/snort/2990/bin/snort -c /snort/2990/etc/jiwo.conf -k none -r /cap/test.pcap
主要注意 -k none 关掉checksum检测。
-k参数如下:
-k <mode> Checksum mode (all,noip,notcp,noudp,noicmp,none)