Snort mailing list archives
Generating alert when reading tcpdump file
From: tang xun <xun_tang () yahoo com>
Date: Wed, 3 Jul 2002 09:22:42 -0700 (PDT)
Hi All, I got some tcpdump data from various network to analyze. I am able to start snort to read those tcpdump files with the following command and gererate logs. snort -A full -v -d -h home_net -l /var/log/snort -r tcpdump_file. But the "-A full" didn't work. I only got an empty alert file although I can see attacks in the tcpdump file. The question is whether snort can generate alerts when reading tcpdump files(in playback mode)? Any idea would be appreciated. ===== Sincerely yours Xun Tang __________________________________________________ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Generating alert when reading tcpdump file tang xun (Jul 03)
- Re: Generating alert when reading tcpdump file Andrew R. Baker (Jul 03)
- Re: Generating alert when reading tcpdump file Erek Adams (Jul 03)
- <Possible follow-ups>
- Re: Generating alert when reading tcpdump file xun wang (Jul 04)
- Re: Generating alert when reading tcpdump file John Sage (Jul 04)
- Re: Generating alert when reading tcpdump file xun wang (Jul 04)
- Re: Generating alert when reading tcpdump file John Sage (Jul 04)
- Re: Generating alert when reading tcpdump file Andrew R. Baker (Jul 03)