Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Does snort only work in real time mode?

From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 24 Jan 2002 10:59:43 -0800 (PST)
On Thu, 24 Jan 2002, Charles wrote:


Mayeb I didn't read the manual more carefully, but I didn't find how I
can feed the snort with previously saved data files. Has anyone done it
before? what are the command line options if there is any. Your help is
highly appreciated!


Yep, you didn't read very carefully.


From "man snort"


[...snip...]

     -r tcpdump-file
          Read the tcpdump-formatted file tcpdump-file. This will
          cause  Snort  to  read  and process the file fed to it.
          This is useful if, for instance, you've got a bunch  of
          SHADOW  files  that you want to process for content, or
          even if you've got a bunch of reassembled packet  frag-
          ments  which have been written into a tcpdump formatted
          file.

[...snip...]

Or from "snort -\?"

[...snip...]

        -r <tf>    Read and process tcpdump file <tf>

[...snip...]

The docs cover a LOT of ground...  It _REALLY_ is suggested you read them!
*hint*hint*  ;-)

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: