[Snort-users] reading packet capture file

Scott Zawalski scott.zawalski at ...5689...
Mon Sep 20 09:26:01 EDT 2004


Yes this is possible. Just like tcpdump you can supply the -r filename 
option.

snort --help provides a lot of quick information including the above.


Scott


John Fiore wrote:

>I have a large packet capture file which contains a
>record of malicious activity.  Is it possible to read
>it into snort offline?  Thanks in advance.
>
>John
>
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
>Project Admins to receive an Apple iPod Mini FREE for your judgement on
>who ports your project to Linux PPC the best. Sponsored by IBM.
>Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>  
>





More information about the Snort-users mailing list