2

I'm in my last year of university and for my honour's project I am tasked with comparing two intrusion detection systems, snort and suricata, hosted on a virtual machine on my PC.

As I have no access to networking devices such as switches etc, I was looking to use a pcap files containing malicious traffic and pass it through to the IDS. I'm aware there are datasets out there already, but I am looking for unique traffic and also traffic similar to a small business.

If I can somehow create a regular pcap file simulating daily traffic of a small network and then inject malicious traffic, I think this would be the best option. Basically looking for any advice at all as I am stumped.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Conor
  • 21
  • 2

1 Answers1

1

I will suggest you create a virtual environment (with virtual machines) and capture the traffic between them with tcpdump/wireshark. That should be enough for your requirements. Just be aware that both virtual machines (client and server) must be isolated to the out world in case you are executing malware that you don't have the control of it, or you dont know how behaves.

camp0
  • 2,172
  • 1
  • 10
  • 10