Security Lab Seminar

Wed., Feb. 12, 2003

Speaker: Fiona Wong

Title: "TCPopera"

Abstract:

TCPreplay is a tool developed by Anzen Computing in order to aid in the testing of NIDS, a Network Intrusion Detection System Test Suite. Its primary goal is to evaluate the performance of such intrusion detection systems by replaying background traffic that mimics real-world behavior. Although TCPreplay is able to generate real traffic from TCPdump files, it does not have the capability to replay traffic in different network traffic environments. For example, TCPreplay is unable to handle delayed or lost packets. If a message is removed from a TCPdump file, TCPreplay will simply replay subsequent packets. To improve current IDS testing procedures, TCPreplay should support traffic shaping.