[Snort-users] Public packet traces? (was Re: Benchmarking load generator?)

jsp1999 at ...348... jsp1999 at ...348...
Thu Oct 3 09:05:02 EDT 2002

> tcpreplay does indeed look like exactly the tool I need, thanks all 
> for the ptrs! 
> I'm planning on doing my own benchmarking for our in-house purposes 
> with corresponding in-house packet captures. I'll certainly report 
> the benchmark results to this list, but it'd be most satisfying if I 
> could also post some results that other people could reproduce, or 
> that people could compare with identical tests run against different 
> hardware configs of the snorter. 
> This, of course, requires that we all have the same packet trace[s] 
> to hammer with. 
> And it'd be awfully nice if the results of this were really free of 
> usage restrictions of any sort. 
> The defcon9 capture the flag traces come with a usage request: 
>  These logs are not intended for any commercial purpose. The Shmoo 
>  Group and the DefCon 8.0 organizers specifically discourage use of 
>  this data for marketing use by intrusion detection system vendors. 
> I intend to honor that request, so I won't be posting results using 
> those traces. I can't offer my own captures for public download, as 
> they must be presumed to contain proprietary info. Anybody got a 
> decent completely public trace in pcap format? I really don't care 
> whether it's larded with attacks to set off snort or not; whether 
> or not such attacks are in there, we can still learn something of 
> interest. I personally favour deploying snorts positioned so they 
> see as few attacks as possible, and tuning them as much as necessary 
> to disable false positives, so a packet trace completely free of 
> any attacks wouldn't be a bad benchmark set for me. Others will 
> obviously differ. 
> But if someone could point me at a good pcap-format trace for public 
> unrestricted use I'd be very glad to use that. 
> -Bennett 
Well, simply use the Darpa MIT Lincoln Labs Intrusion Detection Traffic, 
which is publicly available (search it using google). 

+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Günstige DSL- & Modem/ISDN-Tarife!

More information about the Snort-users mailing list