[Snort-users] Testing Snort

Josh Bitto jbitto at ...16055...
Wed Jan 30 12:28:35 EST 2013

Well I have snort running on a test lab to see how well it actually runs. I figured out my problem that I had in pfsense. I had to bridge my WAN and LAN together for snort to actually start. That being said I can see alerts and that all works. Now my real work is to be started and test to make sure that snort runs ok with our network. So I want to similate bad traffic so I can so my boss and say hey this works let's use it... 

-----Original Message-----
From: Jeremy Hoel [mailto:jthoel at ...11827...] 
Sent: Wednesday, January 30, 2013 9:25 AM
To: Josh Bitto
Cc: Snort Users
Subject: Re: [Snort-users] Testing Snort

If you want to see if it alerts on packets in general, you can load PCAPs from a number of sources and read them through to see if the rules fire.  If you want to see that it's seeing network traffic and alerting, you can make a local rule for something and then send that traffic and see if that fires.

Otherwise, what are you trying to test?

On Wed, Jan 30, 2013 at 5:17 PM, Josh Bitto <jbitto at ...16055...> wrote:
> Does anyone know of a good tool to use to test my IPS? I know of 
> Metasploit...but I'm not sure if there is something that is better or 
> something broader in spectrum to test.
> ----------------------------------------------------------------------
> -------- Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics Download AppDynamics Lite 
> for free today:
> http://p.sf.net/sfu/appdyn_d2d_jan
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!

More information about the Snort-users mailing list