Hosting Provided By

[Snort-devel] Problems with finding original data packets?

From: ANDREW TING ZHOU <azhou(at)cs.dal.ca>
Date: Thu Jul 17 2003 - 13:42:14 EDT

I'm trying to read original data packets in terms of the source/target IP in the alert file. Original data packets are not always kept in same place, sometime in source directories and sometime in target directories.

Is there a way that I can find original data packets from the alert file? What is the naming convention for files in source/target directories?

Thanks!

Andrew

This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Fri Jul 18 09:01:59 2003

This message: [ Message body ]
Next message: Erek Adams: "Re: [Snort-devel] Problems with finding original data packets?"
Previous message: Paul Whittenburg: "Re: [Snort-devel] Bus error w/ Snort 2.0"
Next in thread: Erek Adams: "Re: [Snort-devel] Problems with finding original data packets?"
Reply: Erek Adams: "Re: [Snort-devel] Problems with finding original data packets?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:06 EDT