Hosting Provided By

Re: [Snort-users] Snort signautures

From: Erek Adams <erek(at)snort.org>
Date: Fri Feb 28 2003 - 15:19:39 EST

On Fri, 28 Feb 2003, SUDAGER BILKHU wrote:

> I have recently set up Snort as part of my final year project at

http://www.snort.org/snort-db/

> Secondly are there a number of commands that I should use to tell Snort

Yes, there are.

To dump traffic, you use 'sniffer mode'. To search for attacks, you use IDS mode. Check the USAGE file and the first chapter of the docs [0]. When using IDS mode, you will need to configure snort.conf. Read it's inline comments.

> How do I perform a port scan?

Do you need help?

*shrug* However you want. Nmap, Nessus, GRC.com, Shieldsup, whatever. Doesn't matter.

> Thirdly I downloaded a front end for my Snort system. The file is

Until you have Snort running, my honest suggestion is to forget about a frontend. If you are using this for a final at a University and they ask "How do you enable or disable rules?" and your answer is "Click on the check box in the GUI." do you think your professor would consider that a "right" answer? :)

> I would really appreciate any kind of feedback. I am at the moment only

No trouble at all...

Two things I suggest:

	RTFM :) [0]
	RTFF :) [1]

There's _tons_ of useful stuff there. If you are still lost, then you might want to check the mailing list archives [2] since there's quite a large subscriber base, and someone else may have had that same question.

Cheers and good luck on your project! :)

Erek Adams

Do you need more help?

"When things get weird, the weird turn pro." H.S. Thompson

[0]	
http://www.snort.org/docs/writing_rules/
[1]	
http://www.snort.org/docs/faq.html
[2]	
http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2


-------------------------------------------------------

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Fri Feb 28 15:26:57 2003

This message: [ Message body ]
Next message: Erek Adams: "Re: [Snort-users] Alerts, Logged and Passed"
Previous message: Joe Giles: "Re: [Snort-users] Unable to receive alerts"
In reply to SUDAGER BILKHU: "[Snort-users] Snort signautures"
Next in thread: Matt Kettler: "Re: [Snort-users] Snort signautures (understanding snort output)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 11:49:56 EDT