[Snort-users] Public packet traces? (was Re: Benchmarking load generator?)

jsp1999 at ...348... jsp1999 at ...348...
Thu Oct 3 09:05:02 EDT 2002


> tcpreplay does indeed look like exactly the tool I need, thanks all 
> for the ptrs! 
>  
> I'm planning on doing my own benchmarking for our in-house purposes 
> with corresponding in-house packet captures. I'll certainly report 
> the benchmark results to this list, but it'd be most satisfying if I 
> could also post some results that other people could reproduce, or 
> that people could compare with identical tests run against different 
> hardware configs of the snorter. 
>  
> This, of course, requires that we all have the same packet trace[s] 
> to hammer with. 
>  
> And it'd be awfully nice if the results of this were really free of 
> usage restrictions of any sort. 
>  
> The defcon9 capture the flag traces come with a usage request: 
>  
>  These logs are not intended for any commercial purpose. The Shmoo 
>  Group and the DefCon 8.0 organizers specifically discourage use of 
>  this data for marketing use by intrusion detection system vendors. 
>  
> I intend to honor that request, so I won't be posting results using 
> those traces. I can't offer my own captures for public download, as 
> they must be presumed to contain proprietary info. Anybody got a 
> decent completely public trace in pcap format? I really don't care 
> whether it's larded with attacks to set off snort or not; whether 
> or not such attacks are in there, we can still learn something of 
> interest. I personally favour deploying snorts positioned so they 
> see as few attacks as possible, and tuning them as much as necessary 
> to disable false positives, so a packet trace completely free of 
> any attacks wouldn't be a bad benchmark set for me. Others will 
> obviously differ. 
>  
> But if someone could point me at a good pcap-format trace for public 
> unrestricted use I'd be very glad to use that. 
>  
> -Bennett 
>  
Well, simply use the Darpa MIT Lincoln Labs Intrusion Detection Traffic, 
which is publicly available (search it using google). 
 
Jasper 

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Günstige DSL- & Modem/ISDN-Tarife!





More information about the Snort-users mailing list