Re: Reporting packet number

[Beenish Raza <beenish.raza () hotmail com>]

When I use _A , I get something like this:
08/15-17:27:48.482649  [**] [1:500020:0] Rule no.20 [**] [Priority: 0] {TCP} 244.85.5.101:443 -> 10.34.6.10:38835

Can you please tell me where is the packet number in this?
From: bbantwal () cisco com
To: beenish.raza () hotmail com; snort-devel () lists sourceforge net
Subject: Re: [Snort-devel] Reporting packet number
Date: Thu, 22 May 2014 00:21:18 +0000









You can use the option –A console:test (which outputs the packet number along with the alert to console) or use –A 
alert to log to a file.



Thanks!


From: Beenish Raza <beenish.raza () hotmail com>

Date: Wednesday, May 21, 2014 6:09 PM

To: "snort-devel () lists sourceforge net" <snort-devel () lists sourceforge net>

Subject: [Snort-devel] Reporting packet number







I am matching a set of regular expressions against a large pcap file. I want snort to report the original packet number 
(like 10th packet of the pcap file reported match) as well when it gives alerts. What command I need to use to do this?



------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!