[Snort-users] [RGSPAM] Re: Semi-OT: Re-inject tcpdump captured traffic

Martin Roesch roesch at ...1935...
Thu Dec 6 10:14:14 EST 2007

On Dec 6, 2007, at 8:39 AM, Jordi Espasa Clofent wrote:

>> And this time I'll include the proper URL.... ->
>> http://bittwist.sourceforge.net/
> Interesting tool also.
> Nevertheless, in my case, I need to work on gigabit medium, so  
> bittwist
> (which is designed for 10/100 link speed) it's not exactly what I  
> want.
> At present moment my production environment has a 130-150Mbps network
> load; moreover I'll generate 2x/3x/5x (according the present value)  
> load
> traffic to test the FW's performance and scability.

You might want to check out DaemonLogger, it's got a replay mode as  
well as a real-time tap mode as well as being a packet logger itself.   
Basically, DaemonLogger can capture traffic off of one interface  
direct to the disk (logger mode), retransmit it out another interface  
in real-time (tap mode) or replay a pcap file (replay mode).

You can get it at http://www.snort.org/users/roesch/Site/Daemonlogger/Daemonlogger.html 

Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org

More information about the Snort-users mailing list