• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Snort download pcap file

Scheduled Pinned Locked Moved IDS/IPS
2 Posts 2 Posters 914 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cpt_n3m0
    last edited by Oct 10, 2017, 4:20 PM

    Hi,

    I am running PFSense V 2.3.4-RELEASE-p1 and snort 3.2.9.5_1 and I am looking for a way to download the PCAP file so that i can see more information regarding the blocked hosts.

    I have looked in VAR/Logs/Snort/ but i am unable to find anything.

    Any help would be appreciated.

    Cheers,

    CPT_N3m0

    1 Reply Last reply Reply Quote 0
    • N
      NogBadTheBad
      last edited by Oct 10, 2017, 5:56 PM

      You need to run u2boat to convert them to a wireshark pcap format :-

      u2boat snort_51260_igb0_vlan2.u2.1507590514 pcap.cap

      You can view them via :-

      u2spewfoo snort_51260_igb0_vlan2.u2.1507590514

      The directories will start snort_IF-NAME*

      Andy

      1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received