Snort download pcap file

  • Hi,

    I am running PFSense V 2.3.4-RELEASE-p1 and snort and I am looking for a way to download the PCAP file so that i can see more information regarding the blocked hosts.

    I have looked in VAR/Logs/Snort/ but i am unable to find anything.

    Any help would be appreciated.



  • You need to run u2boat to convert them to a wireshark pcap format :-

    u2boat snort_51260_igb0_vlan2.u2.1507590514 pcap.cap

    You can view them via :-

    u2spewfoo snort_51260_igb0_vlan2.u2.1507590514

    The directories will start snort_IF-NAME*

