Evani you need to hash our pfring-daq module in order to write to file packets with a negative verdict from snort, if I understand correctly. You can see as example our pfwrite sample application.
Alfredo > On 25 Sep 2015, at 06:53, Evani Sitaram <[email protected]> wrote: > > Hello Alfredo, > > Currently what I doing is I am running snort to verify the packets and > if any packets match my snort rules then I am are using pfring to drop the > packets(move them to a folder, this is what I mean by fails to drop) so > that i can perform some analysis on these packets. However currently I am > able to do so with DAQ but not with PFRING. Is this currently possible > with PFRING? Can you please provide me with some insight in this matter as > i would like to use this product to finish configuring my system. Any help > you can provide will be extremely appreciated. > > Thanks > Evani Ram > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
