[Snort-users] Analyse pcap file
Al Lewis (allewi)
allewi at ...589...
Fri Jan 23 06:20:41 EST 2015
1) You analyze a pcap by either replaying it with the “-r” option back into snort or by using something like tcpreplay to inject packets back onto the network.
2) You use the rules to alert on suspicious traffic.
3) Any rules you want to find what you are looking for. Rules are provided but you are free to write your own.
Check out the documentation on snort and visit the website www.snort.org<http://www.snort.org>.
Some of the questions you have have been answered here https://snort.org/faq
Hope this helps.
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...
From: Madz [mailto:lakshanibd at ...11827...]
Sent: Friday, January 23, 2015 12:56 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Analyse pcap file
How can i analyse a pcap file? & How can i identify attacks in that pcap file using snort? Can anyone tell what are the rules that i need to use to analyse it?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users