Logging in PCAP Format (TCPDump)

Previous page
Table of content
Next page

Table of contents:

Problem

You want to log your Snort data in PCAP format (TCPDump).

Solution

The Snort log_tcpdump output plug-in allows you to log and store data in PCAP format. Configure the snort.conf file with the name of the TCPDump logfile to use:

# log_tcpdump: log packets in binary tcpdump format

# -------------------------------------------------

# The only argument is the output file name.

#

output log_tcpdump: tcpdump.log

Run Snort in NIDS mode so that it uses the snort.conf file to invoke the output plug-in:

C:Snortin>snort -l c:snortlog -c c:snortetcsnort.conf

 

Discussion

Snort's network architecture is based on the Packet Capture Library (PCAP) and uses libpcap for its underlying data capture. Many network analysis engines, sniffers, and statistics tools can read data in the PCAP format. You can use the log_tcpdump output plug-in to save the data and then view it with tools such as TCPDump and Ethereal.

See Also

http://www.tcpdump.org

http://www.ethereal.com

Logging to Email

Installing Snort from Source on Unix

Logging to a File Quickly

How to Build Rules

Detecting Stateless Attacks and Stream Reassembly

Managing Snort Sensors

Generating Statistical Output from Snort Logs

Monitoring Network Performance

Index


Previous page
Table of content
Next page
Snort Cookbook
Snort Cookbook
ISBN: 0596007914
EAN: 2147483647
Year: 2006
Pages: 167
Authors: Angela Orebaugh, Simon Biles, Jacob Babbin
BUY ON AMAZON
High-Speed Signal Propagation[c] Advanced Black Magic
Introduction to 80x86 Assembly Language and Computer Architecture
PMP Practice Questions Exam Cram 2
InDesign Type: Professional Typography with Adobe InDesign CS2
802.11 Wireless Networks: The Definitive Guide, Second Edition
Special Edition Using FileMaker 8
Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy