[Snort-users] Public packet traces? (was Re: Benchmarking load generator?)
jsp1999 at ...348...
jsp1999 at ...348...
Thu Oct 3 09:05:02 EDT 2002
> tcpreplay does indeed look like exactly the tool I need, thanks all
> for the ptrs!
> I'm planning on doing my own benchmarking for our in-house purposes
> with corresponding in-house packet captures. I'll certainly report
> the benchmark results to this list, but it'd be most satisfying if I
> could also post some results that other people could reproduce, or
> that people could compare with identical tests run against different
> hardware configs of the snorter.
> This, of course, requires that we all have the same packet trace[s]
> to hammer with.
> And it'd be awfully nice if the results of this were really free of
> usage restrictions of any sort.
> The defcon9 capture the flag traces come with a usage request:
> These logs are not intended for any commercial purpose. The Shmoo
> Group and the DefCon 8.0 organizers specifically discourage use of
> this data for marketing use by intrusion detection system vendors.
> I intend to honor that request, so I won't be posting results using
> those traces. I can't offer my own captures for public download, as
> they must be presumed to contain proprietary info. Anybody got a
> decent completely public trace in pcap format? I really don't care
> whether it's larded with attacks to set off snort or not; whether
> or not such attacks are in there, we can still learn something of
> interest. I personally favour deploying snorts positioned so they
> see as few attacks as possible, and tuning them as much as necessary
> to disable false positives, so a packet trace completely free of
> any attacks wouldn't be a bad benchmark set for me. Others will
> obviously differ.
> But if someone could point me at a good pcap-format trace for public
> unrestricted use I'd be very glad to use that.
Well, simply use the Darpa MIT Lincoln Labs Intrusion Detection Traffic,
which is publicly available (search it using google).
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
NEU: Mit GMX ins Internet. Günstige DSL- & Modem/ISDN-Tarife!
More information about the Snort-users