[Snort-users] Analyse pcap file

Al Lewis (allewi) allewi at ...589...
Fri Jan 23 06:20:41 EST 2015

Quick answer:

1)      You analyze a pcap by either replaying it with the “-r” option back into snort or by using something like tcpreplay to inject packets back onto the network.

2)      You use the rules to alert on suspicious traffic.

3)      Any rules you want to find what you are looking for. Rules are provided but you are free to write your own.

Check out the documentation on snort and visit the website www.snort.org<http://www.snort.org>.

Some of the questions you have have been answered here https://snort.org/faq
Hope this helps.

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...

From: Madz [mailto:lakshanibd at ...11827...]
Sent: Friday, January 23, 2015 12:56 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Analyse pcap file

Hi all,
How can i analyse a pcap file? & How can i identify attacks in that pcap file using snort? Can anyone tell what are the rules that i need to use to analyse it?

Thank yoi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150123/737a147d/attachment.html>

More information about the Snort-users mailing list