Snort mailing list archives

Re: Snort-Generate HTTP traffic with hping3 using one PC

From: rmkml <rmkml () ligfy org>
Date: Tue, 30 May 2017 20:57:08 +0200 (CEST)

Hello,

Warn your snort rule inspect port 80 but your hping3 flood port 8000.

Best Regards
@Rmkml


On Tue, 30 May 2017, ‫moon sun‬ ‫ wrote:

I'm using snort 2.9.9.0 on obuntu 15.10 , I want to test snort to alert http traffic, So I added this rule to local 
rules :

 alert tcp any any -> $HOME_NET 80 (msg:"HTTP Test!!!"; classtype:not-suspicious; sid:1000002;  rev:1;)

Now I want to generate some http traffic with hping3, so I used:

   $ sudo hping3 -c 10000 -d 120 -S -w 64 -p 8000 --flood --rand-source

But it says :

    3956843 packets transmitted, 0 packets received, 100% packet loss

The problem in the source ip address, I have only one PC , How can I use hping3 to send tcp traffic (http) to my pc 
from the same pc ?
If this is not possible, Then is there another way to generate http traffic from and to the same pc ?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort-Generate HTTP traffic with hping3 using one PC ‫moon sun‬ ‫ (May 29)
- Re: Snort-Generate HTTP traffic with hping3 using one PC Al Lewis (allewi) (May 30)
- Re: Snort-Generate HTTP traffic with hping3 using one PC rmkml (May 30)