|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ganu Skop (skopganu
yahoo.com)Date: Fri Feb 08 2002 - 01:03:49 CST
hi all,
got this matter to solve;
anyone got a paper/reference on tcpdump and snort - a
reference need it pretty badly.
as in my opinion, tcpdump by default only capture 60
bytes of data (no payload) and we need to do the
filter based on abnormal packet behaviour - more or
less like shadow ids.
where as snort has all the feature with rules , stream
assembly and etc.
therefore it's better to run snort than capture
tcpdump and load it back to snort ..right ?
need ur feedback
=====
//skopganu
__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]