Ask Your Question
0

how can I open snort alert.ids

asked 2020-12-03 16:49:14 +0000

JamaDad55 gravatar image

Can I open the Snort alert.ids file in WireShark or do I need to configure Snort to create a different alerts log file?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-12-03 22:33:28 +0000

MartinM gravatar image

Wireshark can't open any Snort alert output format. Is there a format that contains full frames?

https://gitlab.com/wireshark/wireshar... describes how Wireshark can load pcap files and feed them through Snort, then show where/how in the capture any alerts were detected. The Snort post-dissector doesn't currently work for Windows.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-12-03 16:49:14 +0000

Seen: 506 times

Last updated: Dec 03 '20

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2