Viewing Traffic While Logging

Problem

You are logging your traffic to files, or some other output means, but you also want to view the traffic on the screen.

Solution

Use the -v (verbose) command-line option when running Snort:

C:Snortin>snort -vde -l c:snortlog

 

Discussion

Using -v on the command line always allows you to see your network traffic. Just remember, this can create a larger load on the CPU of the system running Snort. For networks with high, steady traffic, you probably won't want to run Snort in this mode very often, since it could become overloaded and drop packets.

To see what is going on while your packets are being logged, simply use the -v (verbose) command-line option when running Snort:

C:Snortin>snort -vde -l c:snortlog Running in packet logging mode Log directory = c:snortlog Initializing Network Interface DeviceNPF_ {572FF0E6-9A1E-42B5-A2AF-A5A307B613EF} --= = Initializing Snort = =-- Initializing Output Plugins! Decoding Ethernet on interface DeviceNPF_ {572FF0E6-9A1E-42B5-A2AF-A5A307B613EF} --= = Initialization Complete = =-- -*> Snort! <*- Version 2.2.0-ODBC-MySQL-FlexRESP-WIN32 (Build 30) By Martin Roesch (roesch@sourcefire.com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike@datanerds.net, www.datanerds.net/~mike) 1.8 - 2.x WIN32 Port By Chris Reid (chris.reid@codecraftconsultants.com) 11/01-11:44:37.537461 0:C:F1:11:D:66 -> 0:5:5D:ED:3B:C6 type:0x800 len:0x3E 192.168.100.70:4258 -> 192.168.129.201:4243 TCP TTL:128 TOS:0x0 ID:45294 IpLen:2 0 DgmLen:48 DF ******S* Seq: 0x6C0D8FB0 Ack: 0x0 Win: 0x4000 TcpLen: 28 TCP Options (4) => MSS: 1460 NOP NOP SackOK

 

See Also

Recipe 1.17

Logging Application Data

Категории