Re: IDS testing. Libs for packet capture.

[Sethsec <sethsec () gmail com>]

In addition to tcpreplay & tomahawk (which are both great), you can  
also add daemonlogger to your toolbox.

You can use it to receive traffic on one interface and replay it on a  
second in realtime.

-Seth Art

Sent from my iPhone


On Dec 4, 2008, at 10:36 AM, "Koconis, David" <david.koconis () icsalabs com 
> wrote:

> Saiko,
>
> I suggest you look into tomahawk (http:// 
> tomahawk.sourceforge.net/).  It was developed specifically for  
> testing IPS devices.  It does not have quite as many options as  
> tcpreplay now offers, but the essential functions required for IPS  
> testing are provided.  There are also sample pcaps of old exploits  
> at the SourceForge project page:
>
> http://sourceforge.net/project/showfiles.php?group_id=121410&package_id=132474
> (Select the pcaps.tgz file under Extras)
>
> Be aware that the online documentation and tutorial both refer to  
> v1.0 of the code and are woefully out of date.  I highly recommend  
> v1.1.  The changes/fixes from 1.0->1.1 are discussed in the Release  
> Notes for v1.1 (http://tomahawk.sourceforge.net/CHANGES.txt)
>
> David
>
> Full Disclosure:
> My opinion is somewhat biased because I rewrote the v1.0 code and  
> submitted all the v1.1 changes.
>
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com 
> ] On Behalf Of ????????? ?????
> Sent: Tuesday, December 02, 2008 6:18 PM
> To: focus-ids () securityfocus com
> Subject: IDS testing. Libs for packet capture.
>
> All,
>
> I have been working in IDS testing. Now I'm focused on testing network
> modules, like Snort, netstat, ect. I search for a tools to play
> traffic from tcpdumps. Is anyone in the group working on something
> like that? The idea is to develop some libpcap-like lib for playing
> tcpdumps. The question is: had it been already done? Are there any
> other common libs for packet captureing used in common IDSs?
>
> ---
> Saiko Alexander
>
> --- 
> ---------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> --- 
> ---------------------------------------------------------------------
>
>
> --- 
> ---------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> --- 
> ---------------------------------------------------------------------

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------