Installing Snort: Packet logger mode

In this installment of Snort Report, learn how to run the open source intrusion detection system in packet logger mode.

Snort's second mode involves acting as a packet logger when given the -l switch and a directory to store traffic.

After sending another ICMP echo while Snort is running, a look in the tests directory reveals a file created by Snort called snort.log.1164036694.

Using the date command's -r switch shows the numeric code after "snort.log" represents the time in seconds when the packet trace was created.

Any Libpcap-compatible sniffer can read the file, such as Tcpdump or even Snort. The -X switch tells Snort to report all packet details.


Snort: Fundamentals and installation tips for the channel

  Introduction
  Installation
  Sniffer mode
 Packet logger mode
  Intrusion detection mode
  Conclusion

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog (taosecurity.blogspot.com).

This was first published in December 2006

Dig deeper on Network security products, technologies, services

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close