[Snort-users] take a .pcap file and convert to .csv file

Neil nro at ...384...
Sun Mar 6 15:09:08 EST 2005


snort users list:

 

I am new to snort.

I am running snort on a windows XP box (sorry my *nix boxes are currently
offline).

How do I simultaneously read a tcpdump file and output this same file to csv
(for Excel use)?

 

I can read the tcpdump file

F:\snort\bin>snort -r  file.pcap 

 

and I have added the following to snort.conf

output alert_CSV: F:\Snort\log\alert.csv
timestamp,msg,proto,src,srcport,dst,dstport

 

 

However, How do I combine both actions at once?

 

When I run F:\snort\bin>snort -r  file.pcap  a csv file never materializes.

 

I've read through several email archives, and did not quite see this issue,
and tried a few things from answers to other questions with no luck.

Thanks

-neil

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050306/28694e6d/attachment.html>


More information about the Snort-users mailing list