Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Easy way to test snort

From: Marc Daniels <snort-list.5.marcd () spamgourmet com>
Date: Fri, 4 Jun 2004 14:03:30 -0400 (Eastern Standard Time)
To test whether snort is sniffing and logging as desired, you can simply
run a CyberKit ping to the box/network that the Snort IDS is monitoring.

Google for the CyberKit tool (a legitimate shareware network util.) or
download it from http://www.gknw.com/mirror/cyberkit/.

Then simply ping some IP's that snort is supposed to be monitoring.  You
should see a match for the CyberKit ICMP ping signature, included in
icmp.rules.

Do we know if the Nachi worm author(s) pulled the ping functionality
directly from the CyberKit tool, or is the matching payload just a
coincidence?


-------------------------------------------------------
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite!  GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conference, 28-30th June in Norway
http://2004/guadec.org
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: