Snort mailing list archives
Re: Running Snort in Sniffer mode
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 22 Apr 2004 17:39:06 -0400
At 12:05 PM 4/22/2004, Marlon.Richards () Windalco com wrote:
I have the Engage security EagleX package running on a windows2000 box. It is a flavour of snort, msql and ACID. I think the default config is that of and IDS but i would like to configure it as a sniffer that would allow me collect any analysis data on a continual basis. I have ethereal but it cannot continuously collect data. Are there any open source solutions that do that (something similar to NIA's Sniffer Portable).?
AFAIK Snort's sniffer mode doesn't really log to databases.. it's more-or-less the same as tcpdump. It just pumps packets to the screen and that's all.
It should also be noted that "Sniffer Portable" isn't really a sniffer in the conventional sense. Sniffers log packets. Sniffer Portable logs traffic statistics, and conversational flows without logging data.
As far as ethereal goes, why can't you run it continuously? Doesn't it have an option to force over-writing of the buffer when the buffer get's full? Packetyzer (an ethereal port to windows) seems to handle that mode quite well, although I've never tried to run it forever, I have run it well past the buffer limits.
------------------------------------------------------- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Password characters that snort does not like Harper, Patrick (Apr 22)
- Running Snort in Sniffer mode Marlon . Richards (Apr 22)
- Message not available
- Re: Running Snort in Sniffer mode Matt Kettler (Apr 22)
- Message not available
- Running Snort in Sniffer mode Marlon . Richards (Apr 22)
- Message not available
- Re: Password characters that snort does not like Matt Kettler (Apr 22)