Is there any tool or method to separate normal traffic and malicious traffic from pcap? For example : if malicious traffic detected with snort i need to store those packets .only if malicious traffic . if ($pcap==snort.signature(i mean it's malicious) then store this packet.sorry for my bad english. .Thanks for respond. asked 30 Nov '14, 11:16  Chinguun |
One Answer:
If you're trying to confirm if there's a way to use Snort filters in Wireshark when reading a packet capture file, sorting by one Snort rule or another, I haven't used it myself but there is a plugin to allow for this within Wireshark: http://www.honeynet.org/node/790 answered 01 Dec '14, 16:03  Quadratic |
thanks for respond.But git link doesnt work .how solve this ?