[Snort-devel] legit network-traffic generating tool?

Milani Paolo Paolo.Milani at ...866...
Thu Apr 29 05:13:07 EDT 2004


The simplest thing you can do to simulate real traffic is to use real traffic: use pcap traces of real traffic, and replay them on your network using tcpreplay.

You can make the traces yourself with tcpdump, but if you cannot put a sniffer on a sufficiently active network to get enough traffic, you can use pcaps that are available on the internet, such as the MIT lincolnlab datasets (which are a bit old now but still useful).

The honeynet project also has some dumps for download, but I wouldn't expect to see a lot of legitimate traffic in there.

paolo milani

Date: Wed, 28 Apr 2004 22:08:49 -0700 (PDT)
From: siddharth thakkar <sjthakkar at ...398...>
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] legit network-traffic generating tool?


Just curious if anyone knows some tool or program
which I could use to create "realistic"
network-traffic including some http, ftp, long file
downloads, etc.?  Basically, I need something that can
simulate real web-activity.  

I have coded a worm-detecting preprocessor plugin for
Snort, but I want such a traffic-generating tool to
test how well my Snort plugin detects the kind of
worms its made for...and may be eliminate

Let me know if anyone knows such a program out there
which can help stress test my network with such
legitimate traffic (in addition to my worm code which
I'll be running).

I'm looking through sourceforge, but haven't noticed
anything relevant. (except may be

Thanks in advance,  (hope I explained it well, let me
know if I haven't :) )

~Siddharth Thakkar
Univ. of Southern California.

I don't know half of you half as well as I should like; and I like less 
than half of you half as well as you deserve.
-- J. R. R. Tolkien, The Fellowship of the Ring

Gruppo Telecom Italia - Direzione e coordinamento di Telecom Italia S.p.A.

This message and its attachments are addressed solely to the persons
above and may contain confidential information. If you have received
the message in error, be informed that any use of the content hereof
is prohibited. Please return it immediately to the sender and delete
the message. Should you have any questions, please contact us by
replying to MailAdmin at ...2137... Thank you

More information about the Snort-devel mailing list