0

When I run Snort on a pcap file (that contains malicious traffic), it does not detect anything.

I uncommented the rules path in Step #7 at snort.conf. Nothing is changed.

How to let Snort detect attacks from test.pcap and generate a log file?

I used the following command :

$ snort -r /home/mina/Download/test.pcap -c /etc/snort/snort.conf
schroeder
  • 123,438
  • 55
  • 284
  • 319
Mimi
  • 1
  • 1
  • Have you checked that your snort rules will alert on the malicious traffic in the pcap file? – schroeder Apr 24 '21 at 15:28
  • Yes, I used a pcap file contains bad-login and the related rule_path are uncommented in the snort.conf. – Mimi Apr 24 '21 at 15:44

0 Answers0