[Snort-users] dataset

Marcin Dulak marcin.dulak at ...11827...
Mon Apr 3 08:10:58 EDT 2017


pytbull -t ip-address-of-snort is run from the client machine and will send
the network traffic defined in the pytbull source code/config.cfg to snort.
The client wants ftp server running on snort in order to fetch the
snort:/var/log/snort/alert_fast.txt file.
This usage of pytbull is described at https://github.com/marcindu
lak/vagrant-snort-nfqueue-tutorial-centos7

Start from the pytbull setup ignoring the malicious payloads for the moment
(called clientSideAttacks in pytbull/conf/config.cfg),
and verify (e.g. with tcpdump on the client and snort) that pytbull
generates the expected traffic.

Later, if you also want to test whether snort detects malicious payloads
see https://www.youtube.com/watch?v=_zS1f-F9niw
This shows the use of pytbull-server.py on the snort machine for opening a
reverse shell for downloading the malicious files from dropbox.

I BCC also the author of pytbull - maybe he is still still active on that
emails.

Marcin

On Mon, Apr 3, 2017 at 11:01 AM, Mojtaba Haghighipour <
moj.haghighipour at ...11827...> wrote:

> Thanks for your reply...
> It's a very good suggestion for me but how to work with it?I read the
> documentation page for that but didn't understand how to work with.
> How to config‎ure server and client to start these tests?
>
>
> Sent from my BlackBerry 10 smartphone.
> *From: *Marcin Dulak
> *Sent: *Tuesday, March 14, 2017 02:36
> *To: *Mojtaba Haghighipour
> *Cc: *snort-users mailinglist
> *Subject: *Re: [Snort-users] dataset
>
>
>
> On Sat, Mar 11, 2017 at 8:00 PM, Mojtaba Haghighipour <
> moj.haghighipour at ...11827...> wrote:
>
>> hi
>> why question is some different from the others.
>> I need to test my snort IDS with a DataSet of  packets that involves
>> malicious and benign data packets.
>> I found kdd cup and MIT university DataSets, but I need newer DataSet.
>>
>> Is there any body , that help me???
>>
>
> try http://pytbull.sourceforge.net/ - it generates traffic directed at
> your snort sensor using various tools
> (nmap, hping, tcpreplay, hydra, nikto, ...) and creates a summary by
> parsing snort's alert -A fast fetched over ftp from the sensor.
> It can even download some malicious content from a dropbox account ...
>
> Marcin
>
>
>
>>
>> thanks a lot ...
>> ------------------------------------------------------------
>> ------------------
>> Announcing the Oxford Dictionaries API! The API offers world-renowned
>> dictionary content that is easy and intuitive to access. Sign up for an
>> account today to start using our lexical data to power your apps and
>> projects. Get started today and enter our developer competition.
>> http://sdm.link/oxford
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
>



More information about the Snort-users mailing list