[Snort-users] Testing Snort functionality, or, how do I know if Snort really works?

Ricky Huang rhuang.work at ...11827...
Wed Mar 6 13:11:12 EST 2013

Hello all,

Following the abundant info/instructions on snort.org, I have set up Snort on my server with basic configurations, loaded the latest (registered user) Sourcefire-VRT rules, and it is currently running according to the "status" argument.

Now for the very n00b question, how do I know Snort actually works?

I meant is there a test intrusion suite that will run again a snort-protected server for validation?  How does one test to see if a rule established by Sourcefire is in fact, in effect?  It would not make sense for me to sit around waiting for attacks, right?

I apologize if this seem like a noob question, but it is my first experience setting up IDS/IPS.

Thanks in advance.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130306/193cbb15/attachment.html>

More information about the Snort-users mailing list