Snort mailing list archives
Re: Testing Snort
From: Seth Art <sethsec () gmail com>
Date: Wed, 29 Apr 2009 09:54:16 -0400
Ana,
second point , i have to configure a port mirroring in the switch to reflect traffic to the port which my snort is installed, I did it but just from one port source to destination port (cisco switch : catalyst 2960) when i tried more than source port , it dosen't work
Some switches only support a 1-1 mirror. Not sure about the 2950. Just find the port on that switch that connects to your upstream router/firewall/core switch, and mirror THAT to the IDS. You will miss traffic going from host1 going to host2 if both of them are on the 2950, but you will see either of them talking to anyone that is NOT on that switch. This is usually enough for most situations.
it's running good , now i have to test intrusion and attacks can you help me , guide me ??
Run metasploit or even nessus on the hosts attached to the 2950 (from a machine NOT attached to the 2950), and you should be able to see tons of attacks. -Seth On Wed, Apr 29, 2009 at 12:56 AM, -AnaS- _____ <pxxanasxxq () hotmail com> wrote:
Hello evryone, I am very happy to post you this email , this is my first time, I have instaled snort , apache server , mysql database , and the interface "BASE" it's running good , now i have to test intrusion and attacks can you help me , guide me ?? I already tested scan. I should test "Arp spoofing" and "Arp flooding" and others... second point , i have to configure a port mirroring in the switch to reflect traffic to the port which my snort is installed, I did it but just from one port source to destination port (cisco switch : catalyst 2960) when i tried more than source port , it dosen't work Thank you very much A.i.A ________________________________ Découvrez tout ce que Windows Live a à vous apporter ! ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Testing Snort Seth Art (Apr 29)