[Snort-users] ascii files

Matt Kettler mkettler at ...4108...
Mon Sep 16 09:10:13 EDT 2002

I'm quite sure snort will not work directly on tcpdump ascii files.

It might be possible to use tcpdump itself to convert the ascii files to 
binary ones.

However if tcpdump was run without ALL of the following parameters, it is 
completely futile to even attempt. (without these parameters tcpdump ascii 
output does NOT contain the whole packet)

         -e              print link layer headers
         -x              print the data of the packet
         -s 1500         (or whatever your MTU is).. up the snaplen to 
capture the whole packet, not just the headers
         -nn             use numeric host and port names.  (it's common 
some names in /etc/services may represent multiple ports making converting 
the name back to a port number impossible.)

At 12:52 PM 9/13/2002 +0200, Javier Verdu Mula wrote:
>Hi every one
>Does snort work with "tcpdump ascii" input files? how can I do it?
>   o o o  Javier Verdú Mulá
>   o o o  PhD Student                            Mailto: jverdu at ...6878...
>   o o o  Department of Computer Architecture    Phone : +34 93 401 7187
>          Universitat Politècnica de Catalunya   Fax   : +34 93 401 7055
>   U P C  C/ Jordi Girona, 1-3, Módulo D6-116
>          Campus Nord,
>          08034 BARCELONA (SPAIN)
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

More information about the Snort-users mailing list