Snort mailing list archives
Re: snort and packet sniffing
From: Stef <stefmit () gmail com>
Date: Wed, 18 Aug 2004 20:29:03 -0500
The one reason I could think of would be formatiing and output values of one, compared to the other, perhaps?!?! --- sample tcpdump: 19:46:30.149248 00:10:db:20:e6:c2 > 00:0a:95:a9:e3:60, ethertype IPv4, length 78: IP (tos 0x0, ttl 50, id 38278, offset 0, flags [DF], length: 60) p20.www.dcn.yahoo.com.http > 172.19.3.230.60836: S [tcp sum ok] 2888742917:2888742917(0) ack 3825328951 win 65535 <mss 1460,nop,wscale 1,nop,nop,timestamp 553709764 2833864592> 0x0000 4500 003c 9586 4000 3206 b4ff d86d 75cf E..<..@.2....mu. 0x0010 ac13 03e6 0050 eda4 ac2e b805 e401 e337 .....P.........7 0x0020 a012 ffff 211f 0000 0204 05b4 0103 0301 ....!........... 0x0030 0101 080a 2100 f0c4 a8e9 5790 eb1d 0f5d ....!.....W....] --- sample snort, with similar packet 08/18-19:47:11.966415 0:10:DB:20:E6:C2 -> 0:A:95:A9:E3:60 type:0x800 len:0x4E 216.109.117.110:80 -> 172.19.3.230:61197 TCP TTL:49 TOS:0x0 ID:20853 IpLen:20 DgmLen:60 DF ***A**S* Seq: 0xA26752A9 Ack: 0xA04BE66E Win: 0xFFFF TcpLen: 40 TCP Options (6) => MSS: 1460 NOP WS: 1 NOP NOP TS: 553707434 2833864676 0x0000: 00 0A 95 A9 E3 60 00 10 DB 20 E6 C2 08 00 45 00 .....`... ....E. 0x0010: 00 3C 51 75 40 00 31 06 FA 71 D8 6D 75 6E AC 13 .<Qu () 1 q mun.. 0x0020: 03 E6 00 50 EF 0D A2 67 52 A9 A0 4B E6 6E A0 12 ...P...gR..K.n.. 0x0030: FF FF D8 7F 00 00 02 04 05 B4 01 03 03 01 01 01 ................ 0x0040: 08 0A 21 00 E7 AA A8 E9 57 E4 5C 4B 44 0B ..!.....W.\KD. See nicer and more complete description of fields, in snort's case ... Stef On Wed, 18 Aug 2004 17:42:21 -0400, Matt Kettler <mkettler () evi-inc com> wrote:
At 01:04 PM 8/18/2004, Dean Price wrote:I have what may be a simple question... Can snort be a packet sniffer on a stand alone machine on a non-switched network?Yes, but why? tcpdump is a simpler, smaller and better tool if all you want to do is sniff packets. ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and packet sniffing Dean Price (Aug 18)
- Re: snort and packet sniffing Matt Kettler (Aug 18)
- Re: snort and packet sniffing Stef (Aug 18)
- Re: snort and packet sniffing James Riden (Aug 18)
- Re: snort and packet sniffing Matt Kettler (Aug 19)
- Re: snort and packet sniffing Dean Price (Aug 19)
- Re: snort and packet sniffing Matt Kettler (Aug 19)
- Re: snort and packet sniffing Martin Roesch (Aug 19)
- Re: snort and packet sniffing Matt Kettler (Aug 20)
- Re: snort and packet sniffing Stef (Aug 18)
- Re: snort and packet sniffing Matt Kettler (Aug 18)
- <Possible follow-ups>
- Re: snort and packet sniffing Richard Bejtlich (Aug 18)
- RE: Re: snort and packet sniffing Eric Hines (Aug 18)