I'm having a pcap file, and what i wanted to know is how can i apply the Snortrule below which i've already written within the rules folder in ma log folder:
alert icmp any any -> any any (msg:"TCP Packet"; sid:477; rev:3;)
How can i execute this rule over the pcap file i have? This is just a sample rule but what exactly i want to know is to filter the packets within the pcap file using the snort rule?
Any help would be appreciated.
Aucun commentaire:
Enregistrer un commentaire