Next: Examples
Up: Reading Pcaps
Previous: Reading Pcaps
Contents
Any of the below can be specified multiple times on the command line (-r
included) and in addition to other Snort command line options. Note, however,
that specifying -pcap-reset and -pcap-show multiple times has
the same effect as specifying them once.
| Option |
Description |
|---|
| -r <file> |
Read a single pcap. |
| -pcap-single=<file> |
Same as -r. Added for completeness. |
| -pcap-file=<file> |
File that contains a list of pcaps to read. Can specifiy path to pcap or directory to recurse to get pcaps. |
| -pcap-list="<list>" |
A space separated list of pcaps to read. |
| -pcap-dir=<dir> |
A directory to recurse to look for pcaps. Sorted in ascii order. |
| -pcap-filter=<filter> |
Shell style filter to apply when getting pcaps from file or directory. This filter will apply to any -pcap-file or -pcap-dir arguments following. Use -pcap-no-filter to delete filter for following -pcap-file or -pcap-dir arguments or specifiy -pcap-filter again to forget previous filter and to apply to following -pcap-file or -pcap-dir arguments. |
| -pcap-no-filter |
Reset to use no filter when getting pcaps from file or directory. |
| -pcap-reset |
If reading multiple pcaps, reset snort to post-configuration state before reading next pcap. The default, i.e. without this option, is not to reset state. |
| -pcap-show |
Print a line saying what pcap is currently being read. |
Next: Examples
Up: Reading Pcaps
Previous: Reading Pcaps
Contents
Steven Sturges
2008-04-01
|
