Pregunta
I ran snort as follows
https://stackoverflow.com/questions/19325318
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiansudo /usr/sbin/snort -m 027 -b -l ./snortLog -u OtagoHarbour -c /etc/snort/snort.conf -S HOME_NET=[192.168.0.0/16] -i eth0
./snortLog received the files alert and snort.log.1381507400. I want to examine the log file with WireShark. I started up WireShark, chose Import and entered the name of the log file in the Input Filename field. Then I clicked OK. I got a message about saving the previous captured packets. I selected "Continue without saving" and it proceeded with no error messages. However the packet listing window is completely empty.
Solución
What version of Wireshark are you using ?
In any case, if you just "started up Wireshark" and opened a file you should not have gotten any message about "saving previous captured packets".
To read an existing pcap(tcpdump) binary file (which is what I think you have since you specified -b to snort).
