Snort mailing list archives
Re: reading folder of PCAP files
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 12 Dec 2016 15:38:42 +0000
Or you could go the old fashioned way, and for loop your Snort instance… for i in `ls *.pcap`; do snort -r $i -c snort.conf > $i.txt; done -- Joel Esler | Talos: Manager | jesler () cisco com<mailto:jesler () cisco com> On Dec 9, 2016, at 6:22 PM, Al Lewis (allewi) <allewi () cisco com<mailto:allewi () cisco com>> wrote: Hello, The option you may want is this one: --pcap-dir <dir> a directory to recurse to look for pcaps - read mode is implied. run ./bin/snort —help for the options list. Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Ikenna Chiadikaobi <reniykec () yahoo com<mailto:reniykec () yahoo com>> Reply-To: Ikenna Chiadikaobi <reniykec () yahoo com<mailto:reniykec () yahoo com>> Date: Friday, December 9, 2016 at 6:03 PM To: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> Subject: [Snort-users] reading folder of PCAP files sudo snort -r xxxx.pcap -c snort.conf is use in reading/analyzing a single dataset (xxxx.pcap or darpa.tcpdump), but i will like to know if there is a way to read /analyze list of dataset in a folder. For example, i have around 12 pcap files in a folder called wwww, so i want to read them all at once using snort rules. ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- reading folder of PCAP files Ikenna Chiadikaobi (Dec 09)
- Re: reading folder of PCAP files Al Lewis (allewi) (Dec 09)
- Re: reading folder of PCAP files Joel Esler (jesler) (Dec 12)
- Re: reading folder of PCAP files Al Lewis (allewi) (Dec 09)