Re: Remote IDS Testing

fragrouter + tcpreplay would do the trick. I don't think fragroute
(no r) will work properly with tcpreplay on the same box, but you
might give it a try.

You can get fragrouter (unsupported afaik) here:

Newer (and supported) versions of tcpreplay from here:

Fragroute (supported):

Of course none of these tools really make it easy to determine what
packet(s) actually cause the problem, but you can step through the
pcap file manually using tcpreplay.


On 12/13/05, Schupp, Hank <Hank.Schupp@xxxxxxxxxxxxxxx> wrote:
> Am trying to determine a method to transmit PCAP files with
> (measurable?)
> fragmentation.
> I have sets of captures now for various protocols (IM, EMAIL, HTTP, etc)
> and wish to transmit them in a fragmented format to test the ability of
> an
> analysis tool to properly defragment and rebuild the sessions.
> Optimally,
> I'd like to be able to set a fragmentation percentage and replay a set
> of
> pcap files to gauge the failure point. Out-of-order packet generation
> in the same tool would just be a big plus!
> Any thoughts? Your input will be greatly appreciated.
> Whether possible solutions are open source, commercial, or a mix- I'd
> love
> to hear about it. Thanks much

Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
to learn more.