|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] learning snort
From: Joel Esler (joel.esler
sourcefire.com)
Date: Wed Sep 28 2005 - 14:57:31 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Snot, IIRC, isn't going to be much use to you now that Snort has
stream tracking. Since Snot's attacks are based off of a general
packet.. (no flow being established).. I don't think it will work.
Try out a vulnerability assessment tool like Nessus.
joel
On Sep 28, 2005, at 3:46 PM, James B Horwath wrote:
> I am in the process of studying for the GCIA second exam which covers
> snort setup and use. I have been reading the mailing list, snort
> documentation and playing with a small controlled snort setup.
> Although
> RTFM is great, I learn better by actually doing hands on things. I am
> using a packet crafting tool like hping2 to watch and learn how snort
> works. I have been reading about tools like snot which use the snort
> configuration and build packets based on the configuration. This
> seems
> like an ideal way to learn more about snort behavior. I am having
> trouble
> finding snot, are there any other tools recommended to exercise
> snort and
> learn the what, why's and how. I don't have access to any large
> network
> to try a live implementation, so my small and humble lab is the
> best I
> can do. Any recommendations I would really appreciate.
>
> Regards,
> Jim
>
>
> -----------------------------------------
> This message, and any attachments to it, may contain information that
> is privileged, confidential, and exempt from disclosure under
> applicable law. If the reader of this message is not the intended
> recipient, you are notified that any use, dissemination, distribution,
> copying, or communication of this message is strictly prohibited. If
> you have received this message in error, please notify the sender
> immediately by return e-mail and delete the message and any
> attachments. Thank you.
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads,
> discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]