RE: HTTP Packet Capture

["O'Flynn, Derek" <DOFlyn () lsuhsc edu>]

You can use urlsnarf from the dsniff collection, it will log every URL from
a particular IP.  You can't "recreate" the traffic, but it'll log where they
go, and then you can pull it up for them and say, why were you looking at
this...

Derek

-----Original Message-----
From: Matt Kettler [mailto:mkettler () evi-inc com] 
Sent: Wednesday, October 29, 2003 12:34 PM
To: Jim VanEtten; snort-users () lists sourceforge net
Subject: Re: [Snort-users] HTTP Packet Capture

At 12:19 PM 10/29/2003, you wrote:
> Has anyone heard of a tool that uses Snort to capture http traffic to
> a certain site and give the capabilities to view step by step and page
> by page what the users are doing.
>
> For example if my kids are posting to a web based chat or newsgroup can
> I keep a log of their interaction and play it back later.
>
> Hope my question makes sense, any help would be appreciated. If there is
> no product I may want to start developing one but I don't want to
> reinvent the wheel.


This is really a job for dnsiff, or a similar sniffing tool, not snort.

Even tcpdump would be a significantly more appropriate tool for this kind 
of work than snort is.



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users