[Snort-users] Snort, php, MySQL and acid showing no activity

Phil Wood cpw at ...440...
Fri Aug 23 11:48:05 EDT 2002


To Whom It May Concern,

Assuming you are on a linux system, or have one available with
netcat installed ...

Add this to your conf file (for test purposes only):

  config classification: testing,Your test succeeded,4
  alert udp any any -> 192.168.1.242 1234 (msg: "Test Snort System"; content: "excuse me"; classtype: testing; sid:40002; rev:1;)

Restart your snort.

Then, on some machine which can generate traffic to the network your
sensor is on:

  % echo excuse me | /usr/bin/nc -u 192.168.1.242 1234

You should see the following in your alert file (assuming fast
alerts are being used):

  08/23-12:27:12.509001  [**] [1:40002:1] Test Page System [**] [Classification: Your test succeeded] [Priority: 4] {UDP} 192.168.114.97:37085 -> 192.168.1.242:1234

You might need to use a routable host address rather than 192.168.1.242.
Pick an unused, or not, address on the network you are sniffing.

Later,

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list