Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] How to replay pcap files with the exact time intervals

from [Martin Roesch] Network Security [Permanent Link]
Subject: Re: [Snort-users] How to replay pcap files with the exact time intervals...
Date: Tue, 8 Jul 2008 11:43:05 -0400 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Salvo,

I think tcpreplay has a mode to do this, you'd just put them on the  
same network and have tcpreplay replay the packets in front of snort.   
Snort has no native way to do this.

        -Marty


On Jul 8, 2008, at 11:33 AM, Salvo Danilo Giuffrida wrote:


Hello,
Snort can be run in offline mode, by using the '-r' switch, and giving
to it a pcap file containing the capture of a certain communication
session. But, I saw that this pcap file is processed as fast as
possible, while for my purposes I need it to be replayed in the exact
time frame of the traffic that it contains...That is, if the pcap file
contains traffic that has been registered during 10 hours, I want
Snort to process it in 10 hours, not by processing every packet as
fast as it can...
Is there a way to do this?
Thanks a lot

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkhziwoACgkQqj0FAQQ3KOD2HACeOZcYc6+2/4M+Qvu6Jl3HOnAj
y5kAnAiTX0GcSXhr59sFDZYcavY/OE3M
=T45g
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] How to replay pcap files with the exact time intervals..., Salvo Danilo Giuffrida
Next by Date:  Re: [Snort-users] Backend DB's, Paul Melson
Previous by Thread:  [Snort-users] How to replay pcap files with the exact time intervals..., Salvo Danilo Giuffrida
Next by Thread:  [Snort-users] OT: change msg option in rules files with oinkmaster, carlopmart
Indexes:  [Date] [Thread] [Top] [All Lists]