[Snort-users] Generating alert when reading tcpdump file

tang xun xun_tang at ...131...
Wed Jul 3 13:52:02 EDT 2002


Hi All,
     I got some tcpdump data from various network to
analyze. I am able to start snort to read those
tcpdump files with the following command and gererate
logs.

snort -A full -v -d -h home_net -l /var/log/snort -r
tcpdump_file.

    But the "-A full" didn't work. I only got an empty
alert file although I can see attacks in the tcpdump
file.

    The question is whether snort can generate alerts
when reading tcpdump files(in playback mode)?

     Any idea would be appreciated.

=====
Sincerely yours

Xun Tang

__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com




More information about the Snort-users mailing list