Snort download pcap file



  • Hi,

    I am running PFSense V 2.3.4-RELEASE-p1 and snort 3.2.9.5_1 and I am looking for a way to download the PCAP file so that i can see more information regarding the blocked hosts.

    I have looked in VAR/Logs/Snort/ but i am unable to find anything.

    Any help would be appreciated.

    Cheers,

    CPT_N3m0


  • Galactic Empire

    You need to run u2boat to convert them to a wireshark pcap format :-

    u2boat snort_51260_igb0_vlan2.u2.1507590514 pcap.cap

    You can view them via :-

    u2spewfoo snort_51260_igb0_vlan2.u2.1507590514

    The directories will start snort_IF-NAME*