Snort download pcap file
I am running PFSense V 2.3.4-RELEASE-p1 and snort 220.127.116.11_1 and I am looking for a way to download the PCAP file so that i can see more information regarding the blocked hosts.
I have looked in VAR/Logs/Snort/ but i am unable to find anything.
Any help would be appreciated.
You need to run u2boat to convert them to a wireshark pcap format :-
u2boat snort_51260_igb0_vlan2.u2.1507590514 pcap.cap
You can view them via :-
The directories will start snort_IF-NAME*