
	Home > Installing Snort: Packet logger mode

Snort IDS tips for VARs and systems integrators:

EMAIL THIS

Installing Snort: Packet logger mode

29 Dec 2006 | SearchSecurityChannel.com

Digg This!

StumbleUpon

Del.icio.us

Snort's second mode involves acting as a packet logger when given the -l switch and a directory to store traffic.

After sending another ICMP echo while Snort is running, a look in the tests directory reveals a file created by Snort called snort.log.1164036694.

Using the date command's -r switch shows the numeric code after "snort.log" represents the time in seconds when the packet trace was created.

Any Libpcap-compatible sniffer can read the file, such as Tcpdump or even Snort. The -X switch tells Snort to report all packet details.

Snort: Fundamentals and installation tips for the channel

Introduction
Installation
Sniffer mode
Packet logger mode
Intrusion detection mode
Conclusion

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog (taosecurity.blogspot.com).

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2006 - 2009, TechTarget \| Read our Privacy Policy