[Snort-users] Problem with acquiring traffic

waldo kitty wkitty42 at ...14940...
Sat Feb 23 14:12:43 EST 2013


On 2/23/2013 13:58, Alex Adamos wrote:
> Hello!!
>
> i wrote my own preprocessor to track flows to a webserver and determine whether
> the server is under a slow http DoS attack. Now i want to test my preprocessor
> and see "how many fish i can get" (greek one, :p)!! I've installed Snort in an
> Ubuntu virtualBox Guest (the Host is a Windows7). To automate the tests i wrote
> a bash script that every time starts Snort (with a different configuration for
> my preprocessor) and starts the attack/s. So the Snort installation and the
> attacker/s should be on the same machine. For this reason, I thought that i
> should capture traffic from the lo interface. But so far, i can't get any of the
> attacker's packets.

are you sending to/from 127.0.0.1? if not, there's nothing on lo to see...






More information about the Snort-users mailing list