can ACID be configured to show packets that does not meet any alerts?

["loveshinobi" <loveshinobi () yahoo com>]

hi all,

now i noe tat ACID can show me the payload of a packet that triggers the
alert in my ruleset. the thing is sometimes i feel tat showing the contents
of only 1 (the offending) packet is not enuf. i want to show the payloads of
the offending packet + the next (say) 5 packets after the offending packet
(say for the purpose of investigation).

i noe that by using the activate/dynamic rule, i can configure snort to log
down the next 5 packets after the first offending packet matches the
signature of an alert. question is, how will this show up in ACID? the thing
is that the 2nd to 6th packet no longer matches any alerts... can i still
see them in ACID? if not, how do i configure ACID so that i can see them as
well...

i realise that i can experiment and then see the results but... i am in the
midst of re-installing ACID with SSL but there's something error going on
and i can't get it up and sigh! my boss wants an answer about this issue
fast so i hv no choice but to email the list...

apologies people if this seems a dumb question...

cheers!


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users