44


Chapter 2     Installing Snort and Getting Started


ping  n  r  b 255.255.255.255  p "7569643d3028726f6f74290a"  


c3


Alerts displayed on screen will look like the following. Again note that to display


alerts on screen, you have to use the   A console  command line option.


11/19 18:51:04.560952  [**] [1:498:3] ATTACK RESPONSES id 


check returned root [**] [Classification: Potentially Bad 


Traffic] [Priority: 2] {ICMP} 10.100.1.105  > 255.255.255.255


2.2.4.1


Generating Test Alerts


The following script name is snort test.sh and it is available on the website (http://


authors.phptr.com/rehman/) that accompanies the book. Basically it uses the same command as


mentioned above but is useful when Snort is running in the daemon mode.


     1  #!/bin/sh


     2  #


     3  ###############################################################


     4  # You are free to copy and distribute this script under       #


     5  # GNU Public License until this part is not removed           #


     6  # from the script.                                            #


     7  ###############################################################


     8  #                         HOW TO USE                          #


     9  #                                                             #


    10  # Right after installation of Snort, run this script.         #


    11  # It will generate alerts in /var/log/snort/alert file similar#


    12  # to the following:                                           #


    13  #                                                             #


    14  # Note that Snort must be running at the time you run this    #


    15  # script.                                                     #


    16  #                                                             #


    17  # [**] [1:498:3] ATTACK RESPONSES id check returned root [**] #


    18  # [Classification: Potentially Bad Traffic] [Priority: 2]     #


    19  # 08/31 15:56:48.188882 255.255.255.255  > 192.168.1.111      #


    20  # ICMP TTL:150 TOS:0x0 ID:0 IpLen:20 DgmLen:84                #


    21  # Type:0  Code:0  ID:45596  Seq:1024  ECHO REPLY              #


    22  #                                                             #


    23  # These alerts are displayed at the end of the script.        #


    24  ###############################################################


    25  #


    26  clear


    27  echo "###############################################################"


    28  echo "#            Script to test Snort Installation                #"


    29  echo "#                       Written By                            #"


    30  echo "#                                                             #"


    31  echo "#                     Rafeeq Rehman                           #"


    32  echo "#                  rr@argusnetsec.com                         #"


    33  echo "#           Argus Network Security Services Inc.              #"


    34  echo "#               http://www.argusnetsec.com                    #"


    35  echo "###############################################################"


    36  echo


    37








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved