Saiko, I suggest you look into tomahawk (http://tomahawk.sourceforge.net/). It was developed specifically for testing IPS devices. It does not have quite as many options as tcpreplay now offers, but the essential functions required for IPS testing are provided. There are also sample pcaps of old exploits at the SourceForge project page:
http://sourceforge.net/project/showfiles.php?group_id=121410&package_id=132474 (Select the pcaps.tgz file under Extras) Be aware that the online documentation and tutorial both refer to v1.0 of the code and are woefully out of date. I highly recommend v1.1. The changes/fixes from 1.0->1.1 are discussed in the Release Notes for v1.1 (http://tomahawk.sourceforge.net/CHANGES.txt) David Full Disclosure: My opinion is somewhat biased because I rewrote the v1.0 code and submitted all the v1.1 changes. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ????????? ????? Sent: Tuesday, December 02, 2008 6:18 PM To: [email protected] Subject: IDS testing. Libs for packet capture. All, I have been working in IDS testing. Now I'm focused on testing network modules, like Snort, netstat, ect. I search for a tools to play traffic from tcpdumps. Is anyone in the group working on something like that? The idea is to develop some libpcap-like lib for playing tcpdumps. The question is: had it been already done? Are there any other common libs for packet captureing used in common IDSs? --- Saiko Alexander ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
