Snort mailing list archives
Re: How to replay pcap files with the exact time intervals...
From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 8 Jul 2008 11:43:05 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Salvo, I think tcpreplay has a mode to do this, you'd just put them on the same network and have tcpreplay replay the packets in front of snort. Snort has no native way to do this. -Marty On Jul 8, 2008, at 11:33 AM, Salvo Danilo Giuffrida wrote:
Hello, Snort can be run in offline mode, by using the '-r' switch, and giving to it a pcap file containing the capture of a certain communication session. But, I saw that this pcap file is processed as fast as possible, while for my purposes I need it to be replayed in the exact time frame of the traffic that it contains...That is, if the pcap file contains traffic that has been registered during 10 hours, I want Snort to process it in 10 hours, not by processing every packet as fast as it can... Is there a way to do this? Thanks a lot ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
- -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkhziwoACgkQqj0FAQQ3KOD2HACeOZcYc6+2/4M+Qvu6Jl3HOnAj y5kAnAiTX0GcSXhr59sFDZYcavY/OE3M =T45g -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to replay pcap files with the exact time intervals... Salvo Danilo Giuffrida (Jul 08)
- Re: How to replay pcap files with the exact time intervals... Martin Roesch (Jul 08)