Snort mailing list archives
Re: playback question
From: Aaron <lilnick () nepenthes org>
Date: Sat, 10 Nov 2001 21:36:52 -0800 (PST)
Greg,
I think the following will work for you:
snort -vr dumpfile src or dst net 134.117.88.0/20 and proto tcp
This will show all traffic to and from (query and response) your
134.117.88.0/20 network. If you only want to see source or destination,
then only use one of the 'src' or 'dst' keywords.
Thanks,
Aaron
On 9 Nov 2001, Greg Sarsons wrote:
;Okay I haven't got the what I want working yet
;
;I'm trying to play back a file
;
;./snort -vr dumpfile tcp
;
;that is tcp
;
;but I also want to only have traffic with from
;
;outside 134.117.88.0/20 (not from this)
;
;going to 134.117.88.0/20
;
;I couldn't make src and dst work.
;
;FYI The txt output then is piped into another program.
;
;Greg
;
;
;
;
;_______________________________________________
;Snort-users mailing list
;Snort-users () lists sourceforge net
;Go to this URL to change user options or unsubscribe:
;https://lists.sourceforge.net/lists/listinfo/snort-users
;Snort-users list archive:
;http://www.geocrawler.com/redir-sf.php3?list=snort-users
;
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- playback question Greg Sarsons (Nov 09)
- Re: playback question Roelof JT Jonkman (Nov 09)
- Re: playback question Greg Sarsons (Nov 09)
- Re: playback question Roelof JT Jonkman (Nov 09)
- Re: playback question Greg Sarsons (Nov 09)
- Re: playback question Aaron (Nov 10)
- Re: playback question Roelof JT Jonkman (Nov 09)