|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jordi Espasa Clofent (jordi.espasa
opengea.org)
Date: Thu Dec 06 2007 - 04:40:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I all,
I'm building a transparent FW for a production environment; to reproduce
the same conidtions in testing environment as a real production
environment I have the next idea:
* capture a big chunks of real incoming traffic with tcpdump or snort.
* traslate these amount of real captured traffic in the test environment
and re-inject it in network to simulate/reproduce the real conditions
I've searched and tried about it and at present moment I've:
* capture the traffic with -w option of tcpdump
* reinject the dumped traffic whith iperf or hping
The main question is I'm not sure about that iperf or hping re-inject
exactly the same code which tcpdump has captured. I'm not sure if these
tools treat the dumped traffic as a normal file or, effectively, they
read the dumped code and re-inject exactly the same network captured
packets without any changes.
¿Can I do it with Snort?
--
Thanks
Jordi Espasa Clofent
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]