Problem
You are logging your traffic to files, or some other output means, but you also want to view the traffic on the screen.
Solution
Use the -v (verbose) command-line option when running Snort:
C:Snortin>snort -vde -l c:snortlog
Discussion
Using -v on the command line always allows you to see your network traffic. Just remember, this can create a larger load on the CPU of the system running Snort. For networks with high, steady traffic, you probably won't want to run Snort in this mode very often, since it could become overloaded and drop packets.
To see what is going on while your packets are being logged, simply use the -v (verbose) command-line option when running Snort:
C:Snortin>snort -vde -l c:snortlog Running in packet logging mode Log directory = c:snortlog Initializing Network Interface DeviceNPF_ {572FF0E6-9A1E-42B5-A2AF-A5A307B613EF} --= = Initializing Snort = =-- Initializing Output Plugins! Decoding Ethernet on interface DeviceNPF_ {572FF0E6-9A1E-42B5-A2AF-A5A307B613EF} --= = Initialization Complete = =-- -*> Snort! <*- Version 2.2.0-ODBC-MySQL-FlexRESP-WIN32 (Build 30) By Martin Roesch (roesch@sourcefire.com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike@datanerds.net, www.datanerds.net/~mike) 1.8 - 2.x WIN32 Port By Chris Reid (chris.reid@codecraftconsultants.com) 11/01-11:44:37.537461 0:C:F1:11:D:66 -> 0:5:5D:ED:3B:C6 type:0x800 len:0x3E 192.168.100.70:4258 -> 192.168.129.201:4243 TCP TTL:128 TOS:0x0 ID:45294 IpLen:2 0 DgmLen:48 DF ******S* Seq: 0x6C0D8FB0 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK
See Also
Recipe 1.17
Logging Application Data |
Installing Snort from Source on Unix
Logging to a File Quickly
How to Build Rules
Detecting Stateless Attacks and Stream Reassembly
Managing Snort Sensors
Generating Statistical Output from Snort Logs
Monitoring Network Performance
Index