Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Doubt about snort.org

From: Alberto Gonzalez <ag-snort () cerebro violating us>
Date: Tue, 22 Oct 2002 10:15:31 -0700

Javier Verdu Mula wrote:


Hi folks

Some people told me that there are input data of snort (i.e. TCP traffic
trace) in www.snort.org, but I can not find them. Do these traces
actually exist? Where can I find them?
I know they had some packet traces on the website, so I did some searching, and at http://www.snort.org/dl/contrib/other_stuff/ there is "sans_handson.tgz" ... If you download that, it has some "exercises" with packet dumps (you can run them through snort) 
What your want to do is something similar to the following:
/usr/local/bin/snort -d -c /path/to/snort.conf -l ./log -h x.x.x.x/24 -r <dump file>
Once this is done, your data will be sitting in ./log directory. Or you can run them through tcpdump. (There is also some TCPDUMP 
traces)


A second question is about..if I have these trace, what is the snort
behaivor
when it finds a TCP started dialog? I mean, when snort start to run and detects (i.e. a started TCP initialitation dialog), may snort confuse and understand a possible attack meanwhile the packets are undangerous?
Again, almost all ID systems have some false positives, the only way to FULLY understand them is to investigate them... You should play/configure snort to your liking(and your networks). After that, im positive you will start to LOVE snort. 

Hope it Helps

   - Albert

--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net emial is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ad.doubleclick.net/clk;4699841;7576301;v?http://www.sun.com/javavote 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: