[Snort-users] signature testing (win32)

Matt Kettler mkettler at ...4108...
Tue Sep 10 17:37:03 EDT 2002


you can use pings and turn on the icmp_info.rules file (with several ping 
detecting rules in it) if you just want to verify you're seeing traffic.

Not a very substantial test, but verifies you see the traffic.

At 12:06 AM 9/11/2002 +0000, netsec novice wrote:
>Have SNORT/ACID set up and would like to verify that I'm detecting traffic 
>on required subnets.  I have seen reference to a tool called 'sneeze' that 
>will generate false alarms but I have not been able to find it.  Is there 
>another way I can verify my setup by creating alerts that won't be destructive?
>
>thanks





More information about the Snort-users mailing list