Snort mailing list archives
Re: whether wireshark can be integrated with snort??
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Sun, 24 May 2009 10:46:37 -0400
On Sat, May 23, 2009 at 4:04 PM, Stephen Mullins <steve.mullins.work () gmail com> wrote:
I would suggest you use Sguil with Snort and you can launch wireshark from Sguil if needed. Or you could use an inline network TAP on the cable running from the SPAN port to the Wireshark box to "split" the signal so it goes to both the Snort sensor and the Wireshark box. Steve Mullins On Tue, May 19, 2009 at 12:01 PM, Sadanand Ghagare <sadanandgh () gmail com> wrote:Hi We are in process to implement snort as network sensor in our network. But problem here is, we already have wireshark machine connected to monitoring port of switch and we don't want to disturb existing setup. So whether it is possible to integrate snort with wireshark so that snort can analyze the packets captured by wireshark as per snort rule base. If yes, how to configure it. I hope I am up to the point for my requirements.
Ignoring all the drawbacks of using a windows box for this, I have to know exactly what the wireshark instance is doing? Is someone really looking at the data? Is wireshark being used to dump out all traffic so that someone can go back and look at it later? Is someone watching it real time? -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- whether wireshark can be integrated with snort?? Sadanand Ghagare (May 19)
- Re: whether wireshark can be integrated with snort?? Joel Esler (May 19)
- Re: whether wireshark can be integrated with snort?? Sadanand Ghagare (May 19)
- Re: whether wireshark can be integrated with snort?? Stephen Mullins (May 23)
- Re: whether wireshark can be integrated with snort?? Nigel Houghton (May 24)
- Re: whether wireshark can be integrated with snort?? Sadanand Ghagare (May 25)
- Re: whether wireshark can be integrated with snort?? Nigel Houghton (May 25)
- Re: whether wireshark can be integrated with snort?? Nigel Houghton (May 24)
- Re: whether wireshark can be integrated with snort?? Joel Esler (May 19)