Snort mailing list archives
Re: (no subject)
From: JJC <cummingsj () gmail com>
Date: Thu, 13 Dec 2012 14:34:55 -0700
There are also numerous utilities that can split the sessions/conversations out into multiple smaller pcaps.. JJC On Thu, Dec 13, 2012 at 2:14 PM, Giles Coochey <giles () coochey net> wrote:
On 13/12/2012 20:56, Steve Marotta wrote: Hi, Is there a way to run Snort in NIDS mode on large (>500MB) pcap dumps? When I try to run snort –dev –l (mylog) –r (myfile) –c /etc/snort.conf, I get, “Value too large for defined data type” and “ERROR: Error getting pcaps”. Is this because the file I’m reading is too large? If so, is there a workaround? Have you tried tcpreplay to an interface that snort is listening on? -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk giles () coochey net ------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- (no subject) Thomas, Sheena (RTIS) (Oct 01)
- <Possible follow-ups>
- (no subject) k vijay sai prashanth (Nov 08)
- Re: (no subject) waldo kitty (Nov 08)
- Re: (no subject) k vijay sai prashanth (Nov 08)
- Re: (no subject) waldo kitty (Nov 08)
- (no subject) Steve Marotta (Dec 13)
- Re: (no subject) Giles Coochey (Dec 13)
- Re: (no subject) JJC (Dec 13)
- Re: (no subject) Joel Esler (Dec 13)
- Re: (no subject) JJC (Dec 13)
- Re: (no subject) Giles Coochey (Dec 13)
- Re: (no subject) Victor Roemer (Dec 13)
- Re: (no subject) JJC (Dec 13)