[Snort-users] Traffic Generator

Robinson, Ken ken.robinson at ...1563...
Wed Mar 21 11:04:04 EST 2001


Thanks for the idea of replaying other traffic.  

I've found a tool that looks very interesting, but some sort of network
issue seems to be keeping me from getting it.   It's an updated version of
tcpblast at ftp://ftp.6bone.pl/pub/blast/.   A lot of functionality has been
added to it.   Here's the option list I found in a posting on IPv6.

Options:
-4, --ipv4           use only ipv4 address
-6, --ipv6           use only ipv6 address
-a                   send random data
-b BUF_SIZE          socket buf size (default: -1 == don't change), with `-'
to
                       be substracted from results
-c, --count BLOCKS   change default (300) number of blocks, range:
1..10000000
-d DOTFREQ           print dot every DOTFREQ blocks, disables cont. speed
disp. 
-h, --help           this help
-i, --delay DELAY    write delay in microseconds (EXPERIMENTAL)
-l, --last BLKS      show also speed for last BLKS blocks
-m                   results for every block in separate line
-n, --nwrite         do not write, use e.g. with chargen port
-o                   switch from continuous speed displaying to dots
printing
-p PORT              bind this local PORT
-q --quiet           show only final statistics
-r, --read           read data returned to us, switches default port to echo
-R, --rate RATESPEC  limit the speed according to the RATESPEC
-s BLOCK_SIZE        block size (default 1024 bytes)
-t MAXTIME           limit time to MAXTIME (up to 42950 h)
    --tcp            use TCP (default)
    --udp            use UDP (default if named udpblast)
-v, --verbosity      verbosity, default 0, maximum 3. -v adds time display,
-vv
                       also speed in B/s, -v - speed in b/s.
-V, --version        version
-x, --maxseg SIZE    setting packet SIZE using TCP_MAXSEG
destination          host name or address
port                 use port #/name xyz instead of default port 9

RATESPEC             RATE[,TIME][:RATE[,TIME]]...
RATE                 generating data at RATE speed in B/s
TIME                 for TIME seconds (can be floating point number), last
can
                       be omitted and that time will be infinite



-----Original Message-----
From: Chris Green [mailto:cmg at ...671...]
Sent: March 21, 2001 10:59 AM
To: Robinson, Ken
Cc: Snort List (E-mail)
Subject: Re: [Snort-users] Traffic Generator


One thing you could try is do a tcpdump capture of your network
traffic and then use tcpreplay from
http://www.anzen.com/research/nidsbench/ to regenerate that traffic
while running your test attacks.

"Robinson, Ken" <ken.robinson at ...1563...> writes:

> Hello,
> 
> I want to be able to create a baseline of traffic on a test network so
that
> I can test how well my snort set-up works on a busy network.     I'll run
> attack simulations over top of this busy network to see what snort
reports.
> 
> 
> Could somebody please recommend a free traffic generator that I can use
for
> this?     
> 
> Thanks.
> 
> ----
> Ken Robinson
-- 
Chris Green <cmg at ...671...>
Logic, my dear Zoe, merely enables one to be wrong with authority.
                - Doctor Who, "The Wheel in Space"




More information about the Snort-users mailing list