Hosting Provided By

Re: [Snort-users] "Saving State" in Snort

From: Chris Green <cmg(at)sourcefire.com>
Date: Mon Apr 21 2003 - 11:04:11 EDT

"Michael L. Artz" <dragon@october29.net> writes:

Nah, I just saw a mailing list reply from Guy Harris over on the tcpdump works mailing list that uses something more akin to

(COUNTER=0;
for i in *.cap.gz;
do

if [ COUNTER -eq 0 ];

        gzip -dc $i
        COUNTER=1;
    else
        gzip -dc $i | dd bs=24 count=0 skip=1

fi
done) | snort -r -

>
>
> Snort 1.9.1, fairly stock RH8.0.

-- 
Chris Green 
Laugh and the world laughs with you, snore and you sleep alone.


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Received on Mon Apr 21 11:37:00 2003

This message: [ Message body ]
Next message: Pascal Painparay: "Re: [Snort-users] "Saving State" in Snort (Absent jusqu'au 29/07/2002)"
Previous message: Francis Vidal: "[Snort-users] Snort 2.0 and Barnyard 0.1.0"
In reply to Michael L. Artz: "Re: [Snort-users] "Saving State" in Snort"
Reply: Pascal Painparay: "Re: [Snort-users] "Saving State" in Snort (Absent jusqu'au 29/07/2002)"
Reply: Pascal Painparay: "Re: [Snort-users] "Saving State" in Snort (Absent jusqu'au 29/07/2002)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:12:01 EDT

Do you need help?