Snort mailing list archives
RE: HTTP Packet Capture
From: "O'Flynn, Derek" <DOFlyn () lsuhsc edu>
Date: Wed, 29 Oct 2003 16:12:21 -0600
You can use urlsnarf from the dsniff collection, it will log every URL from a particular IP. You can't "recreate" the traffic, but it'll log where they go, and then you can pull it up for them and say, why were you looking at this... Derek -----Original Message----- From: Matt Kettler [mailto:mkettler () evi-inc com] Sent: Wednesday, October 29, 2003 12:34 PM To: Jim VanEtten; snort-users () lists sourceforge net Subject: Re: [Snort-users] HTTP Packet Capture At 12:19 PM 10/29/2003, you wrote:
Has anyone heard of a tool that uses Snort to capture http traffic to a certain site and give the capabilities to view step by step and page by page what the users are doing. For example if my kids are posting to a web based chat or newsgroup can I keep a log of their interaction and play it back later. Hope my question makes sense, any help would be appreciated. If there is no product I may want to start developing one but I don't want to reinvent the wheel.
This is really a job for dnsiff, or a similar sniffing tool, not snort. Even tcpdump would be a significantly more appropriate tool for this kind of work than snort is. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HTTP Packet Capture Jim VanEtten (Oct 29)
- Re: HTTP Packet Capture Mark Nipper (Oct 29)
- Message not available
- Re: HTTP Packet Capture Matt Kettler (Oct 29)
- <Possible follow-ups>
- RE: HTTP Packet Capture O'Flynn, Derek (Oct 29)