[Snort-users] reading folder of PCAP files

Al Lewis (allewi) allewi at ...589...
Fri Dec 9 18:22:56 EST 2016


Hello,

The option you may want is this one:

--pcap-dir <dir>                a directory to recurse to look for pcaps - read mode is implied.


run ./bin/snort —help for the options list.



Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Ikenna Chiadikaobi <reniykec at ...131...<mailto:reniykec at ...131...>>
Reply-To: Ikenna Chiadikaobi <reniykec at ...131...<mailto:reniykec at ...131...>>
Date: Friday, December 9, 2016 at 6:03 PM
To: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] reading folder of PCAP files

sudo snort -r xxxx.pcap -c snort.conf   is use in reading/analyzing a single dataset (xxxx.pcap or darpa.tcpdump), but i will like to know if there is a way to read /analyze list of dataset in a folder. For example, i have around 12 pcap files in a folder called wwww, so i want to read them all at once using snort rules.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161209/99065504/attachment.html>


More information about the Snort-users mailing list