[Snort-users] Testing snort

Dragos Ruiu dr at ...381...
Thu Sep 6 13:27:02 EDT 2001


4.18 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: How do I test snort alerts and logging?

A: Try a rule that will fire off all the time like:

   alert tcp any any -> any any (msg:"TCP traffic";)

 
cheers,
--dr

On Thu, 06 Sep 2001, Travis Farmer wrote:
> What is the best (and easiest) way to test snort?
> I am using the ruleset from the snort downloads page (with the addition of a 
> ftp check for root login).
> i wan't to check the alert recording. (viewable via snortreport)
> 
> I have tried a few things (from a remote winblows machine) but i can't seem 
> to cause an alert.
> 
> ~Travis
> 
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
Dragos Ruiu <dr at ...50...>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net or at http://dursec.com/drkey.asc




More information about the Snort-users mailing list