TCP reassembly question

[cha test <c () mickeyfan com>]

Hello!

I've saved (in tcpdump format) quite a few code red worms.  Using Ethereal's tcp reassembly tool, I've dumped three of 
them to files.  It was interesting to see that there were differences between the worms.

Now, I'd like to use the tcp reassembly features of snort to dump all of the worms to separate files for comparison.

Can anyone suggest a way to do that with snort?

Thanks!

_____________________________________________________________
Get your own free Mickeyfan.com email address!!
DisneySites!! - http://www.disneysites.com/webmail/mickeyfan

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users