First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

how can I open snort alert.ids

  • retag add tags

Can I open the Snort alert.ids file in WireShark or do I need to configure Snort to create a different alerts log file?

JamaDad55's avatar
1
JamaDad55
asked 2020-12-03 16:49:14 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Wireshark can't open any Snort alert output format. Is there a format that contains full frames?

https://gitlab.com/wireshark/wireshar... describes how Wireshark can load pcap files and feed them through Snort, then show where/how in the capture any alerts were detected. The Snort post-dissector doesn't currently work for Windows.

MartinM's avatar
197
MartinM
answered 2020-12-03 22:33:28 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer