the de facto standard in IPS  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Snort Downloads Snort Rules Snort Docs Snort Training Snort Forums Snort Community Snort Store
Search Site
Search Rules
Account
email
password
not registered?
can't login?
user preferences

Snort-replay is a simple output system for Snort (a patch for snort-2.0.1) that prints (not sends!) the payloads using the same delay between the packets as was seen on the wire. Note that this is *NOT* the same thing as tcpreplay.

Snort-replay obviously only makes sense when reading a pcap (tcpdump) file and usually making sure that you only see a conversation between two hosts and nothing else. If the pcap is good, you will get the feeling of seeing the conversation in real-time (i.e. www.takedown.com-style, but more primitive). So if you log an entire intrusion to a tcpdump file, you can then use Snort in replay mode and see the attacker's screen during the intrusion (kind of). This can be very useful for post-processing some large tcpdump files. It may also be useful for demonstrations, or even more important, as a funny party trick.

Author: Andreas Östling
Homepage: http://www.algonet.se/~nitzer/snort-replay/

../

FileChecksumSignatureREADMELast ModifiedComment
snort-2.0.1-replay-0.3.tar.gzMD5   Thu Jul 24 21:06:21 2003 GMT  
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.