Snort mailing list archives
RE: Snort URL logging
From: "Rich Stryker" <rstryker () virtuallearning net>
Date: Wed, 15 Jan 2003 12:50:40 -0500
Hello, Thank you for your help. I downloaded the Dsniff from www.datanerds.net. I got 4 tools to play with. WOW! I had no idea how exposed people are! I felt kind of naked to coin a phrase. With MailSnarf I was able to read everyone's emails and with URLSnarf I was able to see where everyone was going. I am running DSNIFF on a W2K Server. My question is how do I log all of this information in a format that is filterable? I can send it to a txt file by going "URLSnarf -i2 > URL.txt" but is that the only way? I didn't need to install libpcap nor the libnibs-win32. Is that because I have winpcap already? What role does the Berkley db have to play in this, libdb? Dsniff says that it is meant to log in that format but I am not sure as to how that is to be done. I downloaded the db but I am a Windows guy and like to find a setup.exe or install.exe but there was none. Any suggestions on how to install this as well would be great. DSNIFF has these add-ons [-n -D -s -i -r|-w] I have figured out what the -D, -I, and -w do but what about the rest? All the help you can offer, Rich -----Original Message----- From: Erek Adams [mailto:erek () snort org] Sent: Wednesday, January 15, 2003 9:56 AM To: Rich Stryker Subject: RE: [Snort-users] Snort URL logging On Wed, 15 Jan 2003, Rich Stryker wrote:
Thank you for the information... Now all I need to do is know how I take this product and make it work with urlscan on my machine? Can you help out with this?
Not really. I'm not a Win32 guy, I'm more of a *NIX/*BSD person. The basic idea is to install the cgywin packages, then grab the source of URLsnarf, untar it, and build/compile it. This would work for quite a few *NIX programs in addition to that. Check this message: http://marc.theaimsgroup.com/?l=snort-users&m=104256862031118&w=2 According to that there is a Win32 binary available. Hope that helps! ----- Erek Adams "When things get wierd, the wierd turn pro." H.S. Thompson ------------------------------------------------------- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort URL logging ALMEIDA Antonio Jose (Jan 14)
- Re: Snort URL logging Jens Krabbenhoeft (Jan 14)
- <Possible follow-ups>
- RE: Snort URL logging ALMEIDA Antonio Jose (Jan 14)
- RE: Snort URL logging Erek Adams (Jan 14)
- Re: Snort URL logging Jens Krabbenhoeft (Jan 14)
- RE: Snort URL logging Rich Stryker (Jan 14)
- RE: Snort URL logging Erek Adams (Jan 14)
- RE: Snort URL logging L. Christopher Luther (Jan 14)
- RE: Snort URL logging ALMEIDA Antonio Jose (Jan 14)
- RE: Snort URL logging Rich Stryker (Jan 15)
- RE: Snort URL logging Erek Adams (Jan 15)