[Snort-users] newbie snort question

Michael Boman michael at ...3137...
Wed Sep 11 00:30:03 EDT 2002


At 08:34 PM 9/10/2002 -0500, /dev/null wrote:
>I'm reading through the manual right now, but haven't seen anything along
>these lines just yet.
>
>If I save packets from snort or other util like tcpdump, can I re-run snort
>and pass in that packet file and get snort to run as if it were actual
>network traffic?

use tcpdump with the '-w' option to grab pcap-dump file
use snort with the '-r' option to read pcap dumpfile

Snort manual page, documentation and FAQ entry 2.12 answered this.

Best regards
  Michael Boman

--
Michael Boman
Student, Husband, Geek. Not necessary in that order thought.






More information about the Snort-users mailing list