|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] "Saving State" in Snort
From: Michael L. Artz (dragon
october29.net)
Date: Thu Apr 17 2003 - 20:49:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Chris Green wrote:
>Finally a use for reading in off stdin
>
>(for i in *.cap.gz| do gzip -dc $i; done) | snort -r - <args>
>
This seems to fail for me on the "breaks" between files with the error:
pcap_loop: truncated dump file
I assume that this has to do with the little header that tcpdump adds to
the beginning of each file, i.e. I can mergecap them and run them
through just fine. Is there something that I am missing beyond 'cat
*.pcap | snort -r -'? Would a newer libpcap solve the problem?
Snort 1.9.1, fairly stock RH8.0.
-Mike
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]