Adding a PCAP file to analyze with snort or IDS.

  • jinverar

    jinverar - 2013-03-12

    Is there a way for a NST user to add a PCAP file to snort then analyze with BASE? or analyze with anything?

    Which tools would you use? such as TCPick, TCPdump, Tshark, wireshark.

    I have used those tools specifically however I would like to run the Pcap through a IDS and see if any signatures match up. Thank you.

  • Ronald W. Henderson


    This will need to be done manually outside of the NST WUI. snort can be used to read the pcap file using the "-r" option. First use the NST WUI snort interface page to setup the MySQL snort database.

    Newer versions of NST use barnyard2 to populate the MySQL snort database.

    Good luck!



Log in to post a comment.