|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: IDS: packet capture and replay
From: Jackie Chan (blue0ne
igloo.org)Date: Fri Mar 24 2000 - 16:25:36 CST
- Next message: Jackie Chan: "Re: IDS: Good source of intrusion detection and response steps?"
- Previous message: Stuart Staniford-Chen: "Re: IDS: Good source of intrusion detection and response steps?"
- In reply to: Mila, Brian D: "IDS: packet capture and replay"
- Reply: Jackie Chan: "Re: IDS: packet capture and replay"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
Brian,
NetMon for Windows will do this. Obviously the sessions will not
truly be occuring at replay time, but the packets will still be sent onto
the wire. I have used this to simulate certain attacks for a classroom
situation. an IDS really does not know if hte sessions are truly
occurring or of the packets are merely running amok.
blue0ne
On Fri, 24 Mar 2000, Mila, Brian D wrote:
> Archive: http://msgs.securepoint.com/ids
> FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owneruow.edu.au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
> -----------------------------------------------------------------------------
> Hi,
>
> Does anyone know of a pacture capture utility that can capture packets
> and then replay them onto the network at a later time? I'm not sure if
> this is even possible, I think the sequence numbers would need to change
> along with timestamps perhaps. But I'd like to be able to capture a stream
> of packets and then replay them later to determine if they are the cause
> of a problem to a particular machine. Any ideas appreciated.
>
> Brian
>
- Next message: Jackie Chan: "Re: IDS: Good source of intrusion detection and response steps?"
- Previous message: Stuart Staniford-Chen: "Re: IDS: Good source of intrusion detection and response steps?"
- In reply to: Mila, Brian D: "IDS: packet capture and replay"
- Reply: Jackie Chan: "Re: IDS: packet capture and replay"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]