Subject: Re: tcpdump script From: brad <brad@ispn.net> Date: Thu, 29 May 2003 15:02:49 -0500 Message-Id: <1054238550.18729.44.camel@Darkmatter>
On Thu, 2003-05-29 at 14:51, numa@thenuma.com wrote:
> Actually my tool preference is not tcpdump but snort, it is easier to deal
> with. Now, as far as doing this. two words sed and awk. Yeah, the docs
> are a PAIN IN THE ASS, but they are super powerful tools. The cool thing
> is, is that you can straight dump tcpdump INTO sed, so that it will create
> a new file as it goes. Cool. then in say a month or whatever, switch
> over. Also, it would be nice to switch the users to the new setup as they
> go, so you may look into adding a flag to the pop3 chat for those on the
> new system such that once they are migrated it no longer tries to keep
> adding their passworkd. KRis
Yeah, I was in the process of learning sed and awk and you are right
about the docs, but I can see you are also right about the power of
them. Snort seems almost TOO powerful to use....overkill just for pop3
passes.
Thanks again,
Brad