[Snort-users] Snort handling multiple Pcap files

Asad, Hafiz ul Hafiz-ul.Asad at ...17478...
Thu Jan 12 13:32:11 EST 2017


Thanks for this! I have two pcap files (about 600 MB each), if I analyse them one-by-one, it took snort 2.9.8.0 about 1 mint 10 sec to process them. But if I use any option of multiple files, e.g. --pcap-list “<list>”, it takes like forever for snort to finish and I have to manually stop it. Any solution for this?


Asad

From: Al Lewis (allewi) [mailto:allewi at ...589...]
Sent: 06 January 2017 18:57
To: Asad, Hafiz ul <Hafiz-ul.Asad at ...17478...>; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort handling multiple Pcap files

Run snort -h

   --pcap-single <tf>              Same as -r.
   --pcap-file <file>              file that contains a list of pcaps to read - read mode is implied.
   --pcap-list "<list>"            a space separated list of pcaps to read - read mode is implied.
   --pcap-dir <dir>                a directory to recurse to look for pcaps - read mode is implied.


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: "Asad, Hafiz ul" <Hafiz-ul.Asad at ...17478...<mailto:Hafiz-ul.Asad at ...17478...>>
Date: Friday, January 6, 2017 at 12:53 PM
To: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] Snort handling multiple Pcap files

Snort Users,

Is it possible that snort could analyse multiple ‘pcap’ files. To be more specific, is it possible to have ,

Snort  -r file1.pcap file2.pcap….filen.pcap

Regards
Asad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170112/b3474c3f/attachment.html>


More information about the Snort-users mailing list