[Snort-users] how to create testing data files??

Rob MacGregor rob.macgregor at ...11827...
Sat Aug 14 16:31:38 EDT 2010


On Sat, Aug 14, 2010 at 20:35, waldo kitty <wkitty42 at ...14940...> wrote:
> how can we create data files and test rules without having to create pcaps? i've
> tried creating a file with some test strings in it and feeding it to snort via
> the various pcap reading methods but snort always whines "bad dump file format"
> and quits...
>
> the snort 2.8.6.1 manual specifically states, in section 1.7.2 at the bottom of
> page 16...
>
> [quote] Note that Snort will not try to determine whether the files under that
> directory are really pcap files or not. [/quote]
>
> that indicates that we can create a "text" file and feed it to snort... what am
> i missing??

Try rule2alert (https://code.google.com/p/rule2alert/), which will
generate a pcap file for the rule you provide.

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche




More information about the Snort-users mailing list