Snort mailing list archives

Re: How to replay pcap files with the exact time intervals...

From: Martin Roesch <roesch () sourcefire com>
Date: Tue, 8 Jul 2008 11:43:05 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Salvo,

I think tcpreplay has a mode to do this, you'd just put them on the  
same network and have tcpreplay replay the packets in front of snort.   
Snort has no native way to do this.

        -Marty


On Jul 8, 2008, at 11:33 AM, Salvo Danilo Giuffrida wrote:

Hello,
Snort can be run in offline mode, by using the '-r' switch, and giving
to it a pcap file containing the capture of a certain communication
session. But, I saw that this pcap file is processed as fast as
possible, while for my purposes I need it to be replayed in the exact
time frame of the traffic that it contains...That is, if the pcap file
contains traffic that has been registered during 10 hours, I want
Snort to process it in 10 hours, not by processing every packet as
fast as it can...
Is there a way to do this?
Thanks a lot

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkhziwoACgkQqj0FAQQ3KOD2HACeOZcYc6+2/4M+Qvu6Jl3HOnAj
y5kAnAiTX0GcSXhr59sFDZYcavY/OE3M
=T45g
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

How to replay pcap files with the exact time intervals... Salvo Danilo Giuffrida (Jul 08)
- Re: How to replay pcap files with the exact time intervals... Martin Roesch (Jul 08)