[Snort-users] pcaps for triggering rules

waldo kitty wkitty42 at ...14940...
Fri Aug 24 02:39:57 EDT 2012


On 8/24/2012 02:26, Pratik Narang wrote:
> Dear Snort users,
>
> A good deal of Snort rules do a 'content' check.
> Can I use some utility so that I may be able to craft or tamper
> packets just to suit them to trigger Snort rules of my choice?
> Essentially, I guess, I am asking if I can create sample pcaps or
> modify actual pcap captures which will trigger certain rules.

while i cannot remember the name of the tool i am thinking of, there is, as was 
pointed out to me some time ago, a tool that can craft a pcap specific to the 
rule you are wanting to test...

i'm pretty sure that someone will pop up with the name if this tool but if they 
do not in a few days, let me know and i will search my several years of archives 
to find it ;)




More information about the Snort-users mailing list