[Snort-users] Generating alert when reading tcpdump file
Andrew R. Baker
andrewb at ...950...
Wed Jul 3 13:55:07 EDT 2002
tang xun wrote:
> Hi All,
> I got some tcpdump data from various network to
> analyze. I am able to start snort to read those
> tcpdump files with the following command and gererate
> snort -A full -v -d -h home_net -l /var/log/snort -r
You are missing a "-c snort.conf" in the above line. You need to use
this if you want Snort to run with any rules enabled.
> But the "-A full" didn't work. I only got an empty
> alert file although I can see attacks in the tcpdump
> The question is whether snort can generate alerts
> when reading tcpdump files(in playback mode)?
Yes, but you have to load some rules for it to use to detect the alerts.
More information about the Snort-users