[Snort-devel] legit network-traffic generating tool?

Ravi ravivsn at ...2125...
Wed Apr 28 23:35:02 EDT 2004


Siddharth,
 To simulate real webtraffic and thereby test Snort plugin use
    - nessus, the vulnerability scanner to send attack packets
    - HammerHead, a tool that can act as HTTP client and generates huge 
traffic at a time. It will stress your network with lots of genuine http 
requests. Or you can use hardware boxes like smartbits.
    - To send packets to evade IDS, use nikto or Mutate2

HTH,
Cheers,
-Ravi
ROCSYS Technologies Ltd.,
http://www.rocsys.com



siddharth thakkar wrote:

>Hi,
>
>Just curious if anyone knows some tool or program
>which I could use to create "realistic"
>network-traffic including some http, ftp, long file
>downloads, etc.?  Basically, I need something that can
>simulate real web-activity.  
>
>I have coded a worm-detecting preprocessor plugin for
>Snort, but I want such a traffic-generating tool to
>test how well my Snort plugin detects the kind of
>worms its made for...and may be eliminate
>false-positives.
>
>Let me know if anyone knows such a program out there
>which can help stress test my network with such
>legitimate traffic (in addition to my worm code which
>I'll be running).
>
>I'm looking through sourceforge, but haven't noticed
>anything relevant. (except may be
>"traffic"/trafserver/trafclient??)
>
>Thanks in advance,  (hope I explained it well, let me
>know if I haven't :) )
>
>~Siddharth Thakkar
>Univ. of Southern California.
>
>=====
>I don't know half of you half as well as I should like; and I like less 
>than half of you half as well as you deserve.
>-- J. R. R. Tolkien, The Fellowship of the Ring
>----------------
>
>
>	
>		
>__________________________________
>Do you Yahoo!?
>Win a $20,000 Career Makeover at Yahoo! HotJobs  
>http://hotjobs.sweepstakes.yahoo.com/careermakeover 
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by: Oracle 10g
>Get certified on the hottest thing ever to hit the market... Oracle 10g. 
>Take an Oracle 10g class now, and we'll give you the exam FREE. 
>http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
>_______________________________________________
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>  
>







More information about the Snort-devel mailing list