Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How can I configure my system to log the raw packets that are associated with the infection profile that BotHunter generates?

0
Posted

How can I configure my system to log the raw packets that are associated with the infection profile that BotHunter generates?

0

For Unix-based systems, we recommend that you read Section 1.3 of the Snort manual on how to log packets. You can then tweak the configuration file, runsnort.csh (in the BotHunter directory), which is installed and called by BotHunter, to force Snort to log packets. The simplest way to do this is to modify the “snortargs” variable definition inside runsort.csh. You should exclude the -N option, and use the -L option to specify the tcpdump log file where you wish to store those packets that are alerted on by Snort. Note that the more processing Snort is asked to do, the higher the probability that packets will be dropped by the kernel and the NIC.

Related Questions

Thanksgiving questions

*Sadly, we had to bring back ads too. Hopefully more targeted.