[Snort-devel] REPOST: snort can't read from stdin
ak at ...896...
Mon Oct 29 01:01:02 EST 2001
I already posted this to this mailinglist, but since no useful answer
came back, I will explain it again:
I have problems giving snort input via stdin.
tcpdump -w - -s 1500 -i eth0 | ownprogram -preprocess | snort -r -
ERROR => unable to open file "-" for readback: bad dump file format
Fatal Error, Quitting..
tcpdump -w - -s 1500 -i eth0 | file -
tcpdump -w - -s 1500 -i eth0 | ownprogram -proprocess | file -
standard input: tcpdump capture file (little-endian) -
version 2.4 (Ethernet, capture length 1500)
I need this because I'm currently writing a program that preprocesses
the TCP packets, and the construction above makes it easy to do this
"live" or do it with a "prerecorded" tcpdump file.
Some people say I am a terrible person, I'm not, I have the heart of a
young boy, in a jar, on my desk.
-- Stephen King
More information about the Snort-devel