[Snort-users] Way to generate alerts?

Joel Esler jesler at ...1935...
Thu Jan 17 12:02:00 EST 2013


Or you could just read the pcap with Snort's -r command.


On Jan 17, 2013, at 11:48 AM, Giles Coochey <giles at ...9346...> wrote:

> On 10/01/2013 22:46, Matthew Van Gent wrote:
>> administrator at ...16039...:~$ curl testmyids.com
>> uid=0(root) gid=0(root) groups=0(root)
>> administrator at ...16039...:~$
>>  
>> I do not see any alerts in snortreport.
>>  
>>  
>> 
> Which implies that the test has failed?
> 
> Another good test is to download a PCAP from one of these locations: http://code.google.com/p/security-onion/wiki/Pcaps
> 
> and using tcpreplay to fire them into your wires.
> -- 
> Regards,
> 
> Giles Coochey, CCNA, CCNAS
> NetSecSpec Ltd
> +44 (0) 7983 877438
> http://www.coochey.net
> http://www.netsecspec.co.uk
> giles at ...9346...
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130117/6a2fb4f1/attachment.html>


More information about the Snort-users mailing list