<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
There are lots of places to get pcaps for use in Snort.  The Darpa set, while dated, is a good place to start.  Other repositories like VirusTotal or
<a href="http://pcapr.net" class="">pcapr.net</a> are good places to go.
<div class=""><br class="">
<div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div class=""><b style="font-family: Calibri, sans-serif; font-size: 10px;" class=""><font color="#5e5e5e" class="">--</font></b></div>
<div style="font-size: 14px;" class=""><b style="font-family: Calibri, sans-serif; font-size: 12px;" class=""><font color="#5e5e5e" class="">Joel Esler </font></b><span style="font-family: Calibri, sans-serif; font-size: 12px;" class="">| </span><b style="font-family: Calibri, sans-serif; font-size: 12px;" class=""><font color="#0096ff" class="">Talos:</font></b><span style="font-family: Calibri, sans-serif; font-size: 12px;" class=""> M</span><font color="#424242" style="font-family: Calibri, sans-serif; font-size: 12px;" class="">anager
 | <a href="mailto:jesler@...3865..." class="">jesler@...3865...</a></font></div>
<div class=""><font color="#424242" style="font-family: Calibri, sans-serif; font-size: 10px;" class=""><br class="">
</font></div>
</div>
<br class="Apple-interchange-newline">
</div>
<br class="Apple-interchange-newline">
</div>
<br class="Apple-interchange-newline">
<br class="Apple-interchange-newline">
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On Nov 19, 2016, at 2:08 AM, 刘强 <<a href="mailto:liuqiang40@...1318..." class="">liuqiang40@...1318...</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div style="line-height: 1.7; font-size: 14px; font-family: Arial;" class="">Hi<br class="">
<div class=""><br class="">
The purpose is to show basic IDS ability.<br class="">
1. ddos attack<br class="">
2. SQL inject<br class="">
3. Web attack<br class="">
and so on.<br class="">
<br class="">
Could you please kindly provide some precious advice?<br class="">
<br class="">
Thanks so much.<br class="">
</div>
<div style="position:relative;zoom:1" class=""></div>
<div id="divNeteaseMailCard" class=""></div>
<br class="">
At 2016-11-19 12:14:40, "Joel Esler (jesler)" <<a href="mailto:jesler@...3865..." class="">jesler@...3865...</a>> wrote:<br class="">
<blockquote id="isReplyContent" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid" class="">
<div class="">Which rules are you trying to trigger?<br class="">
<br class="">
--
<div class="">Sent from my iPhone</div>
</div>
<div class=""><br class="">
On Nov 18, 2016, at 10:12 PM, 刘强 <<a href="mailto:liuqiang40@...1318..." class="">liuqiang40@...1318...</a>> wrote:<br class="">
<br class="">
</div>
<blockquote type="cite" class="">
<div class="">
<div style="line-height: 1.7; font-size: 14px; font-family: Arial;" class="">
<div class="">Hi,<br class="">
<br class="">
We need show a demo to our customer the IDS ability of snort. <br class="">
<br class="">
</div>
<div class="">Where can I find some pcap samples to trigger the rules?<br class="">
<br class="">
Thanks a lot.<br class="">
</div>
<br class="">
<br class="">
<br class="">
<div style="position:relative;zoom:1" class=""></div>
<div class=""></div>
<br class="">
在 2016-11-18 00:06:43,"Joel Esler (jesler)" <<a href="mailto:jesler@...3865..." class="">jesler@...3865...</a>> 写道:<br class="">
<blockquote id="isReplyContent" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid" class="">
It doesn’t.  Suricata cannot load Snort’s Dynamic Ruleset.  
<div class=""><br class="">
</div>
<div class=""><br class="">
<div class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div class=""><b style="font-family: Calibri, sans-serif; font-size: 10px;" class=""><font class="" color="#5e5e5e">--</font></b></div>
<div style="font-size: 14px;" class=""><b style="font-family: Calibri, sans-serif; font-size: 12px;" class=""><font class="" color="#5e5e5e">Joel Esler </font></b><span style="font-family: Calibri, sans-serif; font-size: 12px;" class="">| </span><b style="font-family: Calibri, sans-serif; font-size: 12px;" class=""><font class="" color="#0096ff">Talos:</font></b><span style="font-family: Calibri, sans-serif; font-size: 12px;" class=""> M</span><font style="font-family: Calibri, sans-serif; font-size: 12px;" class="" color="#424242">anager
 | <a href="mailto:jesler@...3865..." class="">jesler@...3865...</a></font></div>
<div class=""><font style="font-family: Calibri, sans-serif; font-size: 10px;" class="" color="#424242"><br class="">
</font></div>
</div>
<br class="Apple-interchange-newline">
</div>
<br class="Apple-interchange-newline">
</div>
<br class="Apple-interchange-newline">
<br class="Apple-interchange-newline">
</div>
<br class="">
<div style="" class="">
<blockquote type="cite" class="">
<div class="">On Nov 16, 2016, at 9:58 PM, 刘强 <<a href="mailto:liuqiang40@...1318..." class="">liuqiang40@...1318...</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div style="line-height: 1.7; font-size: 14px; font-family: Arial;" class="">
<div class="">Hi,<br class="">
<br class="">
How can I use the latest suricata to load the latest snort dynamic rules (so_rules)?<br class="">
<br class="">
Thanks a lot.<br class="">
</div>
<br class="">
<br class="">
<br class="">
<blockquote id="isReplyContent" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid" class="">
<div class="__aliyun_email_body_block">
<div class="__aliyun__bigattach" style="padding:1px;color:#333;font-size:12px;border:1px solid #C1D9F3;margin:5px 10px;">
<div style="height:33px;line-height:33px;background-color:#ededed;white-space:nowrap;" class="">
<span style="padding-left:16px;font-size:14px;font-weight:bold" class="">超大附件列表</span>‍
</div>
<div style="min-height:62px;padding-left:68px;position:relative;" class="">
<div style="width:48px;height:48px;position:absolute;top:0;left:0;padding:7px 10px;" class="">
<img src="https://qiye.aliyun.com/reference/images/filetypes/v4_null.png" class="" height="48" border="0" width="48">
</div>
<div style="line-height:24px;height:24px;padding-top:7px;overflow:hidden;white-space:nowrap;text-overflow:ellipsis;" class="">
<span style="vertical-align:middle;" title="snortrules-snapshot-2983.tar(205.6MB)" class="">snortrules-snapshot-2983.tar<span style="color:#888;padding-left:15px;" class="">[205.6MB]</span></span>‍
</div>
<div style="line-height:24px;height:24px;overflow:hidden;white-space:nowrap;" class="">
<a target="_blank" style="vertical-align:middle;color:#3697C8;text-decoration:none;" href="https://qiye.aliyun.com/alimail/openLinks/downloadMimeMetaDiskBigAttach?id=%2F%23user%2FDzzzzzzNqZx%3B0d2qyL%2FycBwlu77HMcINyQ%2B2WK57VTwEZKPG0RwecJQmUnb%2BBwr6PmOmjudCr%2FeymowAPoL0GD%2B%2BZJVyvnNtWg%3D%3D" class="">进入下载页面</a>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br class="">
<br class="">
<span title="neteasefooter" class="">
<div class=""> <br class="webkit-block-placeholder">
</div>
</span>------------------------------------------------------------------------------<br class="">
_______________________________________________<br class="">
Snort-sigs mailing list<br class="">
<a href="mailto:Snort-sigs@lists.sourceforge.net" class="">Snort-sigs@lists.sourceforge.net</a><br class="">
<a href="https://lists.sourceforge.net/lists/listinfo/snort-sigs" class="">https://lists.sourceforge.net/lists/listinfo/snort-sigs</a><br class="">
<br class="">
<a href="http://www.snort.org/" class="">http://www.snort.org</a><br class="">
<br class="">
Please visit <a href="http://blog.snort.org/" class="">http://blog.snort.org</a> for the latest news about Snort!<br class="">
<br class="">
Visit the <a href="http://snort.org/" class="">Snort.org</a> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href="
<a href="https://snort.org/downloads/#rule-downloads" class="">https://snort.org/downloads/#rule-downloads</a>">emerging threats</a>!</div>
</blockquote>
</div>
<br class="">
</div>
</blockquote>
</div>
<br class="">
<br class="">
<span title="neteasefooter" class="">
<div class=""> <br class="webkit-block-placeholder">
</div>
</span></div>
</blockquote>
</blockquote>
</div>
<br class="">
<br class="">
<span title="neteasefooter" class="">
<div class=""> <br class="webkit-block-placeholder">
</div>
</span></div>
</blockquote>
</div>
<br class="">
</div>
</body>
</html>