Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Adding a PCAP file to analyze with snort or IDS.

NST
jinverar
2013-03-12
2013-03-12
  • jinverar
    jinverar
    2013-03-12

    Is there a way for a NST user to add a PCAP file to snort then analyze with BASE? or analyze with anything?

    Which tools would you use? such as TCPick, TCPdump, Tshark, wireshark.

    I have used those tools specifically however I would like to run the Pcap through a IDS and see if any signatures match up. Thank you.

     
  • jinverar:

    This will need to be done manually outside of the NST WUI. snort can be used to read the pcap file using the "-r" option. First use the NST WUI snort interface page to setup the MySQL snort database.

    Newer versions of NST use barnyard2 to populate the MySQL snort database.

    Good luck!

    ---RWH