Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort, php, MySQL and acid showing no activity

From: Phil Wood <cpw () lanl gov>
Date: Fri, 23 Aug 2002 12:47:07 -0600
To Whom It May Concern,

Assuming you are on a linux system, or have one available with
netcat installed ...

Add this to your conf file (for test purposes only):

  config classification: testing,Your test succeeded,4
  alert udp any any -> 192.168.1.242 1234 (msg: "Test Snort System"; content: "excuse me"; classtype: testing; 
sid:40002; rev:1;)

Restart your snort.

Then, on some machine which can generate traffic to the network your
sensor is on:

  % echo excuse me | /usr/bin/nc -u 192.168.1.242 1234

You should see the following in your alert file (assuming fast
alerts are being used):

  08/23-12:27:12.509001  [**] [1:40002:1] Test Page System [**] [Classification: Your test succeeded] [Priority: 4] 
{UDP} 192.168.114.97:37085 -> 192.168.1.242:1234

You might need to use a routable host address rather than 192.168.1.242.
Pick an unused, or not, address on the network you are sniffing.

Later,

-- 
Phil Wood, cpw () lanl gov



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: