[Snort-users] Just Analyzing tcpdump files according to defined rules.

Marcos Rodriguez marcos.e.rodriguez at ...11827...
Thu Oct 7 07:21:21 EDT 2010

Just thought I'd throw this into the mix:

snort --pcap-filter=*.pcap --pcap-dir=/path/to/pcaps/  - Helpful if you'd
like to run an entire directory of pcaps.

Also, snort -h will show you other tricks, such as reading a list of pcaps
from a file and processing those.

And, yes, drink up!!!!!   :o)

On Thu, Oct 7, 2010 at 1:52 AM, Nerijus Krukauskas <nkrukauskas at ...11827...>wrote:

> On Thu, October 7, 2010 06:12, alexandre suzuki wrote:
> > I do not want snort running as a daemon,I just want it to analyze tcpdump
> > files of my Internet connections,detecting intrusions etc. according to
> > the established ruleset.My first attempts were not OK.Can someone show
> > here the right command line options,and eventually any change to
> > snort.conf? -I use snort
> Aren't people reading the manuals or using search these days anymore? Now
> go to http://blog.joelesler.net/the-snort-drinking-game and take your
> penalty.
> --
> http://nk99.org/
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101007/a0f50979/attachment.html>

More information about the Snort-users mailing list