[Snort-users] Problem with acquiring traffic

Alex Adamos alexthakidadam at ...125...
Sat Feb 23 16:07:28 EST 2013


Tried something else...i can do what i want by capturing eht0 traffic, sending the packets to my Host's IP and then portforward to my web server (the Guest machine). But then i get traffic that i dont want to...could i filter out the rest of eth0 ?

From: alexthakidadam at ...125...
To: wkitty42 at ...14940...; snort-users at lists.sourceforge.net
Date: Sat, 23 Feb 2013 22:03:24 +0200
Subject: Re: [Snort-users] Problem with acquiring traffic







> Date: Sat, 23 Feb 2013 14:12:43 -0500
> From: wkitty42 at ...14940...
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Problem with acquiring traffic
> 
> On 2/23/2013 13:58, Alex Adamos wrote:
> > Hello!!
> >
> > i wrote my own preprocessor to track flows to a webserver and determine whether
> > the server is under a slow http DoS attack. Now i want to test my preprocessor
> > and see "how many fish i can get" (greek one, :p)!! I've installed Snort in an
> > Ubuntu virtualBox Guest (the Host is a Windows7). To automate the tests i wrote
> > a bash script that every time starts Snort (with a different configuration for
> > my preprocessor) and starts the attack/s. So the Snort installation and the
> > attacker/s should be on the same machine. For this reason, I thought that i
> > should capture traffic from the lo interface. But so far, i can't get any of the
> > attacker's packets.
> 
> are you sending to/from 127.0.0.1? if not, there's nothing on lo to see...
> 
yes, in tcpdump its localhost.*** -> localhost.http

> 
> 
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_feb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
 		 	   		  

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news! 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130223/f18c918b/attachment.html>


More information about the Snort-users mailing list