[Snort-users] Snort in offline mode?

Matt Kettler mkettler at ...4108...
Fri Apr 1 11:26:26 EST 2005


Ramkumar Chinchani wrote:

> Hi all,
>
> Does Snort have an offline mode of operation?
>
> That is, can I configure Snort to read (say) tcpdump files and perform
> IDS work rather than read packets off the wire.

Yes, snort can read tcpdump files with the -r command-line parameter.
See man snort for details.




More information about the Snort-users mailing list