[Snort-users] Traffic Generator
ken.robinson at ...1563...
Wed Mar 21 11:04:04 EST 2001
Thanks for the idea of replaying other traffic.
I've found a tool that looks very interesting, but some sort of network
issue seems to be keeping me from getting it. It's an updated version of
tcpblast at ftp://ftp.6bone.pl/pub/blast/. A lot of functionality has been
added to it. Here's the option list I found in a posting on IPv6.
-4, --ipv4 use only ipv4 address
-6, --ipv6 use only ipv6 address
-a send random data
-b BUF_SIZE socket buf size (default: -1 == don't change), with `-'
be substracted from results
-c, --count BLOCKS change default (300) number of blocks, range:
-d DOTFREQ print dot every DOTFREQ blocks, disables cont. speed
-h, --help this help
-i, --delay DELAY write delay in microseconds (EXPERIMENTAL)
-l, --last BLKS show also speed for last BLKS blocks
-m results for every block in separate line
-n, --nwrite do not write, use e.g. with chargen port
-o switch from continuous speed displaying to dots
-p PORT bind this local PORT
-q --quiet show only final statistics
-r, --read read data returned to us, switches default port to echo
-R, --rate RATESPEC limit the speed according to the RATESPEC
-s BLOCK_SIZE block size (default 1024 bytes)
-t MAXTIME limit time to MAXTIME (up to 42950 h)
--tcp use TCP (default)
--udp use UDP (default if named udpblast)
-v, --verbosity verbosity, default 0, maximum 3. -v adds time display,
also speed in B/s, -v - speed in b/s.
-V, --version version
-x, --maxseg SIZE setting packet SIZE using TCP_MAXSEG
destination host name or address
port use port #/name xyz instead of default port 9
RATE generating data at RATE speed in B/s
TIME for TIME seconds (can be floating point number), last
be omitted and that time will be infinite
From: Chris Green [mailto:cmg at ...671...]
Sent: March 21, 2001 10:59 AM
To: Robinson, Ken
Cc: Snort List (E-mail)
Subject: Re: [Snort-users] Traffic Generator
One thing you could try is do a tcpdump capture of your network
traffic and then use tcpreplay from
http://www.anzen.com/research/nidsbench/ to regenerate that traffic
while running your test attacks.
"Robinson, Ken" <ken.robinson at ...1563...> writes:
> I want to be able to create a baseline of traffic on a test network so
> I can test how well my snort set-up works on a busy network. I'll run
> attack simulations over top of this busy network to see what snort
> Could somebody please recommend a free traffic generator that I can use
> Ken Robinson
Chris Green <cmg at ...671...>
Logic, my dear Zoe, merely enables one to be wrong with authority.
- Doctor Who, "The Wheel in Space"
More information about the Snort-users