fragrouter + tcpreplay would do the trick. I don't think fragroute
(no r) will work properly with tcpreplay on the same box, but you
might give it a try.
You can get fragrouter (unsupported afaik) here:
http://packetstorm.widexs.nl/UNIX/IDS/nidsbench/nidsbench.html
Newer (and supported) versions of tcpreplay from here:
http://tcpreplay.sourceforge.net/
Fragroute (supported):
http://www.monkey.org/~dugsong/fragroute/
Of course none of these tools really make it easy to determine what
packet(s) actually cause the problem, but you can step through the
pcap file manually using tcpreplay.
-Aaron
On 12/13/05, Schupp, Hank <Hank.Schupp@mantech-ist.com> wrote:
Am trying to determine a method to transmit PCAP files with
(measurable?)
fragmentation.
I have sets of captures now for various protocols (IM, EMAIL, HTTP, etc)
and wish to transmit them in a fragmented format to test the ability of
an
analysis tool to properly defragment and rebuild the sessions.
Optimally,
I'd like to be able to set a fragmentation percentage and replay a set
of
pcap files to gauge the failure point. Out-of-order packet generation
in the same tool would just be a big plus!
Any thoughts? Your input will be greatly appreciated.
Whether possible solutions are open source, commercial, or a mix- I'd
love
to hear about it. Thanks much
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
