Snort mailing list archives

Re: configure snort to drop payloads

From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 14 Apr 2002 18:37:11 -0700 (PDT)

On Tue, 2 Apr 2002, Lyle Sudin wrote:

Is there an easy way to run snort in packet sniffing
mode which will be able to keep up with a 100MB
connection, log in tcpdump format, and only log the
packet headers?


Yep.

The -b switch seems to keep up with the traffic and
not drop packets but includes the payload in addition
to the headers.  I need to do all the parsing before
writing to disk (both privacy and disk space concerns)
so I am looking for either a switch I am missing or
code to edit.


No editing needed.  Check out the "-P" option.  If you just want headers, in
the same style as TCPdump, then use "-P 64".

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

configure snort to drop payloads Lyle Sudin (Apr 14)
- Re: configure snort to drop payloads Erek Adams (Apr 14)
  - Re: configure snort to drop payloads Lyle Sudin (Apr 16)
    - Re: configure snort to drop payloads Erek Adams (Apr 16)
    - Re: configure snort to drop payloads Lyle Sudin (Apr 17)
    - Re: configure snort to drop payloads Erek Adams (Apr 17)
- Re: configure snort to drop payloads James Hoagland (Apr 17)
  - Re: configure snort to drop payloads Dr. Richard W. Tibbs (Apr 18)
    - Re: configure snort to drop payloads Chris Keladis (Apr 18)
    - Re: configure snort to drop payloads Alex Pinheiro Machado Rodrigues (Apr 18)
    - Re: Re: configure snort to drop payloads Dr. Richard W. Tibbs (Apr 18)
    - Snort sendme email Carlos Augusto Silva (Apr 18)

(Thread continues...)