Questions about alerts from TCPDUMP

[jwang () fit edu]

hi everyone:

my issues:
1) I have managed to create alerts from my tcpdump file with the following
command:
../snort -s -r file.tcpdump -c snort.conf

but since i have got thousands of tcpdump files, all the alerts were
outputed to the /sys/log/snort/alert file, and it's really hard to
recongize which alert is from which tcpdump file?! Can someone tell me if
there is any way i can be able to set a path to each output of the alerts
from every tcpdump file??

2) I have got a tcpdump file from a system that is about a year old, and
after applied the lastest rule set (downloaded from snort.org), it didn't
detect any alert from it? but my instructor said he is 100% sure there is
at least one alert from that file. I was wondering, how will i be able to
find it then???

3) After we have found the alerts, What is the command/method to fix the
bug in the tcpdump file? so, that the alerts will not appear second time
we snort it?

thank you very much!!

Jun WANG
Florida Tech
29th, March 2004




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users