[Snort-users] how to create testing data files??

waldo kitty wkitty42 at ...14940...
Sat Aug 14 18:43:58 EDT 2010


On 8/14/2010 16:31, Rob MacGregor wrote:
> On Sat, Aug 14, 2010 at 20:35, waldo kitty<wkitty42 at ...14940...>  wrote:
>> how can we create data files and test rules without having to create pcaps? i've
>> tried creating a file with some test strings in it and feeding it to snort via
>> the various pcap reading methods but snort always whines "bad dump file format"
>> and quits...
>>
>> the snort 2.8.6.1 manual specifically states, in section 1.7.2 at the bottom of
>> page 16...
>>
>> [quote] Note that Snort will not try to determine whether the files under that
>> directory are really pcap files or not. [/quote]
>>
>> that indicates that we can create a "text" file and feed it to snort... what am
>> i missing??
>
> Try rule2alert (https://code.google.com/p/rule2alert/), which will
> generate a pcap file for the rule you provide.
>

very interesting! have grabbed it and attempting to grok the docs for it and 
scapy... thanks!!





More information about the Snort-users mailing list