[Snort-users] [Snort-devel] Testing my own rules/signatures on pcap file

Joel Esler (jesler) jesler at ...589...
Sun Dec 22 19:25:37 EST 2013

This belongs on the users list.

Look into the -c command.

Joel Esler
Intelligence Lead
Open Source Manager
Vulnerability Research Team

Sent from my iPhone.

On Dec 22, 2013, at 12:53, "Beenish Raza" <beenish.raza at ...125...<mailto:beenish.raza at ...125...>> wrote:

I have a set of rules in a text file and I want to check if the given pcap file contains any signatures/rules from those text file of rules.

I have run this command to use pcap file

snort -r    trace.pcap

but how do I specifiy the rules file which I want to use?

Secondly, is there any way that I can generate a pcap file from a given ruleset?

Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
Snort-devel mailing list
Snort-devel at lists.sourceforge.net<mailto:Snort-devel at lists.sourceforge.net>

Please visit http://blog.snort.org for the latest news about Snort!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131223/dcab261a/attachment.html>

More information about the Snort-users mailing list