Snort download pcap file
-
Hi,
I am running PFSense V 2.3.4-RELEASE-p1 and snort 3.2.9.5_1 and I am looking for a way to download the PCAP file so that i can see more information regarding the blocked hosts.
I have looked in VAR/Logs/Snort/ but i am unable to find anything.
Any help would be appreciated.
Cheers,
CPT_N3m0
-
You need to run u2boat to convert them to a wireshark pcap format :-
u2boat snort_51260_igb0_vlan2.u2.1507590514 pcap.cap
You can view them via :-
u2spewfoo snort_51260_igb0_vlan2.u2.1507590514
The directories will start snort_IF-NAME*