Thu Nov 23 16:36:19 EST 2017
Read the tcpdump-formatted file tcpdump-file. This will
cause Snort to read and process the file fed to it.
This is useful if, for instance, you've got a bunch of
SHADOW files that you want to process for content, or
even if you've got a bunch of reassembled packet frag-
ments which have been written into a tcpdump formatted
Or from "snort -\?"
-r <tf> Read and process tcpdump file <tf>
The docs cover a LOT of ground... It _REALLY_ is suggested you read them!
Hope that helps!
More information about the Snort-users