Snort mailing list archives
Re: Analyse pcap file
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Fri, 23 Jan 2015 11:20:41 +0000
Quick answer: 1) You analyze a pcap by either replaying it with the “-r” option back into snort or by using something like tcpreplay to inject packets back onto the network. 2) You use the rules to alert on suspicious traffic. 3) Any rules you want to find what you are looking for. Rules are provided but you are free to write your own. Check out the documentation on snort and visit the website www.snort.org<http://www.snort.org>. Some of the questions you have have been answered here https://snort.org/faq Hope this helps. Albert Lewis QA Software Engineer SOURCEfire, Inc. now part of Cisco 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com From: Madz [mailto:lakshanibd () gmail com] Sent: Friday, January 23, 2015 12:56 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Analyse pcap file Hi all, How can i analyse a pcap file? & How can i identify attacks in that pcap file using snort? Can anyone tell what are the rules that i need to use to analyse it? Thank yoi
------------------------------------------------------------------------------ New Year. New Location. New Benefits. New Data Center in Ashburn, VA. GigeNET is offering a free month of service with a new server in Ashburn. Choose from 2 high performing configs, both with 100TB of bandwidth. Higher redundancy.Lower latency.Increased capacity.Completely compliant. http://p.sf.net/sfu/gigenet
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Analyse pcap file Madz (Jan 22)
- Re: Analyse pcap file Al Lewis (allewi) (Jan 23)