PACKET LOGGER MODE

root@dco:~$ sudo snort -dev -l .
 * -v Verbose. Display the TCP/IP output in the console.
 * -d display the packet data (payload).
 * -e Display the link-layer (TCP/IP/UDP/ICMP) headers.
 * the -l creates the logs in the specified directory
    - the above example creates the logs in the 'current directory'
    - the default output directory can be configured in the snort.config file
       - the default log directory is useful for continuous monitoring operations, and the "-l" parameter is much more useful for testing purposes. 

root@dco:~$ sudo snort -dev -K ASCII
 * the -K specifies the output format for logged packets.
 * the output will be stored in a readable ASCII format instead of binary data
 
 * this method is useful when tools to parse PCAP are unavailable
    - the output can be read by any text editor tools or via the cat utility

root@dco:~$ sudo snort -r snort.log.1638459842 -ntc 10
 * the -r is used to read a binary log file such as pcaps
    - the "-r" parameter also allows users to filter the binary log files
    - the filter is used to see specific packets; think Berkeley Packet Filter (BPF)
       - sudo snort -r logname.log -X
         sudo snort -r logname.log icmp
         sudo snort -r logname.log tcp
         sudo snort -r logname.log 'udp and port 53'
 * the -n Specifies the number of packets to process.
    - Useful for debugging or quickly inspecting a sample from the captured traffic
 * the -t Suppresses timestamp printing in the packet output.
    -Reduces clutter by omitting timestamp details from the analysis output.
    - Useful when timestamps are not relevant to your specific analysis.
 * the -c Enables packet counting during processing.
    - Shows how many packets have been processed in real-time.
    - Useful for monitoring progress, especially with large packet capture files.