[Oisf-users] Suricata compatible packet generator
jt
jtfas90 at gmail.com
Fri Aug 9 12:34:02 UTC 2019
Hi! Welcome to the list!
I use flowsynth
https://github.com/secureworks/flowsynth
I have file2pcap on my list to play more with but have heard of others
using it.
https://github.com/Cisco-Talos/file2pcap
JT
On Fri, 2019-08-09 at 14:10 +0300, Duonas Kepals wrote:
> Hello everyone!
> This is my first message in this mailing list, I hope it's an OK
> question.
>
> I am trying to use suricata, and as I understand, I can pass a .pcap
> file to it, and some rules, and suricata then will tell if there are
> any packets matching any rules.
> For testing purposes, I would like to generate some packets from
> rules, and then feed those packets and rules to suricata. I expect
> that this would make every packet to match against some rules.
>
> I tried using sniffles tool to generate packets from rules, but
> sometimes it crashes, I suppose it is not updated and does not
> recognize some newer rule syntax, e.g. when there is "...
> http_header; ..." inside content it crashes; and many other cases.
> But there are also some rules that don't crash sniffles. But this is
> not ideal.
>
> I would like to know if there is any tool, maybe developed by
> suricata developers, or third party, which would generate packets in
> .pcap file, for further testing purposes.
>
> Sincerely,
> Duonas Kepals
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
More information about the Oisf-users
mailing list