[Snort-users] Re-read snort trace with Snort ?

Wayne Veilleux et Lucienne Bolduc wayne.veilleux at ...732...
Wed Nov 29 15:07:25 EST 2000


Hi:

Is it possible to read a file as input with Snort when 
the file was made by a regular snort-1.6.3 output like
this (I know there is a -r option for raw tcpdump file):

09/08-00:26:50.214297 64.229.196.119:3612 -> 131.195.217.142:2047
TCP TTL:116 TOS:0x0 ID:25989  DF
21SFRP** Seq: 0xA9FC05   Ack: 0x1A80080   Win: 0x5010
E2 41                                            .A
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
09/08-01:16:35.034978 131.195.217.218:1095 -> 207.172.3.46:119
TCP TTL:126 TOS:0x0 ID:34870  DF
21SFRPAU Seq: 0x33D6C   Ack: 0x960219C9   Win: 0x5010
04 47 00 77 00 03 3D 6C 96 02 19 C9 00 FF 50 10  .G.w..=l......P.
22 38 6C 99 20 20 20 20 20 00                    "8l.     .
 
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
09/08-01:20:07.832604 131.195.217.218:1095 -> 207.172.3.46:119
TCP TTL:126 TOS:0x0 ID:13173  DF
21SFRPAU Seq: 0x340CC   Ack: 0x197FE   Win: 0x5010
22 38 3D 07 20 20 20 20 20 00                    "8=.     .
                                                                                

Thanks

Wayne



More information about the Snort-users mailing list