Snort mailing list archives
Re: PCaps
From: Joel Esler <jesler () sourcefire com>
Date: Sat, 5 Mar 2011 08:55:56 -0500
Yes. The -r command line tag tells Snort to use a pcap file as input. -- Sent from my iPad Please excuse the brevity On Mar 5, 2011, at 6:57 AM, Michael Lubinski <michael.lubinski () gmail com> wrote:
I have seem to notice something after keeping up with the mailing list for a while... Do you have the ability in snort to run an already saved pcap through the snort engines and all of its rules to see what it pulls out? In the consultant mindframe, Say I captured a pcap file from a clients network and thought something was up. I could have snort run it and see what comes out? ------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users