[Oisf-users] Suricata's ability to capture the packet?

Cooper F. Nelson cnelson at ucsd.edu
Wed Sep 9 20:14:38 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That is provided by the 'unified2' logging described in the
suricata.yaml file.

Snort ships with a utility (u2boat) that can extract the raw packet
captures from the unified2 files.

- -Coop

On 9/9/2015 12:17 PM, Saxena, Samiksha wrote:
> Hi,
> 
>  
> 
> We’re working on the project to bring Suricata as the IDS/IPS instead of
> using Snort.
> 
> One question I have is, I was told that Snort have the ability to
> capture the packet and write it into the log file if it is match with
> one of the existing signature.
> 
> For example, when this is a packet that match our rule, an alert event
> will be generated and following by the hex encoded packet capture. Then
> somebody can decode it and see a snippet in pcap ascii output or something.
> 
>  
> 
> I’m pretty new to IDS/IPS system, and not sure how exactly Snort does
> this (maybe the ‘log’ action in rule?). I’m wondering this there any
> similar functionality the Suricata provide?
> 
>  
> 
> 
> Thanks
> 
> Samiksha
> 
> 
> 
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
> 


- -- 
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJV8JMuAAoJEKIFRYQsa8FWEy4IAMdlau1fMSocdfU/bgbFmk2A
ymPguLz9oZAerCu6bhKwv9UFHO1amJg1ulF3GYgIf5Wl+fkAXtGFY3JPx9o0j5Cy
sQhzC8hqfBbUkH/Eywgj4bymjDtBq/1EWnH7eZ920xqsT2DiBouZ3MqdD0uB5JU6
5dqCecvjOOgCIN0lnXxyiZUvWavWExNXb/FoFoGfzIAgf9w40BGllHPLsF+S1EGV
XDW05u4ULDQIV2+0rz5DHdrhn2RiRgvdOZLS9V6gNNCDHuMjryQ0+qxMLbeR+CyG
kF7za1s9SJeoSRe7Hw0YuE5JFbf9IMF3Q1rnXogrslPACYbqAjFvYhjc9IS0Pzc=
=6lCe
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list