[Snort-users] (no subject)

Giles Coochey giles at ...9346...
Thu Dec 13 16:14:21 EST 2012


On 13/12/2012 20:56, Steve Marotta wrote:
>
> Hi,
>
> Is there a way to run Snort in NIDS mode on large (>500MB) pcap dumps? 
> When I try to run snort --dev --l (mylog) --r (myfile) --c 
> /etc/snort.conf, I get, "Value too large for defined data type" and 
> "ERROR: Error getting pcaps".
>
> Is this because the file I'm reading is too large? If so, is there a 
> workaround?
>
Have you tried tcpreplay to an interface that snort is listening on?

-- 
Regards,

Giles Coochey, CCNA, CCNAS
NetSecSpec Ltd
+44 (0) 7983 877438
http://www.coochey.net
http://www.netsecspec.co.uk
giles at ...9346...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121213/6708ea88/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4968 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121213/6708ea88/attachment.bin>


More information about the Snort-users mailing list