focus-ids December 2008 archive
Main Archive Page > Month Archives  > focus-ids archives
focus-ids: Re: IDS testing. Libs for packet capture.

Re: IDS testing. Libs for packet capture.

From: <Skyler.Bingham_at_nospam>
Date: Wed Dec 03 2008 - 20:39:29 GMT
To: focus-ids@securityfocus.com, listbounce@securityfocus.com


Have you looked at tcpreplay? It allows you to playback libpcap packet capture files in real-time (among other things).

http://tcpreplay.synfin.net/trac/

Skyler Bingham
GIAC {GSEC, GCIH, GCIA, GCFA}, CEH
(602) 957-1650 x1139 "Александр Сайко" <saiko.a.s@gmail. com> To Sent by: focus-ids@securityfocus.com listbounce@securi cc tyfocus.com Subject IDS testing. Libs for packet 12/02/2008 04:18 capture. PM

All,

I have been working in IDS testing. Now I'm focused on testing network modules, like Snort, netstat, ect. I search for a tools to play traffic from tcpdumps. Is anyone in the group working on something like that? The idea is to develop some libpcap-like lib for playing tcpdumps. The question is: had it been already done? Are there any other common libs for packet captureing used in common IDSs?

---
Saiko Alexander



Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw

to learn more.