If you want to test a NIDS, why are you running your own TCP/UDP
server(s)? Just let tcpreplay do it's thing.
Or maybe use tcpreplay to generate background traffic and use a DDoS
tool to attack a server? Maybe I'm miss-understanding what you're
trying to do- but just realize that tcpreplay can't
Yes, I want to test NIDS. It has to detect a flood attack in the traffic
simulation. I guess I'll need to use flowreplay because about 80% of
traffic would be TCP. Just to be clear, by preprocessing it means that I'll
need to remove the SYN+ACKs and ACKs and keep the SYN packets only since
server i
If you just want to replay packets, then yeah, that's what tcpreplay does.
As for the DUT- it's really about how it processes the packets.
For example: let's say you wanted to use tcpreplay to test a
webserver. I'd tell you "sorry, tcpreplay can't help with that"
because it's sending the traffic
I suppose DTU refers to my operating system and network devices included. I
am using Linux (Ubuntu LTS) with network simulation software where I create
a topology with L2/L3 switches and a couple of hosts. My goal to replay the
dataset traffic which may contain TCP/UDP/ICMP etc. packets. I was able
You don't say what your device under test (DUT) is, but generally
speaking tcpreplay works better for L2-L4 testing than L7.
Depending on your DUT, you may or may not need to split the traffic
(tcpprep) so it sees it flowing bi-directionally at the physical
level. If you're just sniffing traffic
