Snort mailing list archives
Re: dataset
From: Marcin Dulak <marcin.dulak () gmail com>
Date: Mon, 3 Apr 2017 14:10:58 +0200
pytbull -t ip-address-of-snort is run from the client machine and will send the network traffic defined in the pytbull source code/config.cfg to snort. The client wants ftp server running on snort in order to fetch the snort:/var/log/snort/alert_fast.txt file. This usage of pytbull is described at https://github.com/marcindu lak/vagrant-snort-nfqueue-tutorial-centos7 Start from the pytbull setup ignoring the malicious payloads for the moment (called clientSideAttacks in pytbull/conf/config.cfg), and verify (e.g. with tcpdump on the client and snort) that pytbull generates the expected traffic. Later, if you also want to test whether snort detects malicious payloads see https://www.youtube.com/watch?v=_zS1f-F9niw This shows the use of pytbull-server.py on the snort machine for opening a reverse shell for downloading the malicious files from dropbox. I BCC also the author of pytbull - maybe he is still still active on that emails. Marcin On Mon, Apr 3, 2017 at 11:01 AM, Mojtaba Haghighipour < moj.haghighipour () gmail com> wrote:
Thanks for your reply... It's a very good suggestion for me but how to work with it?I read the documentation page for that but didn't understand how to work with. How to config‎ure server and client to start these tests? Sent from my BlackBerry 10 smartphone. *From: *Marcin Dulak *Sent: *Tuesday, March 14, 2017 02:36 *To: *Mojtaba Haghighipour *Cc: *snort-users mailinglist *Subject: *Re: [Snort-users] dataset On Sat, Mar 11, 2017 at 8:00 PM, Mojtaba Haghighipour < moj.haghighipour () gmail com> wrote:hi why question is some different from the others. I need to test my snort IDS with a DataSet of packets that involves malicious and benign data packets. I found kdd cup and MIT university DataSets, but I need newer DataSet. Is there any body , that help me???try http://pytbull.sourceforge.net/ - it generates traffic directed at your snort sensor using various tools (nmap, hping, tcpreplay, hydra, nikto, ...) and creates a summary by parsing snort's alert -A fast fetched over ftp from the sensor. It can even download some malicious content from a dropbox account ... Marcinthanks a lot ... ------------------------------------------------------------ ------------------ Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: dataset Marcin Dulak (Apr 03)