Snort mailing list archives

Re: snort

From: Dragos Ruiu <dr () kyx net>
Date: Fri, 27 Sep 2002 19:48:55 +0000


On September 28, 2002 01:33 am, MADAMANCHI, RAJESH KUMAR wrote:

hi all,
im new to snort.., i appreciate if someone can help me with my question...,

i just have some huge tcpdump binary files with me. i need the
procedure(using snort) to parse these binary files and get the timestamps
of all the tcp packets with the ACK flag set.

for eg, i want a text file which consists of the timestamp and the 'ID'
value for all the packets with ACK flag set

later my program is supposed to read these timestamps and process....

please someone reply me abt how to do this


(Read Snort Docs and...)
Write a set of snort rules to match the packets you are interested in.
(look at snort man page for command line options and....)
Run snort to and read in the binary files, and to process them - triggering
on the packets your rules specified. Configure snort to output them 
to another binary tcpdump file again which will leave you with
files containing only the packets you want (presumably :-).

cheers,
--dr

-- 
dr () kyx net   pgp: http://dragos.com/kyxpgp
Advance CanSecWest/03 registration available: http://cansecwest.com
"The question of whether computers can think is like the question
  of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: RE: Snort Fallon, Benjamin (Jul 01)
- <Possible follow-ups>
- snort MADAMANCHI, RAJESH KUMAR (Sep 27)
  - Re: snort Dragos Ruiu (Sep 27)