Logging in PCAP Format (TCPDump)

Previous page
Table of content
Next page

Table of contents:

Problem

You want to log your Snort data in PCAP format (TCPDump).

Solution

The Snort log_tcpdump output plug-in allows you to log and store data in PCAP format. Configure the snort.conf file with the name of the TCPDump logfile to use:

# log_tcpdump: log packets in binary tcpdump format

# -------------------------------------------------

# The only argument is the output file name.

#

output log_tcpdump: tcpdump.log

Run Snort in NIDS mode so that it uses the snort.conf file to invoke the output plug-in:

C:Snortin>snort -l c:snortlog -c c:snortetcsnort.conf

 

Discussion

Snort's network architecture is based on the Packet Capture Library (PCAP) and uses libpcap for its underlying data capture. Many network analysis engines, sniffers, and statistics tools can read data in the PCAP format. You can use the log_tcpdump output plug-in to save the data and then view it with tools such as TCPDump and Ethereal.

See Also

http://www.tcpdump.org

http://www.ethereal.com

Logging to Email

Installing Snort from Source on Unix

Logging to a File Quickly

How to Build Rules

Detecting Stateless Attacks and Stream Reassembly

Managing Snort Sensors

Generating Statistical Output from Snort Logs

Monitoring Network Performance

Index


Previous page
Table of content
Next page
Snort Cookbook
Snort Cookbook
ISBN: 0596007914
EAN: 2147483647
Year: 2006
Pages: 167
Authors: Angela Orebaugh, Simon Biles, Jacob Babbin
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Qshell for iSeries
Adobe After Effects 7.0 Studio Techniques
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
.NET System Management Services
VBScript in a Nutshell, 2nd Edition
Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy