Snort mailing list archives
Re: How does TCP connections over multiple Pcap files
From: wkitty42--- via Snort-users <snort-users () lists snort org>
Date: Mon, 23 Jul 2018 15:09:55 -0400
On 07/22/2018 07:08 PM, Mark A via Snort-users wrote:
Hi Albert, No, as packets are dumped on a minute to minute basis.Does that mean snort does not keep track of the connection states over multiple pcaps. Ie, the state of a connection must exist in the same pcap?
AFAIK, pcaps are simply traffic recorded over a span of time... there's nothing in snort or in the pcaps that would indicate that two pcaps or a portion of them are linked in some way... if you combine the pcaps then snort would be able to follow more of the traffic but would still have the same problem if additional traffic is in yet another uncombined pcap...
tl;dr; snort can only work with what it has at hand... a pcap is just a traffic snapshot in time...
-- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- How does TCP connections over multiple Pcap files Mark A via Snort-users (Jul 21)
- Re: How does TCP connections over multiple Pcap files Al Lewis (allewi) via Snort-users (Jul 23)
- Re: How does TCP connections over multiple Pcap files Mark A via Snort-users (Jul 23)
- Re: How does TCP connections over multiple Pcap files wkitty42--- via Snort-users (Jul 24)
- Re: How does TCP connections over multiple Pcap files wkitty42--- via Snort-users (Jul 24)
- Re: How does TCP connections over multiple Pcap files Mark A via Snort-users (Jul 23)
- Re: How does TCP connections over multiple Pcap files Russ via Snort-users (Jul 23)
- Re: How does TCP connections over multiple Pcap files wkitty42--- via Snort-users (Jul 24)
- Re: How does TCP connections over multiple Pcap files Al Lewis (allewi) via Snort-users (Jul 23)