[Snort-users] Debugging Snort rules locally, is there a way around loopback?

jon baer security at ...9153...
Tue Sep 2 08:45:07 EDT 2003


normally I ended up using nemesis (creating the payload with hex2bin) ...

http://www.packetfactory.net/projects/nemesis/

nemesis tcp -S 10.10.10.10 -P payload

or using the -D flag w/ nmap ...

- jon

----- Original Message -----
From: "Digisec Ezine" <digisec_ezine at ...125...>
To: <snort-users at lists.sourceforge.net>
Sent: Tuesday, September 02, 2003 11:02 AM
Subject: [Snort-users] Debugging Snort rules locally, is there a way around
loopback?


> Is there a way to test snort rules on the same (Windows) machine that
snort
> is located on? I know that because of loopback, no packet that is sent to
a
> local address is actually sent over the interface snort monitors. Does
> anyone know a way to test locally?
>
> Tatsu
>
> _________________________________________________________________
> Get MSN 8 and help protect your children with advanced parental controls.
> http://join.msn.com/?page=features/parental
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>





More information about the Snort-users mailing list