Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort URL logging

From: "Rich Stryker" <rstryker () virtuallearning net>
Date: Wed, 15 Jan 2003 12:50:40 -0500
Hello,

        Thank you for your help. I downloaded the Dsniff from www.datanerds.net. I got 4 tools to play with. WOW! I had 
no idea how exposed people are! I felt kind of naked to coin a phrase. With MailSnarf I was able to read everyone's 
emails and with URLSnarf I was able to see where everyone was going. 

I am running DSNIFF on a W2K Server.

        My question is how do I log all of this information in a format that is filterable? I can send it to a txt file 
by going "URLSnarf -i2 > URL.txt" but is that the only way?

I didn't need to install libpcap nor the libnibs-win32. Is that because I have winpcap already? 

What role does the Berkley db have to play in this, libdb? Dsniff says that it is meant to log in that format but I am 
not sure as to how that is to be done. I downloaded the db but I am a Windows guy and like to find a setup.exe or 
install.exe but there was none. Any suggestions on how to install this as well would be great.

DSNIFF has these add-ons [-n -D -s -i -r|-w] I have figured out what the -D, -I, and -w do but what about the rest?

All the help you can offer,

Rich
 


-----Original Message-----
From: Erek Adams [mailto:erek () snort org]
Sent: Wednesday, January 15, 2003 9:56 AM
To: Rich Stryker
Subject: RE: [Snort-users] Snort URL logging

On Wed, 15 Jan 2003, Rich Stryker wrote:


Thank you for the information... Now all I need to do is know how I take
this product and make it work with urlscan on my machine? Can you help
out with this?


Not really.  I'm not a Win32 guy, I'm more of a *NIX/*BSD person.

The basic idea is to install the cgywin packages, then grab the source of
URLsnarf, untar it, and build/compile it.  This would work for quite a few
*NIX programs in addition to that.

Check this message:

        http://marc.theaimsgroup.com/?l=snort-users&m=104256862031118&w=2

According to that there is a Win32 binary available.

Hope that helps!

-----
Erek Adams

   "When things get wierd, the wierd turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by: A Thawte Code Signing Certificate
is essential in establishing user confidence by providing assurance of
authenticity and code integrity. Download our Free Code Signing guide:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: