[Snort-users] signature testing (win32)
rdesmond at ...6547...
Sun Sep 15 18:31:01 EDT 2002
At 12:06 AM 9/11/02 +0000, netsec novice wrote:
>Have SNORT/ACID set up and would like to verify that I'm detecting traffic
>on required subnets. I have seen reference to a tool called 'sneeze' that
>will generate false alarms but I have not been able to find it. Is there
>another way I can verify my setup by creating alerts that won't be destructive?
4.18 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
Q: How do I test snort alerts and logging?
A: Try a rule that will fire off all the time like:
alert tcp any any -> any any (msg:"TCP traffic";)
Also take a look at sneeze at http://snort.sourceforge.net/sneeze-1.0.tar
Sneeze is a false positive generator that reads snort signatures and
generates packets that will
trigger the rules.
--faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
To quote an amazingly useful resource.
UCSB Extended Learning Services
More information about the Snort-users