[Snort-users] pcaps for triggering rules
wkitty42 at ...14940...
Fri Aug 24 02:39:57 EDT 2012
On 8/24/2012 02:26, Pratik Narang wrote:
> Dear Snort users,
> A good deal of Snort rules do a 'content' check.
> Can I use some utility so that I may be able to craft or tamper
> packets just to suit them to trigger Snort rules of my choice?
> Essentially, I guess, I am asking if I can create sample pcaps or
> modify actual pcap captures which will trigger certain rules.
while i cannot remember the name of the tool i am thinking of, there is, as was
pointed out to me some time ago, a tool that can craft a pcap specific to the
rule you are wanting to test...
i'm pretty sure that someone will pop up with the name if this tool but if they
do not in a few days, let me know and i will search my several years of archives
to find it ;)
More information about the Snort-users