[Snort-users] reading packet capture file

Scott Zawalski scott.zawalski at ...5689...
Mon Sep 20 09:26:01 EDT 2004

Yes this is possible. Just like tcpdump you can supply the -r filename 

snort --help provides a lot of quick information including the above.


John Fiore wrote:

>I have a large packet capture file which contains a
>record of malicious activity.  Is it possible to read
>it into snort offline?  Thanks in advance.
>This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
>Project Admins to receive an Apple iPod Mini FREE for your judgement on
>who ports your project to Linux PPC the best. Sponsored by IBM.
>Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

More information about the Snort-users mailing list