Snort mailing list archives
Re: how to convert payload data from MySQL data table to tcpdump formated data?
From: Erek Adams <erek () snort org>
Date: Wed, 22 Oct 2003 13:47:56 -0400 (EDT)
On Wed, 22 Oct 2003, samwun wrote:
I got the following snort data install in the Data table in MySQL: | 1 | 2082 | 485454502F312E312034303320466F7262696464656E0D0A446174653A205765642C2032 32204F637420323030332031333A35363A333420474D540D0A5365727665723A20417061 6368652F322E302E3430202852656420486174204C696E7578290D0A4163636570742D52 616E6765733A2062797465730D0A436F6E74656E742D4C656E6774683A20323839380D0A 436F6E6E656374696F6E3A20636C6F73650D0A436F6E74656E742D547970653A20746578 742F68746D6C3B20636861727365743D49534F2D383835392D310D0A0D0A | How can I convert the above data_payload to a tcpdump formatted file like the following tcpdump command: Tcpdump -vv -X , which should include Hex data on the left and text at the right.
If you just want to read the data, just re-run Snort over your binary
file--No need to deal with the MySQL data.
snort -dvr <pcap_file>
If you have to use tcpdump, change the snaplen.
Cheers!
-----
Erek Adams
"When things get weird, the weird turn pro." H.S. Thompson
-------------------------------------------------------
This SF.net email is sponsored by OSDN developer relations
Here's your chance to show off your extensive product knowledge
We want to know what you know. Tell us and you have a chance to win $100
http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- byte_test and Snortcenter John Hally (Oct 14)
- RE: byte_test and Snortcenter snort (Oct 16)
- [Snort-Users] Patching Snort with SnortSAM DaniƩl Haslinger (Oct 19)
- script to extract payload info from mysql snort table samwun (Oct 19)
- error in running SnortSnarf samwun (Oct 19)
- Re: [Snort-Users] Patching Snort with SnortSAM Frank Knobbe (Oct 19)
- how to populate snort payload data to MySQL? samwun (Oct 22)
- RE: how to populate snort payload data to MySQL? Jeff Dell (Oct 22)
- RE: how to populate snort payload data to MySQL? samwun (Oct 22)
- how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 22)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Erek Adams (Oct 22)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Sam Wun (Oct 23)
- Distributed tcpdump output log file from snort. sam (Oct 23)
- [Snort-Users] Patching Snort with SnortSAM DaniƩl Haslinger (Oct 19)
- RE: byte_test and Snortcenter snort (Oct 16)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Martin Olsson (Oct 24)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Martin Olsson (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? Jeff Dell (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- Re: how to populate snort payload data to MySQL? Kenneth G. Arnold (Oct 23)
- RE: how to populate snort payload data to MySQL? samwun (Oct 22)