Snort mailing list archives
Easy way to test snort
From: Marc Daniels <snort-list.5.marcd () spamgourmet com>
Date: Fri, 4 Jun 2004 14:03:30 -0400 (Eastern Standard Time)
To test whether snort is sniffing and logging as desired, you can simply run a CyberKit ping to the box/network that the Snort IDS is monitoring. Google for the CyberKit tool (a legitimate shareware network util.) or download it from http://www.gknw.com/mirror/cyberkit/. Then simply ping some IP's that snort is supposed to be monitoring. You should see a match for the CyberKit ICMP ping signature, included in icmp.rules. Do we know if the Nachi worm author(s) pulled the ping functionality directly from the CyberKit tool, or is the matching payload just a coincidence? ------------------------------------------------------- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Easy way to test snort Marc Daniels (Jun 09)
- Re: Easy way to test snort todb (Jun 09)