[Snort-users] newbie snort question

Michael Boman michael at ...3137...
Wed Sep 11 00:30:03 EDT 2002

At 08:34 PM 9/10/2002 -0500, /dev/null wrote:
>I'm reading through the manual right now, but haven't seen anything along
>these lines just yet.
>If I save packets from snort or other util like tcpdump, can I re-run snort
>and pass in that packet file and get snort to run as if it were actual
>network traffic?

use tcpdump with the '-w' option to grab pcap-dump file
use snort with the '-r' option to read pcap dumpfile

Snort manual page, documentation and FAQ entry 2.12 answered this.

Best regards
  Michael Boman

Michael Boman
Student, Husband, Geek. Not necessary in that order thought.

More information about the Snort-users mailing list