Snort mailing list archives
Re: Snort + iptables
From: "Ian Jones" <ian () dsl081-056-052 dsl-isp net>
Date: Sat, 21 Jul 2001 20:26:19 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I use iptables to send packets to userspace using QUEUE. You can log these packets in tcpdump format and then use snort to read in the file and log to your database.How exactly are you doing this? You need a program or something at the other end to catch these packets, have you made one or is there something already available to do this?
Ooops, sorry. I guess I could have included a URL. Yes, I wrote a packet dumper for netfilter QUEUE. RPM's and source tarball: http://www.speakeasy.org/~roux/dmn/pdumpq/ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> Comment: Making the world safe for geeks. iQA/AwUBO1pH2MAVSpfzXItKEQL73ACgnQvHSasuA9xGtY9BFtyzpFRnaA0AoKnd ml3uFeszDYHmUd3BVPDJKW7Q =AiOG -----END PGP SIGNATURE----- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort + iptables Bradley M Alexander (Jul 21)
- Re: Snort + iptables Ian Jones (Jul 21)
- Re: Snort + iptables Andreas Hasenack (Jul 21)
- Re: Snort + iptables Ian Jones (Jul 21)
- Re: Snort + iptables Andreas Hasenack (Jul 21)
- <Possible follow-ups>
- Re: Snort + iptables SHAIFUL HASHIM (Jul 23)
- Re: Re: Snort + iptables Jason Haar (Jul 23)
- Re: Snort + iptables Ian Jones (Jul 21)