Snort mailing list archives

Previous By Date Next
Previous By Thread Next

-b binary capture]

From: Greg Sarsons <gsarsons () home com>
Date: Fri, 28 Sep 2001 16:22:51 -0400
 I see that snort by default with binary dump captures 1514.  Well this
 is just to much for my little 30 Gig hard drive on a busy school
 network.  I'm going to do some analysis with snort after but will also
 be using tcptrace, ipfw and a few others.
 
 If I grab 10%, say 150 vice 1514, will I really be limiting what I can
 do after?  Doesn't tcpdump by default grab 68.
 
 The traffic bw from what I know on the network has peaked at about
 20Mb/sec but the average seems to be 11Mb/sec.  If I plug into another
 smaller subnet the traffic bw could drop even more.
 
 Again this has got to fit on a 30Gig drive.  The more days that I can
 capture the better for the statistics.  Filling the hard drive in only
 one day doesn't really give a nice look.
 
 Any recommendations?
 
 Greg

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: