[Snort-users] snort-replay 0.2

Andreas Östling andreaso at ...236...
Tue Jun 24 04:00:59 EDT 2003


For the interested, snort-replay 0.2 is now available from

It's a simple output system for Snort that reads a tcpdump file and
prints (not sends!) the payloads using the same delay between the packets
as was seen on the wire. I've put up a couple of examples as animated gifs
(poor quality) on the homepage if you want a demo.
It's still just a quick test just for fun, so don't take it too seriously...

Changes since 0.1:

o Updated to work with Snort 2.0.0
o Requires curses to compile
o Included installation script for easier installation
o Handle telnet escape command, i.e. some colors etc will now be printed,
  but it may also mess up your terminal if it can't handle the codes
  correctly... Use at your own risk
o The source address of the first packet is regarded as the client host
  for the rest of the conversation, and all packets from this host will be
  printed in white so it's much easier to see which packet is from the
  client and which is from the server. You can switch client host by
  pressing 's' during playback
o You can now adjust the speed during playback with '+' and '-', and also
  pause with 'p'. To reset to the original speed, press 'r'
o Only ascii chars 0x20-0x7E will be printed by default
  (i.e. less useless junk on screen)
o Updated telnet.bin example to include a pine session
o Updated the README file
o A few other general improvments


More information about the Snort-users mailing list