Re: Testing Rule

[James Lay <jlay () slave-tothe-box net>]

Give this one a shot:
https://packettotal.com/cgi-bin/view-analysis.cgi?id=5e7800143e4865fe09
f0d2e246bc571c
Should fire for you..notice the ET rules that fire under malicious
activity.
James
On Tue, 2017-07-11 at 15:26 -0500, Justin Pederson wrote:
> James I tried this as well with 2 or 3 pcaps and no alerts happened. 
> Can you verify one of the pcaps that will trigger an alert to verify
> our configuration is correct.
>
> On Tue, Jul 11, 2017 at 2:44 PM, James Lay <jlay () slave-tothe-box net>
> wrote:
> > You can download some of the pacps there and then run your snort
> > against it to see how it fares.
> > James
> >  
> > On 2017-07-11 13:34, tantioification . via Snort-users wrote:
> > > Sorry James,, how to use that pcap file from packettotal.com for
> > > testing?
> > > i think i just can read that file...
> > >
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists snort org
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.snort.org/mailman/listinfo/snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the
> > > latest Snort news!
> >  
> >  
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists snort org
> > Go to this URL to change user options or unsubscribe:
> > https://lists.snort.org/mailman/listinfo/snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the
> > latest Snort news!
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!