In RealSecure 7, take a look at the "SensorStatistics" event that appeared in XPU 20.13.
This event is triggered every 15 minutes, and contains a count of the number of packets seen. Look at the "event details" for SensorStatistics in order to see this counts. It also shows what happening in the TCP state tracking tables. For example, if you are getting large counts for the "tcp.misseddata_acks" or "tcp.onesided", then there is likely a problem in the way you've tapped into traffic. And, of course, if you aren't seeing many "ip.packets", then you likewise haven't tapped correctly into traffic. (Note that if you aren't seeing any SensorStatistics, then you aren't seeing any packets at all). Once you've made sure that this is corrent, then go to a web-browser and type in a hostile URL. The traditional one is "http://victim/cgi-bin/phf";. Make sure that the packets in question are actually supposed to be going across the wire in question. We spend a lot of time with customers who do their test wrong. For example, a customer might type a hostile URL, then realize the IDS wasn't plugged in, and then the second time, they don't realize the web-browser has cached the first request. --- bojidar_tzendov <[EMAIL PROTECTED]> wrote: > Dear All, > > How to test sensors if I have a pilot installation? > > Is there any procedure and tools? > > Can anyone send me docs and tools or at least urls? > > Thanks in advance > bojidar > > Bojidar Tzendov > Area Sales Manager > Test Solutions > mobile: +359 88 605 365 > phone: +359 2 969 60 60 > fax: +359 2 969 60 69 > > __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
