Snort mailing list archives
-b binary capture
From: Greg Sarsons <gsarsons () home com>
Date: Fri, 28 Sep 2001 12:41:53 -0400
I see that snort by default with binary dump captures 1514. Well this is just to much for my little 30 Gig hard drive on a busy school network. I'm going to do some analysis with snort after but will also be using tcptrace, ipfw and a few others. If I grab 10%, say 150 vice 1514, will I really be limiting what I can do after? Doesn't tcpdump by default grab 68. The traffic bw from what I know on the network has peaked at about 20Mb/sec but the average seems to be 11Mb/sec. If I plug into another smaller subnet the traffic bw could drop even more. Again this has got to fit on a 30Gig drive. The more days that I can capture the better for the statistics. Filling the hard drive in only one day doesn't really give a nice look. Any recommendations? Greg
Attachment:
gsarsons.vcf
Description: Card for Greg Sarsons
Current thread:
- -b binary capture Greg Sarsons (Sep 28)
- Re: -b binary capture Erek Adams (Sep 28)