[Snort-users] Re: Testing snort

gary.smith at ...3189... gary.smith at ...3189...
Fri Sep 7 01:29:02 EDT 2001


>What is the best (and easiest) way to test snort?
>I am using the ruleset from the snort downloads page (with the addition of
a 
>ftp check for root login).
>i wan't to check the alert recording. (viewable via snortreport)

You could try running SNOT which generates packets based on SNORT rulesets,
this would allow you to test _all_ of your rules are being triggered.

http://www.sec33.com/sniph/

Its billed as an attack tool but it shoud give your probes a workout as well
;>

--Gary;


**********************************************************************
Information contained herein is the sole responsibility of the Individual
sending the message. No responsibility is admitted by Scottish Amicable
for any loss or damage incurred through use of the email. In addition, no
statement should be construed as giving investment advice within or
outside the United Kingdom.
An email reply to this address may be subject to interception or monitoring
for operational reasons or for lawful business practices.
*********************************************************************




More information about the Snort-users mailing list