Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort + iptables

From: "Ian Jones" <ian () dsl081-056-052 dsl-isp net>
Date: Sat, 21 Jul 2001 20:26:19 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I use iptables to send packets to userspace using QUEUE. You can log
these packets in tcpdump format and then use snort to read in the file
and log to your database.


How exactly are you doing this? You need a program or something at the
other end to catch these packets, have you made one or is there something
already available to do this?


Ooops, sorry. I guess I could have included a URL. Yes, I wrote a packet
dumper for netfilter QUEUE. RPM's and source tarball:
http://www.speakeasy.org/~roux/dmn/pdumpq/

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: Making the world safe for geeks.

iQA/AwUBO1pH2MAVSpfzXItKEQL73ACgnQvHSasuA9xGtY9BFtyzpFRnaA0AoKnd
ml3uFeszDYHmUd3BVPDJKW7Q
=AiOG
-----END PGP SIGNATURE-----



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: