[Snort-sigs] Windows Snort

FRANK SORNATALE sornatale at ...12...
Wed Mar 15 11:46:01 EST 2006


I have figured out some rules in for my snort question:

I am trying to test my rules in snort:  I am using windows and doing 
everything from the command line.  This is what my teacher says to do:

------------------------------------------------------------------------------------------------------------------------------------------
Deliverable:  You are to upload your Snort alert file  (NOT THE RULES FILE). 
Name the file:

<firstname>.<lastname>.alert.txt

At the top of the alert file, you should list how many packets tripped each 
rule (that is, how many times the alert appeared in your alert file). NOTE: 
There may be one or more rules below that do not match any packets in the 
file.

Create your own rule set, call it myrules.rules. Place this ruleset into the 
Snort rules directory.  Update the snort.conf file so that it points to 
Snorts rule directory.

Here's how to run Snort against the packet capture file:

# snort -c /etc/snort/snort.conf -k ASCII -r assgn3.pcap

or you may indicate the log directly at the commandline:

# snort -c /etc/snort/snort.conf -l ./log -k ASCII -r assgn3.pcap

-------------------------------------------------------------------------------------------------------------------------------------------

I keep getting the output of the alert.ids from the log file.  Using the 
command:

C:\snort\bin> snort -c ../etc/snort/snort.conf -l ../log -k ASCII -r 
assgn3.pcap

How do I test my rules:  I created a text file with my rules as 
firstname.lastname.alert.txt

How do I get it to run the rules I created?

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee� 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963





More information about the Snort-sigs mailing list