Snort mailing list archives
Re: Showing dump of only matched paquets.
From: "ab1197590 () gmail com" <ab1197590 () gmail com>
Date: Tue, 22 Mar 2011 18:49:45 -0400
Does it work as you would have hoped if you specify an expression?
From the man page:
expression
selects which packets will be dumped. If no expression is
given, all packets on the net will be dumped. Otherwise, only
packets for which expression is `true' will be dumped.
On Sat, Mar 19, 2011 at 7:27 PM, Gustavo Guillermo Perez
<gustavo () compunauta com> wrote:
Hello dear list, I'm trying to setup snort to make a little sniffer, and I need something like -dv but only with the rules matched not wit all the paquets. The rules works so fine and logs into the log file excellent and I can read the log with -dv -r /var/log/snort/snort.logxxxx wit only matched packets but not in realtime, there is any way to do this in realtime?, it means to show the HEX output with all info but only with mached packets? Best regards in advance. -- Gustavo Guillermo Perez http://www.compunauta.com http://www.compunauta.net http://anuncios.compunauta.net ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Showing dump of only matched paquets. Gustavo Guillermo Perez (Mar 19)
- Re: Showing dump of only matched paquets. ab1197590 () gmail com (Mar 22)
- Re: Showing dump of only matched paquets. Russ Combs (Mar 22)
- Re: Showing dump of only matched paquets. Gustavo Guillermo Perez (Mar 22)
- Re: Showing dump of only matched paquets. Gustavo Guillermo Perez (Mar 22)
- Re: Showing dump of only matched paquets. Russ Combs (Mar 22)
- Re: Showing dump of only matched paquets. Gustavo Guillermo Perez (Mar 22)
- Re: Showing dump of only matched paquets. Russ Combs (Mar 22)
- Re: Showing dump of only matched paquets. ab1197590 () gmail com (Mar 22)
- Re: Showing dump of only matched paquets. Russ Combs (Mar 22)
- Re: Showing dump of only matched paquets. ab1197590 () gmail com (Mar 22)