Snort mailing list archives
Re: Doubt about snort.org
From: Alberto Gonzalez <ag-snort () cerebro violating us>
Date: Tue, 22 Oct 2002 10:15:31 -0700
Javier Verdu Mula wrote:
I know they had some packet traces on the website, so I did some searching, and at http://www.snort.org/dl/contrib/other_stuff/ there is "sans_handson.tgz" ... If you download that, it has some "exercises" with packet dumps (you can run them through snort)Hi folks Some people told me that there are input data of snort (i.e. TCP traffic trace) in www.snort.org, but I can not find them. Do these tracesactually exist? Where can I find them?
What your want to do is something similar to the following:/usr/local/bin/snort -d -c /path/to/snort.conf -l ./log -h x.x.x.x/24 -r <dump file>
Once this is done, your data will be sitting in ./log directory. Or you can run them through tcpdump. (There is also some TCPDUMP
traces)
Again, almost all ID systems have some false positives, the only way to FULLY understand them is to investigate them... You should play/configure snort to your liking(and your networks). After that, im positive you will start to LOVE snort.A second question is about..if I have these trace, what is the snort behaivorwhen it finds a TCP started dialog? I mean, when snort start to run and detects (i.e. a started TCP initialitation dialog), may snort confuse and understand a possible attack meanwhile the packets are undangerous?
Hope it Helps - Albert -- The secret to success is to start from scratch and keep on scratching. -------------------------------------------------------This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Doubt about snort.org Javier Verdu Mula (Oct 22)
- Re: Doubt about snort.org Alberto Gonzalez (Oct 22)