Snort mailing list archives
How to Test Snort Rules
From: jsa hssh <jsp563b32a () yahoo co uk>
Date: Thu, 5 May 2005 14:23:22 +0100 (BST)
I am new to the mailing list and new to Snort too. I am using EagleX which u might know uses Snort rules for ID purposes and show the results using ACID. What i want to know is how do one test Snort rules. If i want to test a specific rule or signature how will i do that. Lets say i have rule which give an alert whenever there is particular word example take "Porn" is there in network traffic. I know if it matches same word in network traffic it will give us the alert but how will we test it before we deploy it. can we connect two systems and send file containing this word from one system to other which has snort running on it. If yes "how do we do that". simillarly if we want to test any other Snort rule how do we do that. Is there any particular software whcih is available and can be used for this testing purpose. I will really appriciate any kind of feedback on this. It may be very simple but i am new to Snort so i don't know how to do this. Thanks for your help fellows in dvance. Jass --------------------------------- Yahoo! Messenger - want a free & easy way to contact your friends online?
Current thread:
- How to Test Snort Rules jsa hssh (May 05)