] Get one specific attack dump from snort dump file.

This is a discussion on Re: [Snort-users] Get one specific attack dump from snort dump file. within the Snort forums, part of the System Security and Security Related category; You can use Snort or tcpdump to read the pcap files back. use the -r tag in order to read ...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page Re: [Snort-users] Get one specific attack dump from snort dump file.

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 01-05-2008
Joel Esler
 
Posts: n/a
Default Re: [Snort-users] Get one specific attack dump from snort dump file.
You can use Snort or tcpdump to read the pcap files back.

use the -r tag in order to read the contents of the file.

For example. Snort -r snort_tcpdump.log

J


On Sat, Jan 05, 2008 at 11:28:22AM -0200, it looks like Jorge Luiz Corr=EAa=
sent me:
> Hello World. This is my first post.
> =

> I have looked for in the last time a manner to get one specific attack =

> information from the snort dump file. So, I didn't find it. :/
> =

> For example, my snort is configured to gather packets on =

> snort_tcpdump.log and alerts on alert.log. When I see one alert in =

> alert.log, I need to get the packets from snort_tcpdump.log related to =

> this alert. Someone can help me? Do exist one possibility to do this?
> =

> For example, I need a system very similar to that present in Honeywall =

> CDROM (Honeynet Project). In this tool is possible to visualize the =

> occurrences of alerts. By clicking on alerts we can choose a 'decode =

> packets' option that show exactly the packets of this alert.
> =

> Is there an option like this on snort or tcpdump? I think this operation =

> is performed by a set os perl scripts on Honeywall tool.
> =

> Thank for all.
> :)
> =

> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...=3Dsnort-users
> =




--

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...=3Dsnort-users
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 05:56 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0