LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page [SOLVED] Help with a Snort rule
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-25-2014, 10:41 AM   #1
yzT!
Member
 
Registered: Jan 2013
Distribution: Debian
Posts: 168

Rep: Reputation: 2
Help with a Snort rule

edit from the scratch
I have a problem trying to verify whether or not a rule is working when I'm using a .pcap file.

for example if I use this rule:
Code:
alert tcp any any <> any any (msg:"TEST";rev:1;sid:112321312;)
every packet should raise an alert, however when I load a pcap file I don't see these alerts.

If instead of loading a pcap file, I just run Snort and then dynamically generate traffic, the messages appear in /var/log/snort/alerts.

What am I missing?
Last edited by yzT!; 10-25-2014 at 02:31 PM.
 
Old 10-25-2014, 03:40 PM   #2
yzT!
Member
 
Registered: Jan 2013
Distribution: Debian
Posts: 168

Original Poster
Rep: Reputation: 2
well I found the problem. It seems that even if I'm using the default configuration file I need to use the -c parameter anyway.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Need help with placement of a Snort rule 74razor Linux - Security 2 03-02-2014 06:12 PM
Snort Rule stewarti Linux - Security 2 10-30-2013 02:30 PM
Ask about snort rule lamletoi Linux - Security 1 05-13-2012 02:54 PM
[SOLVED] Snort - DynamicPlugin: Rule [##] not enabled in configuration, rule will not be used mhollis Linux - Software 3 08-29-2011 06:06 PM
Help with my snort rule set PixelCloud Linux - Security 1 07-17-2004 01:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:22 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration