Re: Analyse pcap file

["Al Lewis (allewi)" <allewi () cisco com>]

Quick answer:


1)      You analyze a pcap by either replaying it with the “-r” option back into snort or by using something like 
tcpreplay to inject packets back onto the network.

2)      You use the rules to alert on suspicious traffic.

3)      Any rules you want to find what you are looking for. Rules are provided but you are free to write your own.

Check out the documentation on snort and visit the website www.snort.org<http://www.snort.org>.

Some of the questions you have have been answered here https://snort.org/faq
Hope this helps.

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi () cisco com

From: Madz [mailto:lakshanibd () gmail com]
Sent: Friday, January 23, 2015 12:56 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Analyse pcap file


Hi all,
How can i analyse a pcap file? & How can i identify attacks in that pcap file using snort? Can anyone tell what are the 
rules that i need to use to analyse it?

Thank yoi

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!