|
getpacket − Program to build a pcap packet from a snort database. |
|
getpacket [−ahtvz] [−c <config>] −C CounterID −S SensorID [−w DumpFile] |
|
getpacket tries to create a pcap based network
packet from a snort database based on the sensor ID and the
counter ID. |
|
−a |
Build a pcap file of all packets with the same revision (tagged packets) which contain SID and CID. The option −t is automatically activated. Therefore you need an extended database scheme (see README.payload). |
|
−c <config> |
|
Use the file config as configuration file. In this
file the options for the database access must be set. The
default is the file getpacket.conf in the
configuration directory mentioned during installation. See
getpacket.conf(5) for more details. |
|
−C CountID |
|
Sets the CID for the packet which should be rebuild, see option −S. This option is required. |
|
−S SensorID |
|
Sets the SID for the packet which should be rebuild, see option −C. This option is required. Both, SID and CID build the unambigous key to find the packet in the database. |
|
−h |
Print a help message and exit. |
||
|
−t |
Build a pcap file of all packets with the same revision (tagged packets) starting with SID and CID. Therefore you need an extended database scheme (see README.payload). |
||
|
−v |
Output version information and exit. |
|
−w DumpFile |
|
Sets the name for the file where the pcap data should be stored. The special file ’−’ represents stdout. The default is to use the file "/var/tmp/dump". |