Snort mailing list archives
Re: whether wireshark can be integrated with snort??
From: Sadanand Ghagare <sadanandgh () gmail com>
Date: Mon, 25 May 2009 16:50:55 +0530
Hi Nigel, Wireshark box has been used by sys-admin and that directly connected to mirrored port. They use that box to monitor traffic. I am totally unaware about whether they dump the data or they use it in real time. But to make snort working I can ask them to do it. Regards, Sadanand On Sun, May 24, 2009 at 8:16 PM, Nigel Houghton <nhoughton () sourcefire com>wrote:
On Sat, May 23, 2009 at 4:04 PM, Stephen Mullins <steve.mullins.work () gmail com> wrote:I would suggest you use Sguil with Snort and you can launch wireshark from Sguil if needed. Or you could use an inline network TAP on the cable running from the SPAN port to the Wireshark box to "split" the signal so it goes to both the Snort sensor and the Wireshark box. Steve Mullins On Tue, May 19, 2009 at 12:01 PM, Sadanand Ghagare <sadanandgh () gmail com>wrote:Hi We are in process to implement snort as network sensor in our network.Butproblem here is, we already have wireshark machine connected tomonitoringport of switch and we don't want to disturb existing setup. So whether it is possible to integrate snort with wireshark so thatsnortcan analyze the packets captured by wireshark as per snort rule base. If yes, how to configure it. I hope I am up to the point for my requirements.Ignoring all the drawbacks of using a windows box for this, I have to know exactly what the wireshark instance is doing? Is someone really looking at the data? Is wireshark being used to dump out all traffic so that someone can go back and look at it later? Is someone watching it real time? -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/
-- Thanks & Regards Sadanand G.
------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- whether wireshark can be integrated with snort?? Sadanand Ghagare (May 19)
- Re: whether wireshark can be integrated with snort?? Joel Esler (May 19)
- Re: whether wireshark can be integrated with snort?? Sadanand Ghagare (May 19)
- Re: whether wireshark can be integrated with snort?? Stephen Mullins (May 23)
- Re: whether wireshark can be integrated with snort?? Nigel Houghton (May 24)
- Re: whether wireshark can be integrated with snort?? Sadanand Ghagare (May 25)
- Re: whether wireshark can be integrated with snort?? Nigel Houghton (May 25)
- Re: whether wireshark can be integrated with snort?? Nigel Houghton (May 24)
- Re: whether wireshark can be integrated with snort?? Joel Esler (May 19)