[Snort-users] how to create testing data files??
wkitty42 at ...14940...
Sat Aug 14 15:35:03 EDT 2010
how can we create data files and test rules without having to create pcaps? i've
tried creating a file with some test strings in it and feeding it to snort via
the various pcap reading methods but snort always whines "bad dump file format"
the snort 188.8.131.52 manual specifically states, in section 1.7.2 at the bottom of
[quote] Note that Snort will not try to determine whether the files under that
directory are really pcap files or not. [/quote]
that indicates that we can create a "text" file and feed it to snort... what am
i get the following output from snort...
TCPDUMP file reading mode.
Reading network traffic from "/home/user/pcaps/test" file.
ERROR: Unable to open file "/home/user/pcaps/test" for readback: bad dump file
Fatal Error, Quitting..
More information about the Snort-users