[Snort-users] how to create testing data files??
rob.macgregor at ...11827...
Sat Aug 14 16:31:38 EDT 2010
On Sat, Aug 14, 2010 at 20:35, waldo kitty <wkitty42 at ...14940...> wrote:
> how can we create data files and test rules without having to create pcaps? i've
> tried creating a file with some test strings in it and feeding it to snort via
> the various pcap reading methods but snort always whines "bad dump file format"
> and quits...
> the snort 22.214.171.124 manual specifically states, in section 1.7.2 at the bottom of
> page 16...
> [quote] Note that Snort will not try to determine whether the files under that
> directory are really pcap files or not. [/quote]
> that indicates that we can create a "text" file and feed it to snort... what am
> i missing??
Try rule2alert (https://code.google.com/p/rule2alert/), which will
generate a pcap file for the rule you provide.
Please keep list traffic on the list.
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
More information about the Snort-users