Snort's Test Logger

[Ibrahim Ahmed via Snort-users <snort-users () lists snort org>]

Hello everyone,

With the Darpa99 dataset, I'm trying to discern packets responsible for
triggering each alert that snort produces on the dataset.

I've read online that Snort's test logger (running snort with '-A test')
produces the packet number for each alert that is triggered.

However, the test logger gives me packet numbers as high as ~1.6 million,
whereas my dataset has only 22,000 packets.

Has anyone done this packet-to-alert correlation before?

Many thanks,
Ibrahim

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette