[Snort-users] reading packet capture file

Matt Kettler mkettler at ...4108...
Mon Sep 20 09:58:04 EDT 2004


At 11:59 AM 9/20/2004, John Fiore wrote:
>I have a large packet capture file which contains a
>record of malicious activity.  Is it possible to read
>it into snort offline?  Thanks in advance

If it's a tcpdump binary capture file, certainly.. use snort's -r parameter 
(see man snort for more detail).





More information about the Snort-users mailing list