Re: how to create testing data files??

[Rob MacGregor <rob.macgregor () gmail com>]

On Sat, Aug 14, 2010 at 20:35, waldo kitty <wkitty42 () windstream net> wrote:
> how can we create data files and test rules without having to create pcaps? i've
> tried creating a file with some test strings in it and feeding it to snort via
> the various pcap reading methods but snort always whines "bad dump file format"
> and quits...
>
> the snort 2.8.6.1 manual specifically states, in section 1.7.2 at the bottom of
> page 16...
>
> [quote] Note that Snort will not try to determine whether the files under that
> directory are really pcap files or not. [/quote]
>
> that indicates that we can create a "text" file and feed it to snort... what am
> i missing??

Try rule2alert (https://code.google.com/p/rule2alert/), which will
generate a pcap file for the rule you provide.

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users