Snort mailing list archives
Generating alert when reading tcpdump file
From: tang xun <xun_tang () yahoo com>
Date: Wed, 3 Jul 2002 09:22:42 -0700 (PDT)
Hi All,
I got some tcpdump data from various network to
analyze. I am able to start snort to read those
tcpdump files with the following command and gererate
logs.
snort -A full -v -d -h home_net -l /var/log/snort -r
tcpdump_file.
But the "-A full" didn't work. I only got an empty
alert file although I can see attacks in the tcpdump
file.
The question is whether snort can generate alerts
when reading tcpdump files(in playback mode)?
Any idea would be appreciated.
=====
Sincerely yours
Xun Tang
__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
No, I will not fix your computer.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Generating alert when reading tcpdump file tang xun (Jul 03)
- Re: Generating alert when reading tcpdump file Andrew R. Baker (Jul 03)
- Re: Generating alert when reading tcpdump file Erek Adams (Jul 03)
- <Possible follow-ups>
- Re: Generating alert when reading tcpdump file xun wang (Jul 04)
- Re: Generating alert when reading tcpdump file John Sage (Jul 04)
- Re: Generating alert when reading tcpdump file xun wang (Jul 04)
- Re: Generating alert when reading tcpdump file John Sage (Jul 04)
- Re: Generating alert when reading tcpdump file Andrew R. Baker (Jul 03)