Hi geek00l and everyone,
In my article "How to test Snort"
http://searchsecuritychannel.techtarget.com/tip/0,289483,sid97_gci1266313,00.html
I mention
Snot (not available)
Sneeze
Stick
Mucus
IDSWakeup
Similar tools not mentioned include:
Fpg (http://www.geschke-online.de/FLoP/fpg.8.html)
snortspoof.pl (http://trac.cipherdyne.org/trac/fwsnort/browser/fwsnort/branches/fwsnort-1.0.3/snortspoof.pl)
HOWEVER, I do NOT recommend using these tools in most cases. They are
all stateless (as explained in my article) and will fail due to
Stream4 or Stream5 keeping connection state.
Instead, I recommend in my article:
"The easiest way to ensure Snort is actually seeing any traffic is to
create a simple rule and see if Snort generates an alert. "
If you want to include a generic traffic generation application, that
is a good idea. I don't think it's necessary to include stateless
Snort "testing" tools though.
Sincerely,
Richard
snortspoof.pl ( http://trac.cipherdyne.org/trac/fwsnort/browser/fwsnort/branches/fwsnort-1.0.3/snortspoof.pl)
HOWEVER, I do NOT recommend using these tools in most cases. They are
all stateless (as explained in my article) and will fail due to
Stream4 or Stream5 keeping connection state.
Instead, I recommend in my article:
"The easiest way to ensure Snort is actually seeing any traffic is to
create a simple rule and see if Snort generates an alert. "
If you want to include a generic traffic generation application, that
is a good idea. I don't think it's necessary to include stateless
Snort "testing" tools though.
Sincerely,
Richard