next up previous contents
Next: 1.3 Packet Logger Mode Up: 1. Snort Overview Previous: 1.1 Getting Started   Contents

1.2 Sniffer Mode

First, let's start with the basics. If you just want to print out the TCP/IP packet headers to the screen (i.e. sniffer mode), try this:

./snort -v
This command will run Snort and just show the IP and TCP/UDP/ICMP headers, nothing else. If you want to see the application data in transit, try the following:

./snort -vd
This instructs Snort to display the packet data as well as the headers. If you want an even more descriptive display, showing the data link layer headers, do this:

./snort -vde
(As an aside, these switches may be divided up or smashed together in any combination. The last command could also be typed out as:

./snort -d -v -e
and it would do the same thing.)