Revision history  [back]

Wireshark can't open any Snort alert output format. Is there a format that contains full frames?

https://gitlab.com/wireshark/wireshark/-/wikis/Snort describes how Wireshark can load pcap files and feed them through Snort, then show where/how in the capture any alerts were detected. The Snort post-dissector doesn't currently work for Windows.