Snort mailing list archives
Re: How to review actual packets?
From: Chris Green <cmg () uab edu>
Date: 11 Jun 2001 12:41:59 -0500
"Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com> writes:
Hello, I'm new to Snort and just installed my first server on Red Hat Linux 7.0. I am trying to identify why certain machines are setting off alarms. I need to view the actual packets that were sent by the machine so I can see what URL they went to etc. How can I view this info in Snort? I've already looked at our web logs and they don't contain the info I need. I need actual sniffer traces.
log with the -b option and use a sniffer that can read tcpdump files such as ethereal ( www.ethereal.com ) or tcpdump. -- Chris Green <cmg () uab edu> This is my signature. There are many like it but this one is mine. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to review actual packets? Sheahan, Paul (PCLN-NW) (Jun 11)
- Re: How to review actual packets? Chris Green (Jun 11)
- Logging Question Jim Kipp (Jun 11)
- Re: Logging Question Phil Wood (Jun 11)
- Re: Logging Question Rich Adamson (Jun 11)
- Logging Question Jim Kipp (Jun 11)
- Re: How to review actual packets? John Sage (Jun 11)
- Re: How to review actual packets? Chris Green (Jun 11)