Snort mailing list archives
Re: Generating alert when reading tcpdump file
From: "Andrew R. Baker" <andrewb () snort org>
Date: Wed, 03 Jul 2002 16:54:38 -0400
tang xun wrote:
Hi All, I got some tcpdump data from various network to analyze. I am able to start snort to read those tcpdump files with the following command and gererate logs. snort -A full -v -d -h home_net -l /var/log/snort -r tcpdump_file.
You are missing a "-c snort.conf" in the above line. You need to use this if you want Snort to run with any rules enabled.
But the "-A full" didn't work. I only got an empty alert file although I can see attacks in the tcpdump file. The question is whether snort can generate alerts when reading tcpdump files(in playback mode)?
Yes, but you have to load some rules for it to use to detect the alerts. -A ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek No, I will not fix your computer. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Generating alert when reading tcpdump file tang xun (Jul 03)
- Re: Generating alert when reading tcpdump file Andrew R. Baker (Jul 03)
- Re: Generating alert when reading tcpdump file Erek Adams (Jul 03)
- <Possible follow-ups>
- Re: Generating alert when reading tcpdump file xun wang (Jul 04)
- Re: Generating alert when reading tcpdump file John Sage (Jul 04)
- Re: Generating alert when reading tcpdump file xun wang (Jul 04)
- Re: Generating alert when reading tcpdump file John Sage (Jul 04)
- Re: Generating alert when reading tcpdump file Andrew R. Baker (Jul 03)