[Snort-users] reading folder of PCAP files

Joel Esler (jesler) jesler at ...589...
Mon Dec 12 10:38:42 EST 2016

Or you could go the old fashioned way, and for loop your Snort instance…

for i in `ls *.pcap`; do snort -r $i -c snort.conf > $i.txt; done

Joel Esler | Talos: Manager | jesler at ...589...<mailto:jesler at ...589...>

On Dec 9, 2016, at 6:22 PM, Al Lewis (allewi) <allewi at ...589...<mailto:allewi at ...589...>> wrote:


The option you may want is this one:

--pcap-dir <dir>                a directory to recurse to look for pcaps - read mode is implied.

run ./bin/snort —help for the options list.

Albert Lewis
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Ikenna Chiadikaobi <reniykec at ...131...<mailto:reniykec at ...131...>>
Reply-To: Ikenna Chiadikaobi <reniykec at ...131...<mailto:reniykec at ...131...>>
Date: Friday, December 9, 2016 at 6:03 PM
To: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] reading folder of PCAP files

sudo snort -r xxxx.pcap -c snort.conf   is use in reading/analyzing a single dataset (xxxx.pcap or darpa.tcpdump), but i will like to know if there is a way to read /analyze list of dataset in a folder. For example, i have around 12 pcap files in a folder called wwww, so i want to read them all at once using snort rules.
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20161212/3d1f652a/attachment.html>

More information about the Snort-users mailing list