Snort mailing list archives
Re: Public packet traces? (was Re: Benchmarking load generator?)
From: jsp1999 () gmx de
Date: Thu, 3 Oct 2002 18:04:13 +0200 (MEST)
tcpreplay does indeed look like exactly the tool I need, thanks all for the ptrs! I'm planning on doing my own benchmarking for our in-house purposes with corresponding in-house packet captures. I'll certainly report the benchmark results to this list, but it'd be most satisfying if I could also post some results that other people could reproduce, or that people could compare with identical tests run against different hardware configs of the snorter. This, of course, requires that we all have the same packet trace[s] to hammer with. And it'd be awfully nice if the results of this were really free of usage restrictions of any sort. The defcon9 capture the flag traces come with a usage request: These logs are not intended for any commercial purpose. The Shmoo Group and the DefCon 8.0 organizers specifically discourage use of this data for marketing use by intrusion detection system vendors. I intend to honor that request, so I won't be posting results using those traces. I can't offer my own captures for public download, as they must be presumed to contain proprietary info. Anybody got a decent completely public trace in pcap format? I really don't care whether it's larded with attacks to set off snort or not; whether or not such attacks are in there, we can still learn something of interest. I personally favour deploying snorts positioned so they see as few attacks as possible, and tuning them as much as necessary to disable false positives, so a packet trace completely free of any attacks wouldn't be a bad benchmark set for me. Others will obviously differ. But if someone could point me at a good pcap-format trace for public unrestricted use I'd be very glad to use that. -Bennett
Well, simply use the Darpa MIT Lincoln Labs Intrusion Detection Traffic, which is publicly available (search it using google). Jasper -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Günstige DSL- & Modem/ISDN-Tarife! ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Benchmarking load generator? Bennett Todd (Oct 02)
- Re: Benchmarking load generator? creining (Oct 02)
- Public packet traces? (was Re: Benchmarking load generator?) Bennett Todd (Oct 03)
- Re: Public packet traces? (was Re: Benchmarking load generator?) jsp1999 (Oct 03)
- Re: Public packet traces? (was Re: Benchmarking load generator?) Bennett Todd (Oct 03)
- Public packet traces? (was Re: Benchmarking load generator?) Bennett Todd (Oct 03)
- Re: Benchmarking load generator? creining (Oct 02)
- Re: Benchmarking load generator? Michael Boman (Oct 02)