[Snort-devel] REPOST: snort can't read from stdin

Andreas Krennmair ak at ...896...
Mon Oct 29 01:01:02 EST 2001


Hello!

I already posted this to this mailinglist, but since no useful answer
came back, I will explain it again:

I have problems giving snort input via stdin. 

tcpdump -w - -s 1500 -i eth0 | ownprogram -preprocess | snort -r -

brings me:


ERROR => unable to open file "-" for readback: bad dump file format
Fatal Error, Quitting..

while 

tcpdump -w - -s 1500 -i eth0 | file -

and

tcpdump -w - -s 1500 -i eth0 | ownprogram -proprocess | file -

bring me:

standard input:              tcpdump capture file (little-endian) -
version 2.4 (Ethernet, capture length 1500)

I need this because I'm currently writing a program that preprocesses
the TCP packets, and the construction above makes it easy to do this
"live" or do it with a "prerecorded" tcpdump file.

Best regards,
Andreas Krennmair
-- 
Some people say I am a terrible person, I'm not, I have the heart of a
young boy, in a jar, on my desk. 
  -- Stephen King




More information about the Snort-devel mailing list