LinuxQuestions.org - ICMP traffic in Snort+BASE

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - ICMP traffic in Snort+BASE (https://www.linuxquestions.org/questions/linux-security-4/icmp-traffic-in-snort-base-313825/)

perfect_circle

04-16-2005 08:02 AM

ICMP traffic in Snort+BASE

I'm trying to test snort+base in a linux box. I don't seem to get ICMP alerts. I tried ping but base does not display it as ICMP traffic. Can anyone suggest me an attack to create Alerts with ICMP traffic?

Capt_Caveman

04-16-2005 12:24 PM

Try hping2 for packet crafting.

The standard 'hping -V -C 8 <target>' should generate the ICMP PING NMAP alert. Also make sure that the system you're scanning from isn't part of $HOME_NET

perfect_circle

04-16-2005 06:16 PM

Thanx for your reply.
Actually I manage to create some ICMP host unreachable alerts, but I also downloaded and compiled hping2. And did what you said. hping is a really nice tool with many capabilities.
Thanx again

All times are GMT -5. The time now is 07:31 AM.