[unisog] Snort woes
andreaso at it.su.se
Mon Jan 24 21:13:13 GMT 2005
On Mon, 24 Jan 2005, Michael Holstein wrote:
> PS : while we're on the subject, does anyone know of a frontend for the
> snort_db that can graphically reassemble the packets generated under the
> 'tag' directive? Or an easy to post-process them into a tcpdump file (without
> using the binary mode)?
You could extract the payload from the db, reformat it, and pass it to
text2pcap (a tool distributed with Ethereal) to create a tcpdump file.
This is how Pigris does it when opening alerts in Ethereal etc. It's
kind of a quick and dirty hack but still very useful for some purposes,
although I'd use real pcap logging in parallel anyway.
 Just some screenshots for the interested:
More information about the unisog