Hi All,
I would like to ask you some questions about NS and I hope that
somebody could have at least some partial answers. Meanwhile thank you
for your time to read this e-mail.
I need to test a Distributed Intrusion Detection environment. I need
to deploy a network with several routers, hosts, IDSs (snort may be) and
traffic analysis engines (basically netflow data in flow-tools); snort
and flow-tools are open source in C. Also I need to inject TCP traffic
(from tcpdump traces) to the network.
I know that with NS I can build the network with routers, routing
protocols and host. I would like to confirm that I could inject TCP
traffic from tcpdump (as fas as I know it is possible, but I just wanted
to check). So, half of the problem would be solved with this.
Now, my main question is how to integrate the IDS and the traffic
analysis application. Since these applications are written in C, my
first idea was to import the code into NS, but I do not if NS is
strong/flexible enough to support it.
My second idea is to take out the pre-procesed/routed traffic from
NS and to redirect it to outside IDS and traffic analysis boxes.This
would mean that I would inject TCP traffic in point A of the simulated
network and then I would take out that traffic in point B. Is it possible? I
have found many questions about this in the website but I could not find an
answer.
I know that these may be strange questions, but if somebody had an
answer or idea I would really appreciate it.
Thanks in advance,
-as
