[Snort-users] snort signatures

praveen kundurthi praveen_kundurthi at ...131...
Sat Jul 31 00:07:15 EDT 2004


Hi
We simulated the snort signatures by creating the TCP
packets, UDP packets, IP and ICMP..We were exactly
simulating the signature rules by using a traffic
generator which generates a particular TCP or UDP or
IP or ICMP packets..Then we are catching those packets
using Ethereal..Then we are modifying the packets
using a Hex editor to exactly simulate a signature
rule..

Here is a problem for me..I created a directory
packets which got sub-directories like TCP, UDP IP and
ICMP..I got the packets in the respective
directories..Our engine will read the packet as a
file, runs  and we got to give the SID of the packet
as the command line and our engine will generate an
alarm...How can I automate it..
I mean if I give UDP as the command line argument
engine should go through the directory and read all
the packets and generate alarms..same for TCP <IP and
ICMP..Can I get a code for that..

Regards


		
_______________________________
Do you Yahoo!?
Express yourself with Y! Messenger! Free. Download now. 
http://messenger.yahoo.com




More information about the Snort-users mailing list