[Snort-users] Generating alert when reading tcpdump file

tang xun xun_tang at ...131...
Wed Jul 3 13:52:02 EDT 2002

Hi All,
     I got some tcpdump data from various network to
analyze. I am able to start snort to read those
tcpdump files with the following command and gererate

snort -A full -v -d -h home_net -l /var/log/snort -r

    But the "-A full" didn't work. I only got an empty
alert file although I can see attacks in the tcpdump

    The question is whether snort can generate alerts
when reading tcpdump files(in playback mode)?

     Any idea would be appreciated.

Sincerely yours

Xun Tang

Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free

More information about the Snort-users mailing list