[Snort-users] pcaps for triggering rules

Tony Robinson deusexmachina667 at ...11827...
Fri Aug 24 03:26:54 EDT 2012


Hm... I just looked for rules2alerts tool via google search and wasn't able
to find it, with quotation marks and all. I consider my google-fu decent,
but there's a chance I could be completely off base here and not searching
for the right thing.

I'm interested in this tool -- could you provide a link for it? copied the
mailing list because this could be useful to everyone here.

Thanks!

-Tony/da667

On Fri, Aug 24, 2012 at 3:15 AM, Gmail Personal <mainmen1985 at ...11827...>wrote:

> Pratik,
>
> Google for "rules2alerts". As long as your rules are currently in the
> Emerging Threats or sourcefire rule set, you can just create a custom rule
> set with the rules you want to test, run rules2alerts and you're set
>
> If you want specific rules from your local.rules set, then I suggest
> Scapy, too
>
> That might do the job*
> *
>
> *Emeka* Agu | Sent from  *iPad*
>
> On 24 Aug 2012, at 07:26, Pratik Narang <pratik.cse.bits at ...11827...> wrote:
>
> Dear Snort users,
>
> A good deal of Snort rules do a 'content' check.
> Can I use some utility so that I may be able to craft or tamper
> packets just to suit them to trigger Snort rules of my choice?
> Essentially, I guess, I am asking if I can create sample pcaps or
> modify actual pcap captures which will trigger certain rules.
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>



-- 
when does reality end? when does fantasy begin?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120824/f7767f5e/attachment.html>


More information about the Snort-users mailing list