[Snort-users] Fw: re: darpa dataset problem(zero alert)

mehdi maleki mehdimlk2003 at ...131...
Thu Aug 7 01:56:42 EDT 2014







I've tested snort with adding general rule such (alert icmp any any -> any any (msg: "test";sid=) ) and it working well in generating alert but with default rule set it generate no alert for darpa dataset pcap files!

it seems default rule set doesn't generate even one alert  for old darpa dataset. i don't know why? 

I’ve read faq but there is any solution for my problem. I’ve used 
registered user rule set.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140806/55a044ca/attachment.html>


More information about the Snort-users mailing list