[Snort-devel] legit network-traffic generating tool?

siddharth thakkar sjthakkar at ...398...
Thu Apr 29 01:30:06 EDT 2004


Hi Ravi and Everyone,

Pardon my ignorance as a newbie to this area, but as
far as I get it:

-Nessus would help me generate an "attack" test.
-HammerHead would help me generate HTTP traffic only
(again like an "attack" traffic).
-Nikto & Mutate2: I couldn't understand this quite but
it again may be in the same "attack"-traffic
generating tool.

Rather than these, wouldn't a "background" traffic
(and not an "attack" traffic) be good to test how much
my IDS plugin leads to false-positives?

I read a few (open-ended-problems) discussions on
Neohapsis, but conclusively couldn't find such a tool
till now.

Please enlighten more and help me :)
~Siddharth

--- Ravi <ravivsn at ...2125...> wrote:
> Siddharth,
>  To simulate real webtraffic and thereby test Snort
> plugin use
>     - nessus, the vulnerability scanner to send
> attack packets
>     - HammerHead, a tool that can act as HTTP client
> and generates huge 
> traffic at a time. It will stress your network with
> lots of genuine http 
> requests. Or you can use hardware boxes like
> smartbits.
>     - To send packets to evade IDS, use nikto or
> Mutate2
> 
> HTH,
> Cheers,
> -Ravi
> ROCSYS Technologies Ltd.,
> http://www.rocsys.com
> 
> 
> 
> siddharth thakkar wrote:
> 
> >Hi,
> >
> >Just curious if anyone knows some tool or program
> >which I could use to create "realistic"
> >network-traffic including some http, ftp, long file
> >downloads, etc.?  Basically, I need something that
> can
> >simulate real web-activity.  
> >
> >I have coded a worm-detecting preprocessor plugin
> for
> >Snort, but I want such a traffic-generating tool to
> >test how well my Snort plugin detects the kind of
> >worms its made for...and may be eliminate
> >false-positives.
> >
> >Let me know if anyone knows such a program out
> there
> >which can help stress test my network with such
> >legitimate traffic (in addition to my worm code
> which
> >I'll be running).
> >
> >I'm looking through sourceforge, but haven't
> noticed
> >anything relevant. (except may be
> >"traffic"/trafserver/trafclient??)
> >
> >Thanks in advance,  (hope I explained it well, let
> me
> >know if I haven't :) )
> >
> >~Siddharth Thakkar
> >Univ. of Southern California.
> >
> >=====
> >I don't know half of you half as well as I should
> like; and I like less 
> >than half of you half as well as you deserve.
> >-- J. R. R. Tolkien, The Fellowship of the Ring
> >----------------
> >
> >
> >	
> >		
> >__________________________________
> >Do you Yahoo!?
> >Win a $20,000 Career Makeover at Yahoo! HotJobs  
> >http://hotjobs.sweepstakes.yahoo.com/careermakeover
> 
> >
> >
>
>-------------------------------------------------------
> >This SF.Net email is sponsored by: Oracle 10g
> >Get certified on the hottest thing ever to hit the
> market... Oracle 10g. 
> >Take an Oracle 10g class now, and we'll give you
> the exam FREE. 
>
>http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> >_______________________________________________
> >Snort-devel mailing list
> >Snort-devel at lists.sourceforge.net
>
>https://lists.sourceforge.net/lists/listinfo/snort-devel
> >
> >  
> >
> 
> 
> 
> 
> 
>
-------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the
> market... Oracle 10g. 
> Take an Oracle 10g class now, and we'll give you the
> exam FREE. 
>
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
>
https://lists.sourceforge.net/lists/listinfo/snort-devel


=====
I don't know half of you half as well as I should like; and I like less 
than half of you half as well as you deserve.
-- J. R. R. Tolkien, The Fellowship of the Ring
----------------


	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 




More information about the Snort-devel mailing list