[Snort-users] Testing Snort

Jeremy Hoel jthoel at ...11827...
Wed Jan 30 12:44:59 EST 2013


Then you best bet is to through a scan or known bad traffic at a
target.. so it cross the wire and you can see it as expected.  There's
lots of different tools to do that.

Or, write a custom rule looking for a payload and use hping to send
that payload.  Then you've verified that your local rules are working
and that it sees traffic on the wire from one host to another.

On Wed, Jan 30, 2013 at 5:28 PM, Josh Bitto <jbitto at ...16055...> wrote:
> Well I have snort running on a test lab to see how well it actually runs. I figured out my problem that I had in pfsense. I had to bridge my WAN and LAN together for snort to actually start. That being said I can see alerts and that all works. Now my real work is to be started and test to make sure that snort runs ok with our network. So I want to similate bad traffic so I can so my boss and say hey this works let's use it...
>
>
>
> -----Original Message-----
> From: Jeremy Hoel [mailto:jthoel at ...11827...]
> Sent: Wednesday, January 30, 2013 9:25 AM
> To: Josh Bitto
> Cc: Snort Users
> Subject: Re: [Snort-users] Testing Snort
>
> If you want to see if it alerts on packets in general, you can load PCAPs from a number of sources and read them through to see if the rules fire.  If you want to see that it's seeing network traffic and alerting, you can make a local rule for something and then send that traffic and see if that fires.
>
> Otherwise, what are you trying to test?
>
> On Wed, Jan 30, 2013 at 5:17 PM, Josh Bitto <jbitto at ...16055...> wrote:
>> Does anyone know of a good tool to use to test my IPS? I know of
>> Metasploit...but I'm not sure if there is something that is better or
>> something broader in spectrum to test.
>>
>>
>>
>>
>>
>>
>> ----------------------------------------------------------------------
>> -------- Everyone hates slow websites. So do we.
>> Make your web apps faster with AppDynamics Download AppDynamics Lite
>> for free today:
>> http://p.sf.net/sfu/appdyn_d2d_jan
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_jan
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list