Re: PCAP samples to test Snort rules (community and subscriber)

[Jason Minto <jminto () lomin com>]

You could consider vulnerability testing tools,

In the past I've stuck with the Black Hat CTF. However, you could use a
number of different vulnerability tools.

You could get invasive with something as trivial as Kali Linux and
Metasploit was helpful. You could also spring some cash for Canvas or Core
Impact.

Don't forget you can always use the less invasive vulnerability scanners:
Nessus/tenable, IP360, or the like.

Best Wishes,

Jason A. Minto

On Wed, Aug 3, 2016 at 12:39 PM, Pat <pkugrinas () gmail com> wrote:

> Hello,
>
> We're working on an automated binary analysis platform which captures
> traffic and runs Snort/Suricata on the resulting .pcap. With the recently
> purchased rule subscription I was wondering if there are any recommended
> ways to test some of the rules functionality. Partly because I'm not
> completely certain I've got all the configuration bits right.. and it'd be
> great to see them in action in general. I found some repositories
> containing malicious traffic PCAP samples, notably the ones from various
> CTFs and contagio. Is there anything else I can try to really make sure to
> trigger them?
>
> Thanks,
> -p
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!