Re: darpa dataset problem(zero alert)

[<stephane.nasdrovisky () paradigmo com>]

default rules in windows = none (if your rules directory is empty, that’s your issue, otherwise, pulledpork may help)
commmunity rules: https://www.snort.org/downloads/community/community-rules.tar.gz (with a glitch in my browset:un 
added .tar)

other (newer ?) pcap archives:
http://packetlife.net/captures/
http://digitalcorpora.org/corpora/network-packet-dumps
http://wiki.wireshark.org/SampleCaptures#openSAFETY
http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/ : darpa
http://www.ist-mome.org/database/MeasurementData/?cmd=databrowse : registration required
http://sysdoccap.codeplex.com/wikipage?title=System%20Overview%20Document%20Scenario%20Captures

> I've tested snort with adding general rule such (alert icmp any any -> any any (msg: "test";sid=) ) and it working 
> well in generating alert but
> with default rule set it generate no alert for darpa dataset pcap files!


------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!