Snort mailing list archives
Re: How to know what is "any" ip address???
From: zT <zzahra88 () gmail com>
Date: Mon, 2 Feb 2015 17:13:13 +0330
sorry i made a mistake, that's work fine. thank you On Mon, Feb 2, 2015 at 5:09 PM, zT <zzahra88 () gmail com> wrote:
i add your code at the end of my sonrt.conf file but this error occur: ERROR: /etc/snort/snort.conf(686) Unknown output plugin: "log_tcpdump /etc/snort/tcp_logfile" Fatal Error, Quitting.. On Mon, Feb 2, 2015 at 5:01 PM, Jack Pepper < pepperjack () afferentsecurity com> wrote:put this in your config file: output log_tcpdump tcp_logfile On Mon, Feb 2, 2015 at 7:11 AM, zT <zzahra88 () gmail com> wrote:hello all i use alert tcp any any -> any any (msg:"network found in packet content!!!"; content:"network"; sid:10000; ) when snort find a packet with FB content i want to which ip address this packet is comes from (ip header of packet) and store this packet( it content and headers) in a file. how can do this ? With Regards. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- [Snort-users] How to know what is "any" ip address??? zT (Feb 02)
- Re: How to know what is "any" ip address??? Jack Pepper (Feb 02)
- Re: How to know what is "any" ip address??? zT (Feb 02)
- Re: How to know what is "any" ip address??? zT (Feb 02)
- Re: How to know what is "any" ip address??? zT (Feb 02)
- Re: How to know what is "any" ip address??? waldo kitty (Feb 03)
- Message not available
- Re: How to know what is "any" ip address??? waldo kitty (Feb 05)
- Message not available
- Re: How to know what is "any" ip address??? Jack Pepper (Feb 02)