Hi im trying to use snort as an IDS on some pcap files I have, I was hoping I would get a log of any intrusions. I know for a fact that there is port scans and ping sweeps etc in the pcap files but when I try this command:
C:\Snort\bin> snort -r c:\snort\log\trace_part01.pcap -l c:\snort\log -c c:\snort\etc\snort.conf -K ascii
Nothing happens, I can log the the data like so:
snort -r c:\snort\log\trace_part01.pcap -l c:\snort\log -K ascii
Which structures all the files in there relevant ip folders and they have .ids as an extension.
Im new to using snort so not quite sure how I can just detect what intrusions are in the pcap files and output them in a file.