Re: Generating packets from Snort 3 rules

[Stephen Reese via Snort-sigs <snort-sigs () lists snort org>]

Joel,

Which tools are used? More importantly, I would be interested to know if
the pcap’s are available for research purposes? This would be to load the
pcap’s into Scapy to modify packet’s payloads based on the research
criteria.

Thanks,
Stephen

On Mon, Jul 18, 2022 at 9:38 AM Joel Esler <joel.esler () me com> wrote:

> Is there a tool used at Talos to generate packets? Yes.  Various open
> source tools are used to wrap things like text and single packets into full
> session packets, but overwhelming like (like 99x out of 100) the packets
> that are being used to write and test the rules are *actual * attack
> packets against an actual host.  Sometimes this means detonating malware in
> order to generate the traffic, sometimes this means writing an exploit to
> generate the traffic, but a pcap exists for every single rule written.
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!