[Snort-users] darpa dataset problem(zero alert)

stephane.nasdrovisky at ...12261... stephane.nasdrovisky at ...12261...
Sun Aug 10 00:32:38 EDT 2014


default rules in windows = none (if your rules directory is empty, that’s your issue, otherwise, pulledpork may help)
commmunity rules: https://www.snort.org/downloads/community/community-rules.tar.gz (with a glitch in my browset:un added .tar)

other (newer ?) pcap archives:
http://packetlife.net/captures/
http://digitalcorpora.org/corpora/network-packet-dumps
http://wiki.wireshark.org/SampleCaptures#openSAFETY
http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/ : darpa
http://www.ist-mome.org/database/MeasurementData/?cmd=databrowse : registration required
http://sysdoccap.codeplex.com/wikipage?title=System%20Overview%20Document%20Scenario%20Captures

> I've tested snort with adding general rule such (alert icmp any any -> any any (msg: "test";sid=) ) and it working well in generating alert but
> with default rule set it generate no alert for darpa dataset pcap files!


 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140810/c4dc6305/attachment.html>


More information about the Snort-users mailing list