Snort mailing list archives
Re: snort and tcpdump
From: David Bellizzi <dbelliz () angmar com>
Date: Fri, 08 Feb 2002 00:21:20 -0800
Try snort -dve <insert your tcpdump filters here> and see what you get. db Ganu Skop wrote:
hi all, got this matter to solve; anyone got a paper/reference on tcpdump and snort - a reference need it pretty badly. as in my opinion, tcpdump by default only capture 60 bytes of data (no payload) and we need to do the filter based on abnormal packet behaviour - more or less like shadow ids. where as snort has all the feature with rules , stream assembly and etc. therefore it's better to run snort than capture tcpdump and load it back to snort ..right ? need ur feedback ===== //skopganu __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: listening on two interfaces Poppi, Sandro (Feb 06)
- snort and tcpdump Ganu Skop (Feb 07)
- Re: snort and tcpdump David Bellizzi (Feb 08)
- Re: snort and tcpdump John Sage (Feb 08)
- <Possible follow-ups>
- AW: listening on two interfaces Poppi, Sandro (Feb 07)
- snort and tcpdump Ganu Skop (Feb 07)