[Snort-users] Slightly OT: high speed packet generation software

Dirk Geschke Dirk at ...10648...
Tue Dec 2 02:37:00 EST 2003


Hi Douglas,

> I'm curious to know what everyone else uses for high speed packet 
> generation. I'm not so much interested in single packets, but rather, 
> something that can generate a lot of traffic. Noise is irrelevant, as I'm 
> an looking to do IDS testing. I've looked a little at a few on freshmeat 
> (packETH, pacgen, http_load) but have no experience with any of them. By 
> high speed, I mean something that'll push 100Mb/s, and (hardware allowing) 
> 1Gb/s
> 
> Ideally, it would be nice to have something that emulated sessions between 
> a couple of ip addresses, but I'll take a variety of packet generation.

the false-positive-generator fpg is able to generate false positive
network packets based on a snort.conf file. This programs reads the
rules of the snort.conf file and tries to generate a network packet
with all parts necessary to generate an alert. 

The program is able to generate traffic much faster than your network
(at least more than 100 Mb/s on an actual computer. I never had a 
gigabit network so far...)

To compile the program you need libnet-1.1 or higher. The sources of
fpg are part of the FLoP project (http://www.geschke-online.de/FLoP).
On this page you can find a compiled version of fpg for linux/x86.

Best regards

Dirk



This program is par





More information about the Snort-users mailing list