Re: IDS testing. Libs for packet capture.



Have you looked at tcpreplay? It allows you to playback libpcap packet
capture files in real-time (among other things).

http://tcpreplay.synfin.net/trac/

Skyler Bingham
GIAC {GSEC, GCIH, GCIA, GCFA}, CEH
(602) 957-1650 x1139



"Александр Сайко"
<saiko.a.s@gmail.
com> To
Sent by: focus-ids@xxxxxxxxxxxxxxxxx
listbounce@securi cc
tyfocus.com
Subject
IDS testing. Libs for packet
12/02/2008 04:18 capture.
PM









All,

I have been working in IDS testing. Now I'm focused on testing network
modules, like Snort, netstat, ect. I search for a tools to play
traffic from tcpdumps. Is anyone in the group working on something
like that? The idea is to develop some libpcap-like lib for playing
tcpdumps. The question is: had it been already done? Are there any
other common libs for packet captureing used in common IDSs?

---
Saiko Alexander

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw

to learn more.
------------------------------------------------------------------------