Snort mailing list archives
Trigger events
From: "evilghost () packetmail net" <evilghost () packetmail net>
Date: Wed, 5 Jan 2011 09:26:24 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/05/11 09:12, Atkins, Dwane P wrote:
Is there an application that will allow us to trigger these events in a test environment?
Tomahawk [1] is pretty good at replaying PCAPs which should do what you need. Create a PCAP for the malicious traffic and replay it against your test environment. I have used this tool before for the exact reasons you require.
Dwane
[1] http://tomahawk.sourceforge.net/MAN.html - -evilghost -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJNJI2gAAoJENgimYXu6xOHRbcQAJ6qha3Sf+8qZakBU8Wjeo/E 6qTAiN8zHXD5zSjxSFTVb6hZHdNVxwGA2TnwV6EQGm9VrM/rh9tZy3q13IIqXBcV KL3rcDKhVrod/xo+AGuZAG3dt5vf2X4P7rvm9SVY0/dviBjQ8czzA2XWYBLQW78v lRjaWEIQ6doYx0/YEmHDmopDWMqpBADsq8PgUtZHcthkGXgBZ1+04jdU/Erdtvmk Z2melrg7fpQ2nMcsKnS11C7MbWvGEPpMTzLw+7e+6DzFaKlq8/VydanqV3SbLxcL dZj0xVvcrTBFZeyqm/1AB7GSkFGzNMk2WcEuwG2++02G0wBwc6RAwqLaflBi9Vdg e+p3LaGr+2ajBLZYgkMhl9i5bHrtGAiSjOnwd8eDqPEWBeB8ijILP3u4XMgfDq7D w/sDjAsif4R/1Q3rf3X/WUaZzJG3bEi4TBenm8PbLanJk/JKvfl++ZTR6J16chby ZvbwalOUndJi5O8c24AYpItUVu428xUtMnVfRyPy6XeLWS+W4guO9kZBIRTpupSK wR19e/KR1+1lM72ZBOVrNWo5wkRU14KWX+6iQYSjROfB/59Nx8HDlleZRiXK8Jki BHgiJs5tIsW70a+Cpvt1q7o4e6ralRR1bTD1MPSr2ZLRnQnCha5h/elLdSsik8Zj 0XHzS6PliswCv3fALMU3 =vO6r -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Trigger events Atkins, Dwane P (Jan 05)
- Trigger events evilghost () packetmail net (Jan 05)
- Re: Trigger events Nick Moore (Jan 05)