[Snort-users] Get one specific attack dump from snort dump file.

From: Jorge Luiz Corrêa <jorge_at_nospam>
Date: Sat Jan 05 2008 - 13:28:22 GMT
To: snort-users@lists.sourceforge.net

Hello World. This is my first post.

I have looked for in the last time a manner to get one specific attack information from the snort dump file. So, I didn't find it. :/

For example, my snort is configured to gather packets on snort_tcpdump.log and alerts on alert.log. When I see one alert in alert.log, I need to get the packets from snort_tcpdump.log related to this alert. Someone can help me? Do exist one possibility to do this?

For example, I need a system very similar to that present in Honeywall CDROM (Honeynet Project). In this tool is possible to visualize the occurrences of alerts. By clicking on alerts we can choose a 'decode packets' option that show exactly the packets of this alert.

Is there an option like this on snort or tcpdump? I think this operation is performed by a set os perl scripts on Honeywall tool.

Thank for all.
:)

This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

This message: [ Message body ]
Next message: UxBoD: "[Snort-users] Snort & MySQL"
Previous message: Todd Wease: "Re: [Snort-users] custom ruletype (to mysql DB) is broken in snort 2.8.0.1"
Next in thread: Joel Esler: "Re: [Snort-users] Get one specific attack dump from snort dump file."
Reply: Joel Esler: "Re: [Snort-users] Get one specific attack dump from snort dump file."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]