I am new to using snort and still learning in university. I am wondering after I find an intrusion how can I log it and save it as a pcap file? What would the syntax look like to do this? So I can analyze it further with Wireshark. I am doing what the guy is doing in the video below with two virtual machines. This is for an at home lab. Here is the video,
Asked
Active
Viewed 249 times
1 Answers
1
The command is cd /var/log/snort for the file path. Once you have this you can open Wireshark and just follow this file path and open the pcap files.
Jeff Schaller
- 66,199
- 35
- 114
- 250
Albion69
- 21
- 3