Snort mailing list archives

Re: Just Analyzing tcpdump files according to defined rules.

From: Marcos Rodriguez <marcos.e.rodriguez () gmail com>
Date: Thu, 7 Oct 2010 07:21:21 -0400

Just thought I'd throw this into the mix:

snort --pcap-filter=*.pcap --pcap-dir=/path/to/pcaps/  - Helpful if you'd
like to run an entire directory of pcaps.

Also, snort -h will show you other tricks, such as reading a list of pcaps
from a file and processing those.

And, yes, drink up!!!!!   :o)

On Thu, Oct 7, 2010 at 1:52 AM, Nerijus Krukauskas <nkrukauskas () gmail com>wrote:


On Thu, October 7, 2010 06:12, alexandre suzuki wrote:

I do not want snort running as a daemon,I just want it to analyze tcpdump
files of my Internet connections,detecting intrusions etc. according to
the established ruleset.My first attempts were not OK.Can someone show
here the right command line options,and eventually any change to
snort.conf? -I use snort 2.8.5.1-.


Aren't people reading the manuals or using search these days anymore? Now
go to http://blog.joelesler.net/the-snort-drinking-game and take your
penalty.

--
http://nk99.org/




------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Just Analyzing tcpdump files according to defined rules. alexandre suzuki (Oct 06)
- Re: Just Analyzing tcpdump files according to defined rules. Joel Esler (Oct 06)
- Re: Just Analyzing tcpdump files according to defined rules. Nerijus Krukauskas (Oct 06)
  - Re: Just Analyzing tcpdump files according to defined rules. Marcos Rodriguez (Oct 07)
  - Re: Just Analyzing tcpdump files according to defined rules. waldo kitty (Oct 07)
- Re: Just Analyzing tcpdump files according to defined rules. waldo kitty (Oct 07)