IDS mailing list archives
Re: IDS testing. Libs for packet capture.
From: Sethsec <sethsec () gmail com>
Date: Sat, 6 Dec 2008 17:04:40 -0500
In addition to tcpreplay & tomahawk (which are both great), you can also add daemonlogger to your toolbox.
You can use it to receive traffic on one interface and replay it on a second in realtime.
-Seth Art Sent from my iPhoneOn Dec 4, 2008, at 10:36 AM, "Koconis, David" <david.koconis () icsalabs com > wrote:
Saiko,I suggest you look into tomahawk (http:// tomahawk.sourceforge.net/). It was developed specifically for testing IPS devices. It does not have quite as many options as tcpreplay now offers, but the essential functions required for IPS testing are provided. There are also sample pcaps of old exploits at the SourceForge project page:http://sourceforge.net/project/showfiles.php?group_id=121410&package_id=132474 (Select the pcaps.tgz file under Extras)Be aware that the online documentation and tutorial both refer to v1.0 of the code and are woefully out of date. I highly recommend v1.1. The changes/fixes from 1.0->1.1 are discussed in the Release Notes for v1.1 (http://tomahawk.sourceforge.net/CHANGES.txt)David Full Disclosure:My opinion is somewhat biased because I rewrote the v1.0 code and submitted all the v1.1 changes.-----Original Message-----From: listbounce () securityfocus com [mailto:listbounce () securityfocus com ] On Behalf Of ????????? ?????Sent: Tuesday, December 02, 2008 6:18 PM To: focus-ids () securityfocus com Subject: IDS testing. Libs for packet capture. All, I have been working in IDS testing. Now I'm focused on testing network modules, like Snort, netstat, ect. I search for a tools to play traffic from tcpdumps. Is anyone in the group working on something like that? The idea is to develop some libpcap-like lib for playing tcpdumps. The question is: had it been already done? Are there any other common libs for packet captureing used in common IDSs? --- Saiko Alexander--- ---------------------------------------------------------------------Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.--- ------------------------------------------------------------------------ ---------------------------------------------------------------------Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.--- ---------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- IDS testing. Libs for packet capture. Александр Сайко (Dec 03)
- RE: IDS testing. Libs for packet capture. Andrew Hay (Dec 03)
- Re: IDS testing. Libs for packet capture. Stefano Zanero (Dec 03)
- Re: IDS testing. Libs for packet capture. Skyler . Bingham (Dec 03)
- RE: IDS testing. Libs for packet capture. Koconis, David (Dec 04)
- Re: IDS testing. Libs for packet capture. Sethsec (Dec 08)