Re: Running Snort in Sniffer mode

[Matt Kettler <mkettler () evi-inc com>]

At 12:05 PM 4/22/2004, Marlon.Richards () Windalco com wrote:
> I have the Engage security EagleX package running on a windows2000 box. It
> is a flavour of snort, msql and ACID. I think the default config is that of
> and IDS but i would like to configure it as a sniffer that would allow me
> collect any analysis data on a continual basis. I have ethereal but it
> cannot continuously collect data. Are there any open source solutions that
> do that (something similar to NIA's Sniffer Portable).?

AFAIK Snort's sniffer mode doesn't really log to databases.. it's 
more-or-less the same as tcpdump. It just pumps packets to the screen and 
that's all.

It should also be noted that "Sniffer Portable" isn't really a sniffer in 
the conventional sense. Sniffers log packets. Sniffer Portable logs traffic 
statistics, and conversational flows without logging data.

As far as ethereal goes, why can't you run it continuously?  Doesn't it 
have an option to force over-writing of the buffer when the buffer get's full?
Packetyzer (an ethereal port to windows) seems to handle that mode quite 
well, although I've never tried to run it forever, I have run it well past 
the buffer limits.





-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users