EC-Council Certified Security Analyst (ECSA v8) — Question 2

Which one of the following Snort logger mode commands is associated to run a binary log file through Snort in sniffer mode to dump the packets to the screen?

Answer options

• A. ./snort -dvr packet.log icmp
• B. ./snort -dev -l ./log
• C. ./snort -dv -r packet.log
• D. ./snort -l ./log –b

Correct answer: C

Explanation

The correct answer is C, as it uses the '-r' option to read from the binary log file 'packet.log' and the '-dv' options to display packet details on the screen. Option A is incorrect because it specifies 'icmp', which limits the output to ICMP packets only. Option B lacks the necessary '-r' option for reading a log file, and option D uses '-l' for logging rather than displaying packets directly.