Viewing Traffic While Logging

Table of contents:


You are logging your traffic to files, or some other output means, but you also want to view the traffic on the screen.


Use the -v (verbose) command-line option when running Snort:

C:Snortin>snort -vde -l c:snortlog



Using -v on the command line always allows you to see your network traffic. Just remember, this can create a larger load on the CPU of the system running Snort. For networks with high, steady traffic, you probably won't want to run Snort in this mode very often, since it could become overloaded and drop packets.

To see what is going on while your packets are being logged, simply use the -v (verbose) command-line option when running Snort:

C:Snortin>snort -vde -l c:snortlog

Running in packet logging mode

Log directory = c:snortlog


Initializing Network Interface DeviceNPF_



 --= = Initializing Snort = =--

Initializing Output Plugins!

Decoding Ethernet on interface DeviceNPF_



 --= = Initialization Complete = =--


-*> Snort! <*-

Version 2.2.0-ODBC-MySQL-FlexRESP-WIN32 (Build 30)

By Martin Roesch (,

1.7-WIN32 Port By Michael Davis (,

1.8 - 2.x WIN32 Port By Chris Reid 



11/01-11:44:37.537461 0:C:F1:11:D:66 -> 0:5:5D:ED:3B:C6 type:0x800 

len:0x3E -> TCP TTL:128 TOS:0x0 

ID:45294 IpLen:2 0 DgmLen:48 DF

******S* Seq: 0x6C0D8FB0 Ack: 0x0 Win: 0x4000 TcpLen: 28

TCP Options (4) => MSS: 1460 NOP NOP SackOK


See Also

Recipe 1.17

Logging Application Data

Installing Snort from Source on Unix

Logging to a File Quickly

How to Build Rules

Detecting Stateless Attacks and Stream Reassembly

Managing Snort Sensors

Generating Statistical Output from Snort Logs

Monitoring Network Performance


Snort Cookbook
Snort Cookbook
ISBN: 0596007914
EAN: 2147483647
Year: 2006
Pages: 167 © 2008-2020.
If you may any questions please contact us: