Snort mailing list archives

Re: Snort outputing like tcpdump

From: Erek Adams <erek () snort org>
Date: Fri, 17 Jan 2003 08:54:13 -0500 (EST)

On Thu, 16 Jan 2003, Christopher Lyon wrote:

Can I have Snort output all packets that it sees to sql is the same
format that tcpdump uses?


[...snip...]

I don't care about the payload just the raw stats. Any idea?


It depends on what you want.

tcpdump has a snaplen of 68 as a default.  Snort uses 1514 as a default.
You can change that with the -P parameter.

Depending on what you want, snort can and will send the same data to the
DB.  The output doesn't really matter since it's going into a db.  You
could modify the db output plugin, but that's a whole different thing!

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by: Thawte.com
Understand how to protect your customers personal information by implementing
SSL on your Apache Web Server. Click here to get our FREE Thawte Apache 
Guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0029en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort outputing like tcpdump Christopher Lyon (Jan 16)
- Re: Snort outputing like tcpdump Erek Adams (Jan 17)
- <Possible follow-ups>
- RE: Snort outputing like tcpdump Gonzalez, Albert (Jan 17)
- RE: Snort outputing like tcpdump Christopher Lyon (Jan 17)
  - RE: Snort outputing like tcpdump Erek Adams (Jan 17)
  - IM Logging - How to? Angel Gabriel (Jan 17)
    - RE: IM Logging - How to? Kevin Pietersma (Jan 17)