[Snort-users] Testing Snort

Martin Holste mcholste at ...11827...
Sun Mar 4 13:57:55 EST 2012


I have a short how-to in a previous blog post of mine here:
http://ossectools.blogspot.com/2011/04/network-intrusion-detection-systems.html
under the section "Detecting Packet Drops."

On Sun, Mar 4, 2012 at 12:43 PM, Heine Lysemose <lysemose at ...11827...> wrote:
> Hi
>
> Try adding this to your local.rules
>
> alert tcp any any <> any 80 (msg: "Test rule"; sid: 1000001;)
>
> And start browsing a webpage.
>
> Or try browsing to, http://testmyids.com
>
> /Lysemose
>
> On Mar 4, 2012 7:19 PM, "Amit B" <amn0p at ...14399...> wrote:
>>
>> I have a few sensors that are sending alerts and a few not alerting at
>> all. Is there a way of running certain tests to make sure Snort is running
>> properly. I am aware of command line switch option to check on configuration
>> but I want to tip off a few rules, so rules deliberately. Can you please
>> suggest.
>>
>> Thanks,
>> Ams
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Virtualization & Cloud Management Using Capacity Planning
>> Cloud computing makes use of virtualization - but cloud computing
>> also focuses on allowing computing to be delivered as a service.
>> http://www.accelacomm.com/jaw/sfnl/114/51521223/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort
>> news!
>
>
> ------------------------------------------------------------------------------
> Virtualization & Cloud Management Using Capacity Planning
> Cloud computing makes use of virtualization - but cloud computing
> also focuses on allowing computing to be delivered as a service.
> http://www.accelacomm.com/jaw/sfnl/114/51521223/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list