Snort mailing list archives
Re: (no subject)
From: Giles Coochey <giles () coochey net>
Date: Thu, 13 Dec 2012 21:14:21 +0000
On 13/12/2012 20:56, Steve Marotta wrote:
Hi,Is there a way to run Snort in NIDS mode on large (>500MB) pcap dumps? When I try to run snort --dev --l (mylog) --r (myfile) --c /etc/snort.conf, I get, "Value too large for defined data type" and "ERROR: Error getting pcaps".Is this because the file I'm reading is too large? If so, is there a workaround?
Have you tried tcpreplay to an interface that snort is listening on? -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles () coochey net
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- (no subject) Thomas, Sheena (RTIS) (Oct 01)
- <Possible follow-ups>
- (no subject) k vijay sai prashanth (Nov 08)
- Re: (no subject) waldo kitty (Nov 08)
- Re: (no subject) k vijay sai prashanth (Nov 08)
- Re: (no subject) waldo kitty (Nov 08)
- (no subject) Steve Marotta (Dec 13)
- Re: (no subject) Giles Coochey (Dec 13)
- Re: (no subject) JJC (Dec 13)
- Re: (no subject) Joel Esler (Dec 13)
- Re: (no subject) JJC (Dec 13)
- Re: (no subject) Giles Coochey (Dec 13)
- Re: (no subject) Victor Roemer (Dec 13)
- Re: (no subject) JJC (Dec 13)