[Snort-users] Generating alert when reading tcpdump file
xun_tang at ...131...
Wed Jul 3 13:52:02 EDT 2002
I got some tcpdump data from various network to
analyze. I am able to start snort to read those
tcpdump files with the following command and gererate
snort -A full -v -d -h home_net -l /var/log/snort -r
But the "-A full" didn't work. I only got an empty
alert file although I can see attacks in the tcpdump
The question is whether snort can generate alerts
when reading tcpdump files(in playback mode)?
Any idea would be appreciated.
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
More information about the Snort-users