Snort mailing list archives
Re: Snort noob questions
From: Eric Fowler <eric.fowler () gmail com>
Date: Tue, 23 Apr 2013 13:53:30 -0700
The easiest way to test basic alert functionality: - put an alert for all ICMP traffic into your rules file: alert icmp any any <> any any (msg:"PING!";SID:1) prompt-->snort -dev -c <path to rules file> -l /var/log/snort - run ping forever If that doesn't catch packets you are doing something very wrong. On Tue, Apr 23, 2013 at 12:55 PM, Scott Bonar <sbonar () gmail com> wrote:
Thanks. I enabled the portscan preprocessor and ran the nmap command, but I am still not getting any alerts. What am I missing? Scott On 04/21/2013 06:02 PM, Caleb Jaren wrote: If this helps, I've always used an nmap Xmas scan against a host in the monitored segment. The scan (iirc) would be something like "nmap -v -sX <target ip>". What Joel said re: clam vs. Snort. On Apr 19, 2013 1:43 PM, "Joel Esler" <jesler () sourcefire com> wrote:On Apr 19, 2013, at 3:56 PM, Scott Bonar <sbonar () gmail com> wrote: Hopefully some quick questions from a Snort 'noob'. 1) got Snort up and running but I was curious, what is the best way to test it? Browse the internet for a bit! ;) No, really, maybe some metasploit, icmp traffic? Something like that. 2) what is the difference between ClamAV and Snort since it appears as if Snort has anti-virus/anti-spam/anti-phishing rules? ClamAV operates on files, on end hosts. Snort is a network detection tool that watches traffic as it goes by and stops it (if in IPS mode). The detection is written by the same people at the same time, so everything that Snort has a rule for ClamAV also has a rule for. -- *Joel Esler* Senior Research Engineer, VRT OpenSource Community Manager Sourcefire ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort noob questions Scott Bonar (Apr 19)
- Re: Snort noob questions Joel Esler (Apr 19)
- Re: Snort noob questions Caleb Jaren (Apr 21)
- Re: Snort noob questions Scott Bonar (Apr 23)
- Re: Snort noob questions Eric Fowler (Apr 23)
- Re: Snort noob questions Caleb Jaren (Apr 21)
- Re: Snort noob questions Joel Esler (Apr 19)
- Re: Snort noob questions herbert langhans (Apr 24)