[Snort-users] Testing snort

Nick Moore nmoore at ...1935...
Thu May 24 08:19:56 EDT 2012


Sandip,

I have only used it in Linux and Mac OSX. I have to confess that I haven't
used Windows as my primary workstation for over six years and am not
familiar with current tools for it. The website mentions Cygwin, which if I
remember correctly creates a Linux-like environment for Windows. So you're
pretty much back to square one.

If there are other users on the list who are more knowledgable regarding
Windows and available tcpreplay-like utilities, please chime in.

Regarding installation instructions, installing from source is pretty much
the same as any package:

   - tar -zxvf tcpreplay-3.x.x.tar.gz
   - cd tcpreplay-3.x.x
   - ./configure && make && make install

If you run Debian or Ubuntu, you can use apt-get. Most RPM based distro's
should have tcpreplay. (blatantly plagiarizing from the website).

To quote Marty Roesch "Learn to use Linux. Like eating your broccoli, it's
good for you." A really good start would be to download a Snort set up doc
for Ubuntu or CentOS and follow it through. David Gullet has done a much
better job than I on keeping up with current releases with his Ubuntu doc.

Happy Snorting!

Nick

On Thu, May 24, 2012 at 6:30 AM, Sandip Bankewar
<sbankewar at ...15479...>wrote:

>  Hi Nick,****
>
> ** **
>
> I am new to this. Could you please provide me steps for installation or Is
> there any windows tool?****
>
> ** **
>
> ** **
>
> *From:* Nick Moore [mailto:nmoore at ...1935...]
> *Sent:* 24 May 2012 16:44
> *To:* Sandip Bankewar
> *Subject:* Re: [Snort-users] Testing snort****
>
> ** **
>
> Sandip, ****
>
> ** **
>
> Please try tcpreplay. ****
>
> ** **
>
> http://tcpreplay.synfin.net/****
>
> ** **
>
> Happy Snorting!****
>
> ** **
>
> Nick****
>
> On Thu, May 24, 2012 at 5:04 AM, Sandip Bankewar <
> sbankewar at ...15479...> wrote:****
>
> Hi All,****
>
>  ****
>
> I want to test snort using large packets.****
>
> I started wireshark and started to capture traffic. I am planning to save
> .pcap file and load it into a system running snort.****
>
> My question is how can I load .pcap or wireshark file to that system?****
>
> Is there any tool?****
>
>  ****
>
> Is there any other method to test it?****
>
>  ****
>
>  ****
>
> Regards,****
>
> Sandip Bankewar****
>
>  ****
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!****
>
>
>
> ****
>
> ** **
>
> --
> Nick Moore, SFCE, CISSP, CISA
> Sr. Systems Engineer
> Voice 708-336-9041
> Email nick.moore at ...1935...
> IM    nickgmoore (Yahoo)
>        nickgmoore38 (AIM)
>
>     ,,_
>    o"  )~   Sourcefire - The Creators of Snort
>     ''''
>
> www.sourcefire.com         www.snort.org     www.immunet.com****
>



-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore at ...1935...
IM    nickgmoore (Yahoo)
       nickgmoore38 (AIM)

    ,,_
   o"  )~   Sourcefire - The Creators of Snort
    ''''

www.sourcefire.com         www.snort.org     www.immunet.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120524/b98cf713/attachment.html>


More information about the Snort-users mailing list