Snort mailing list archives

Re: packet traces to test snort

From: Eric Arnoth <earnoth () comcast net>
Date: Tue, 06 May 2003 22:23:45 -0400

On Monday 05 May 2003 13:32, snort-users-admin () lists sourceforge net wrote:

Grab the the Capture the Flag traces from Defcon8/9 [0], and then use
tcpreplay [1] to replay them.


Alternatively, you could use the -r flag on Snort to suck in the tcpdump file
and process it that way.  A very convenient option, actually.


-- 
Eric I. Arnoth    CISSP (http://www.isc2.org)        
earnoth () comcast net                
http://mywebpages.comcast.net/earnoth
¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø



-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

packet traces to test snort Budi Rahardjo (May 02)
- Re: packet traces to test snort Erek Adams (May 02)
- Re: packet traces to test snort snort-users-admin (May 05)
- Re: packet traces to test snort snort-users-admin (May 06)
- Re: packet traces to test snort snort-users-admin (May 06)
- <Possible follow-ups>
- Re: packet traces to test snort Eric Arnoth (May 06)