Re: New to snort

[Jeff Nathan <jeff () snort org>]

Since I'm guessing Robert is looking for a real answer to this question
rather than an advertisement from Silicon Defense, this might help:

The files you're asking about are in pcap format.  They can be read back
in using the -r switch with snort by typing: snort -r
snort-0215 () 2045 log | more
(if you omit the piping of the output to more, all the information in
the log file will scroll by on your display)

Additionally, you can read these files with windump:
http://netgroup-serv.polito.it/windump/

or Ethereal for windows: http://www.ethereal.com/distribution/win32

If you are new to looking at packets, Ethereal might be the best tool as
it's graphical and quite descriptive.

And, as a new user to snort you might enjoy reading the snort user's
manual: http://www.snort.org/docs/writing_rules/ (there should have been
a pdf version in your snort distribution) and the snort FAQ:
http://www.snort.org/docs/faq.html

Thanks for using snort.

-Jeff

Michael Steele wrote:
> - Mike
>
> Commercial Snort Support <<->> 1.866.41.SNORT
>  Silicon Defense -- <www.silicondefense.com>
>     Home of the new SENTRUS Snort sensor!
>   Michael Steele - Snort Support Technician
>
> -----Original Message-----
> From: Michael Steele [mailto:michaels () silicondefense com]
> Sent: Saturday, March 02, 2002 12:58 PM
> To: 'raa () lehighton org'
> Subject: RE: [Snort-users] New to snort
>
> Rob,
>
> Go to www.silicondefense.com and you will get everything you need.
>
> - Mike
>
> Commercial Snort Support <<->> 1.866.41.SNORT
>  Silicon Defense -- <www.silicondefense.com>
>     Home of the new SENTRUS Snort sensor!
>   Michael Steele - Snort Support Technician
>
> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Robert
> Ayers
> Sent: Friday, March 01, 2002 8:21 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] New to snort
>
> First let me start off by saying that I just started using SNORT. I'm
> using the latest release of Snort for Windows, version 1.83. I am
> getting what appear to be log files that I can't read. I am having a
> hard time finding a program that will read them. Can anyone tell me what
> switches that I should be using to eliminate this type of log file? The
> files are named like this; snort-0215 () 2045 log. Can someone point me in
> the right direction of the program that I could use to interpret them?
>
> TIA
>
> Rob
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
http://jeff.wwti.com            (pgp key available)
"Common sense is the collection of prejudices acquired by age eighteen."
- Albert Einstein

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users