Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ascii files

From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 16 Sep 2002 12:09:52 -0400
I'm quite sure snort will not work directly on tcpdump ascii files.
It might be possible to use tcpdump itself to convert the ascii files to binary ones.
However if tcpdump was run without ALL of the following parameters, it is completely futile to even attempt. (without these parameters tcpdump ascii output does NOT contain the whole packet) 


        -e              print link layer headers
        -x              print the data of the packet
-s 1500 (or whatever your MTU is).. up the snaplen to capture the whole packet, not just the headers -nn use numeric host and port names. (it's common some names in /etc/services may represent multiple ports making converting the name back to a port number impossible.) 

At 12:52 PM 9/13/2002 +0200, Javier Verdu Mula wrote:

Hi every one

Does snort work with "tcpdump ascii" input files? how can I do it?

Thanks

________________________________________________________________________

  o o o  Javier Verdú Mulá
  o o o  PhD Student                            Mailto: jverdu () ac upc es
  o o o  Department of Computer Architecture    Phone : +34 93 401 7187
         Universitat Politècnica de Catalunya   Fax   : +34 93 401 7055
  U P C  C/ Jordi Girona, 1-3, Módulo D6-116
         Campus Nord,
         08034 BARCELONA (SPAIN)
________________________________________________________________________



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: