On Nov 30, 2007 5:46 AM, Dev Null <[EMAIL PROTECTED]> wrote: > Though I have worked a bit with sniffers, but did not use tcpreplay > and related tools before. I have downloaded and installed them and > read the man pages and docs available on synfin website as well. > > However, I am facing difficulty visualizing potential "uses" and > "absues" of the tools. What I understood was that these tools can be > used in the following two scenarios: > > 1- To *test* a device, say a firewall, router, etc. However, what > eluded me was the kinds of test that can be performed. I think they > can be some good tests to check the security or some tests with the > intention of abuse? Can someone please throw some more light on this.
Testing an IDS/IPS to see if it will detect an attack. I know for a fact that many vendors use tcpreplay in this manner. The same could be said of some firewalls/UTM's. > 2- I also read somewhere that these tools can be used to generate a > real background traffic to hide attacks instead of programmatically > crafted traffic. What are some real life scenarios and anything that I > can read for more on this. I assume you're talking about capturing real world traffic and then replaying it. I suppose some people use tcpreplay in that manner to generate load- basically a cheap version of Ixia or Spirent. > I would request the users to please enlist all the possible "uses" and > "abuses" of these tools. At least one by each user. After the thread > is over, I can compile the list and probaly Aaron can then include it > in the tcpreplay docs. Not much here now, mostly because I haven't bothered to spend the time, but by all means feel free to contribute. http://tcpreplay.synfin.net/trac/wiki/UseCases -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ Tcpreplay-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
