Snort mailing list archives
Re: packet traces to test snort
From: Eric Arnoth <earnoth () comcast net>
Date: Tue, 06 May 2003 22:23:45 -0400
On Monday 05 May 2003 13:32, snort-users-admin () lists sourceforge net wrote:
Grab the the Capture the Flag traces from Defcon8/9 [0], and then use tcpreplay [1] to replay them.
Alternatively, you could use the -r flag on Snort to suck in the tcpdump file and process it that way. A very convenient option, actually. -- Eric I. Arnoth CISSP (http://www.isc2.org) earnoth () comcast net http://mywebpages.comcast.net/earnoth ¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø¤ø,¸¸,ø¤º°*°º¤ø,¸¸,ø ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- packet traces to test snort Budi Rahardjo (May 02)
- Re: packet traces to test snort Erek Adams (May 02)
- Re: packet traces to test snort snort-users-admin (May 05)
- Re: packet traces to test snort snort-users-admin (May 06)
- Re: packet traces to test snort snort-users-admin (May 06)
- <Possible follow-ups>
- Re: packet traces to test snort Eric Arnoth (May 06)