[Snort-users] Does snort only work in real time mode?

Charles quanxing at ...4668...
Thu Jan 24 11:44:02 EST 2002


Thank you very much! 

Charles


On Thu, 24 Jan 2002, Erek Adams wrote:

> On Thu, 24 Jan 2002, Charles wrote:
> 
> > Mayeb I didn't read the manual more carefully, but I didn't find how I
> > can feed the snort with previously saved data files. Has anyone done it
> > before? what are the command line options if there is any. Your help is
> > highly appreciated!
> 
> Yep, you didn't read very carefully.
> 
> >From "man snort"
> 
> [...snip...]
> 
>      -r tcpdump-file
>           Read the tcpdump-formatted file tcpdump-file. This will
>           cause  Snort  to  read  and process the file fed to it.
>           This is useful if, for instance, you've got a bunch  of
>           SHADOW  files  that you want to process for content, or
>           even if you've got a bunch of reassembled packet  frag-
>           ments  which have been written into a tcpdump formatted
>           file.
> 
> [...snip...]
> 
> Or from "snort -\?"
> 
> [...snip...]
> 
>         -r <tf>    Read and process tcpdump file <tf>
> 
> [...snip...]
> 
> The docs cover a LOT of ground...  It _REALLY_ is suggested you read them!
> *hint*hint*  ;-)
> 
> Hope that helps!
> 
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
> 





More information about the Snort-users mailing list