Snort mailing list archives

Re: Generating packets from Snort 3 rules

From: Joel Esler via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 18 Jul 2022 09:37:53 -0400

Is there a tool used at Talos to generate packets? Yes.  Various open source tools are used to wrap things like text 
and single packets into full session packets, but overwhelming like (like 99x out of 100) the packets that are being 
used to write and test the rules are actual  attack packets against an actual host.  Sometimes this means detonating 
malware in order to generate the traffic, sometimes this means writing an exploit to generate the traffic, but a pcap 
exists for every single rule written.

On Jul 13, 2022, at 9:39 PM, Stephen Reese via Snort-sigs <snort-sigs () lists snort org> wrote:

Is a tool used internally to generate packets to evaluate Snort rules before they are published? If so, might it be 
available for public use or is this a manual process? I have seen a number of public tools, most of which are 
research based that evaluate Snort rules and attempt to generate corresponding packets. Most existing tools are dated 
and focus on a subset of Snort 2 rules. I have begun the process of building a tool to evaluate Snort 3 rules but 
figure it would not hurt to ask if something already exists?
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Generating packets from Snort 3 rules Stephen Reese via Snort-sigs (Jul 15)
- Re: Generating packets from Snort 3 rules Alex Tatistcheff via Snort-sigs (Jul 16)
- Re: Generating packets from Snort 3 rules Joel Esler via Snort-sigs (Jul 18)
  - Re: Generating packets from Snort 3 rules Stephen Reese via Snort-sigs (Jul 27)
    - Re: Generating packets from Snort 3 rules Joel Esler via Snort-sigs (Jul 26)
    - Message not available
    - Re: Generating packets from Snort 3 rules Joel Esler via Snort-sigs (Aug 02)