[Snort-users] Log packets in tcpdump format

A.L.Lambert alambert at ...387...
Sun Sep 3 21:43:48 EDT 2000


> Hi there. If I use the -b option, are there an available utilities to
> convert the tcpdump event files into readable logs?

	Yup.  Snort will do it (-r option IIRC), tcpdump will do it,
ethereal will do it, and probably about anything else libpcap based
that'll read input from files instead of live traffic.  Long story short,
yes, lots of stuff will.  Take your pick as to what works for you
(although I might recommend snort itself run on a separate machine from
the one(s) you're using to monitor live traffic; it works quite nicely for
me anyway) :)

	--A.L.Lambert





More information about the Snort-users mailing list