Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Get one specific attack dump from snort dump file.

from [Joel Esler] Network Security [Permanent Link]
Subject: Re: [Snort-users] Get one specific attack dump from snort dump file.
Date: Sat, 5 Jan 2008 10:57:10 -0500 
You can use Snort or tcpdump to read the pcap files back.

use the -r tag in order to read the contents of the file.

For example.  Snort -r snort_tcpdump.log

J


On Sat, Jan 05, 2008 at 11:28:22AM -0200, it looks like Jorge Luiz Corrêa sent 
me:

Hello World. This is my first post.

I have looked for in the last time a manner to get one specific attack 
information from the snort dump file. So, I didn't find it. :/

For example, my snort is configured to gather packets on 
snort_tcpdump.log and alerts on alert.log. When I see one alert in 
alert.log, I need to get the packets from snort_tcpdump.log related to 
this alert. Someone can help me? Do exist one possibility to do this?

For example, I need a system very similar to that present in Honeywall 
CDROM (Honeynet Project). In this tool is possible to visualize the 
occurrences of alerts. By clicking on alerts we can choose a 'decode 
packets' option that show exactly the packets of this alert.

Is there an option like this on snort or tcpdump? I think this operation 
is performed by a set os perl scripts on Honeywall tool.

Thank for all.
:)

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





--

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Snort & MySQL, Jason Brvenik
Next by Date:  Re: [Snort-sigs] Sourcefire VRT Certified Snort Rules Update, rmkml
Previous by Thread:  [Snort-users] Get one specific attack dump from snort dump file., Jorge Luiz Corrêa
Next by Thread:  [Snort-users] Snort & MySQL, UxBoD
Indexes:  [Date] [Thread] [Top] [All Lists]