In addition to tcpreplay & tomahawk (which are both great), you can
also add daemonlogger to your toolbox.
You can use it to receive traffic on one interface and replay it on a
second in realtime.
-Seth Art
Sent from my iPhone
On Dec 4, 2008, at 10:36 AM, "Koconis, David" <[EMAIL PROTECTED]
> wrote:
Saiko,
I suggest you look into tomahawk (http://
tomahawk.sourceforge.net/). It was developed specifically for
testing IPS devices. It does not have quite as many options as
tcpreplay now offers, but the essential functions required for IPS
testing are provided. There are also sample pcaps of old exploits
at the SourceForge project page:
http://sourceforge.net/project/showfiles.php?group_id=121410&package_id=132474
(Select the pcaps.tgz file under Extras)
Be aware that the online documentation and tutorial both refer to
v1.0 of the code and are woefully out of date. I highly recommend
v1.1. The changes/fixes from 1.0->1.1 are discussed in the Release
Notes for v1.1 (http://tomahawk.sourceforge.net/CHANGES.txt)
David
Full Disclosure:
My opinion is somewhat biased because I rewrote the v1.0 code and
submitted all the v1.1 changes.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
] On Behalf Of ????????? ?????
Sent: Tuesday, December 02, 2008 6:18 PM
To: [email protected]
Subject: IDS testing. Libs for packet capture.
All,
I have been working in IDS testing. Now I'm focused on testing network
modules, like Snort, netstat, ect. I search for a tools to play
traffic from tcpdumps. Is anyone in the group working on something
like that? The idea is to develop some libpcap-like lib for playing
tcpdumps. The question is: had it been already done? Are there any
other common libs for packet captureing used in common IDSs?
---
Saiko Alexander
---
---------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
---
---------------------------------------------------------------------
---
---------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
---
---------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
