Main Archive Page > Month Archives  > focus-ids archives

RE: IDS testing. Libs for packet capture.

From: Andrew Hay <ahay_at_nospam>
Date: Wed Dec 03 2008 - 20:20:47 GMT
To: �лек�андр Сайко <saiko.a.s@gmail.com>, <focus-ids@securityfocus.com>

Try Tcpreplay - http://tcpreplay.synfin.net/trac/

Andrew Hay, RHCE, GSEC, GCIA, GCIH, CISSP Security Analyst CAPITAL G Limited
25 Reid Street
P.O. Box HM 1194
Hamilton HM EX
Bermuda
+1.441.294.2468 Direct
+1.441.296.6853 Fax
+1.441.300.0063 Cell

ahay@capitalg.bm
www.capital-g.com

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of ????????? ????? Sent: Tuesday, December 02, 2008 7:18 PM To: focus-ids@securityfocus.com
Subject: IDS testing. Libs for packet capture.

All,

I have been working in IDS testing. Now I'm focused on testing network modules, like Snort, netstat, ect. I search for a tools to play traffic from tcpdumps. Is anyone in the group working on something like that? The idea is to develop some libpcap-like lib for playing tcpdumps. The question is: had it been already done? Are there any other common libs for packet captureing used in common IDSs?

---
Saiko Alexander

---

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.

---

The information in this Internet e-mail, including attachments, contains information that is confidential and may be protected by attorney client privileges. This email, including attachments, constitutes non-public information intended only for the use of the designated recipient(s) to which it is addressed and may contain legal or financial information which is privileged, confidential or subject to copyright. Access by any other person to this Internet e-mail is not authorized. If you are not the intended recipient, please delete this Internet e-mail, including attachments, immediately and notify the sender by return email. Any disclosure of this Internet e-mail, including attachments, or of the parties to it, or copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited, and may be unlawful.

• This message: [ Message body ]
• Next message: Tim Grossner: "Re: Worm generating network attack traffic?"
• Previous message: isb_boy3: "Worm generating network attack traffic?"
• In reply to: áÌÅËÓÁÎÄÒ óÁÊËÏ: "IDS testing. Libs for packet capture."
• Next in thread: Stefano Zanero: "Re: IDS testing. Libs for packet capture."

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]