[Snort-users] signature testing (win32)

Robby Desmond rdesmond at ...6547...
Sun Sep 15 18:31:01 EDT 2002

At 12:06 AM 9/11/02 +0000, netsec novice wrote:
>Have SNORT/ACID set up and would like to verify that I'm detecting traffic 
>on required subnets.  I have seen reference to a tool called 'sneeze' that 
>will generate false alarms but I have not been able to find it.  Is there 
>another way I can verify my setup by creating alerts that won't be destructive?


4.18 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: How do I test snort alerts and logging?

A: Try a rule that will fire off all the time like:
         alert tcp any any -> any any (msg:"TCP traffic";)
Also take a look at sneeze at http://snort.sourceforge.net/sneeze-1.0.tar 
Sneeze is a false positive generator that reads snort signatures and 
generates packets that will
trigger the rules.
  --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--

To quote an amazingly useful resource.

Robert Desmond
Systems Administrator
UCSB Extended Learning Services

More information about the Snort-users mailing list