Re: IDS testing. Libs for packet capture.

From: <Skyler.Bingham_at_nospam>
Date: Wed Dec 03 2008 - 20:39:29 GMT
To: focus-ids@securityfocus.com, listbounce@securityfocus.com

Have you looked at tcpreplay? It allows you to playback libpcap packet capture files in real-time (among other things).

http://tcpreplay.synfin.net/trac/

Skyler Bingham
GIAC {GSEC, GCIH, GCIA, GCFA}, CEH
(602) 957-1650 x1139 "áÌÅËÓÁÎÄÒ óÁÊËÏ" <saiko.a.s@gmail. com> To Sent by: focus-ids@securityfocus.com listbounce@securi cc tyfocus.com Subject IDS testing. Libs for packet 12/02/2008 04:18 capture. PM

All,

I have been working in IDS testing. Now I'm focused on testing network modules, like Snort, netstat, ect. I search for a tools to play traffic from tcpdumps. Is anyone in the group working on something like that? The idea is to develop some libpcap-like lib for playing tcpdumps. The question is: had it been already done? Are there any other common libs for packet captureing used in common IDSs?

---
Saiko Alexander

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw

to learn more.

This message: [ Message body ]
Next message: Skyler.Bingham_at_nospam: "Re: Worm generating network attack traffic?"
Previous message: Stefano Zanero: "Re: IDS testing. Libs for packet capture."
In reply to: áÌÅËÓÁÎÄÒ óÁÊËÏ: "IDS testing. Libs for packet capture."
Next in thread: Koconis, David: "RE: IDS testing. Libs for packet capture."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]