[Snort-users] Snort-Generate HTTP traffic with hping3 using one PC

Al Lewis (allewi) allewi at ...589...
Mon May 29 21:12:06 EDT 2017


Setup snort and browse (with a browser or with curl) to the internet from that machine

Or replay a pcap containing http traffic into snort.


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589... 







On 5/29/17, 8:55 PM, "‫moon sun‬ ‫‬" <msun489 at ...131...> wrote:

>I'm using snort 2.9.9.0 on obuntu 15.10 , I want to test snort to alert http traffic, So I added this rule to local rules :
>
> alert tcp any any -> $HOME_NET 80 (msg:"HTTP Test!!!"; classtype:not-suspicious; sid:1000002;  rev:1;)
>
>Now I want to generate some http traffic with hping3, so I used:
>
>   $ sudo hping3 -c 10000 -d 120 -S -w 64 -p 8000 --flood --rand-source
>
>But it says : 
>
>    3956843 packets transmitted, 0 packets received, 100% packet loss
>
>The problem in the source ip address, I have only one PC , How can I use hping3 to send tcp traffic (http) to my pc from the same pc ?
>If this is not possible, Then is there another way to generate http traffic from and to the same pc ?
>------------------------------------------------------------------------------
>Check out the vibrant tech community on one of the world's most
>engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
>Please visit http://blog.snort.org to stay current on all the latest Snort news!


More information about the Snort-users mailing list