[Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection

Will Metcalf william.metcalf at ...2499...
Fri Sep 17 17:35:44 EDT 2010


Here are some more up-to-date data sets...

http://sourceforge.net/apps/mediawiki/networkminer/index.php?title=Publicly_available_PCAP_files

Additionally have a look at...

http://ictf.cs.ucsb.edu/data.php

Anybody else have any other good ones?  I like pcaps... they make me happy.. ;-)

Regards,

Will


On Fri, Sep 17, 2010 at 2:56 PM, Joel Ebrahimi <joel.ebrahimi at ...2499...> wrote:
> He is referring to the DARPA pcaps for IDS testing. You can get more info here:
>
>    http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/
>
> Basically you are using the -r flag to specify you are reading from a
> pcap file rather than an interface.
>
> // Joel
>
> On Fri, Sep 17, 2010 at 10:45 AM, Andres carrera
> <protoss_black88 at ...445...> wrote:
>>
>>
>>> Date: Fri, 17 Sep 2010 16:50:09 +0200
>>> From: Bernhard.Guillon at ...3094...
>>> To: protoss_black88 at ...445...
>>> CC: snort-devel at lists.sourceforge.net
>>> Subject: Re: [Snort-devel] Fwd: Re: Fwd: Re: Snort Anomaly Detection
>>>
>>> On 17.09.2010 16:01, Andres Carrera Rivera wrote:
>>> > I put preprocessor phad:
>>> > training_time 446400
>>> >
>>> >
>>> > on the snort.conf file, but when running snort, I got this ERROR:
>>> > Unknown preprocessor: "phad"
>>> >
>>> > snort, doesn't recognize PHAD?
>>> > How can I solve this problem..
>>> >
>>> >
>>>
>>> Ah, I forgot to add plugbase.c to my patch. I just fixed it and uploaded
>>> the patch to the old location :)
>>
>> ok so its the same file, in the same location, right?
>>
>> snort-2.8.6-spp_phad.diff, right?
>> and patch it as always
>>
>>
>>> Just redo the steps including the download.
>>>
>>> with
>>>
>>> preprocessor phad: training_time 14400
>>>
>>> and the DARPA set [1] (using -r switch) you will get some nice alerts :)
>>>
>>> Best regards
>>> Bernhard Guillon
>>>
>>> 1
>>>
>>> http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/data/1999/training/week1/monday/inside.tcpdump.gz
>>>
>>
>> Mmm I havent Work with the DARPA, How can I use, It work with snort Too?
>>
>> thanks, Andres Carrera
>>
>>
>> ------------------------------------------------------------------------------
>> Start uncovering the many advantages of virtual appliances
>> and start using them to simplify application deployment and
>> accelerate your shift to cloud computing.
>> http://p.sf.net/sfu/novell-sfdev2dev
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>




More information about the Snort-devel mailing list