RE: IDS testing. Libs for packet capture.



Try Tcpreplay - http://tcpreplay.synfin.net/trac/

Andrew Hay, RHCE, GSEC, GCIA, GCIH, CISSP
Security Analyst CAPITAL G Limited
25 Reid Street
P.O. Box HM 1194
Hamilton HM EX
Bermuda
+1.441.294.2468 Direct
+1.441.296.6853 Fax
+1.441.300.0063 Cell
ahay@xxxxxxxxxxx
www.capital-g.com


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of ????????? ?????
Sent: Tuesday, December 02, 2008 7:18 PM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: IDS testing. Libs for packet capture.

All,

I have been working in IDS testing. Now I'm focused on testing network
modules, like Snort, netstat, ect. I search for a tools to play
traffic from tcpdumps. Is anyone in the group working on something
like that? The idea is to develop some libpcap-like lib for playing
tcpdumps. The question is: had it been already done? Are there any
other common libs for packet captureing used in common IDSs?

---
Saiko Alexander

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



The information in this Internet e-mail, including attachments, contains information that is confidential and may be protected by attorney client
privileges. This email, including attachments, constitutes non-public information intended only for the use of the designated recipient(s) to
which it is addressed and may contain legal or financial information which is privileged, confidential or subject to copyright. Access by any other
person to this Internet e-mail is not authorized. If you are not the intended recipient, please delete this Internet e-mail, including
attachments, immediately and notify the sender by return email. Any disclosure of this Internet e-mail, including attachments, or of the
parties to it, or copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited, and may be unlawful.