I am interested in using BASE to analyze pcap files post incident instead of as a sensor. I have been working on using Snort to replay the pcap file and log it to the appropriate database - without success. If someone has worked through this and would be willing to share their experience I would appreciate it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am interested in using BASE to analyze pcap files post incident instead of as a sensor. I have been working on using Snort to replay the pcap file and log it to the appropriate database - without success. If someone has worked through this and would be willing to share their experience I would appreciate it.
What error are you getting with Snort? If Snort is told to read the files and alert based on its rules to a DB, this should work fine.
Kevin