Hi, I was wondering if someone could possibly help me out here.
I am doing a project on a 'Performance Evaluation of in-line signature-based Intrusion Detection' The goal of this is to stress an IDS that is placed in-line of a network topology consisting of 2 Cisco routers and evaluate the performance metrics and how it impacts the overall network.
I am planning on using SNORT as the sensor and some kind of network traffic generator like 'Ostinato'
Would GNS3 be the best virtual method of implementing this form of network-based security and if so how would I best implement this with SNORT and a network traffic generator?
Or is there a more efficient and easier way to implement such a topology virtually. I have looked at various software however there is nothing definitive.
Would appreciate any thoughts, advice and help on all the above as soon as possible Many thanks! :)
Dear Gordon Proudfoot
I suggest an open-source simulation you.
For example NS3 tool.
NS3 link: https://www.nsnam.org/
You must be proficient in sockets programming and winpcap libraries.
sockets programming link:https://www.nsnam.org/docs/models/html/sockets-api.html
winpcap libraries link:https://www.winpcap.org/
You can use tcpdump to generate traffic.
tcpdump link: https://www.tcpdump.org/
Sample traffic generation code in the following link:
https://www.nsnam.org/docs/release/3.3/doxygen/application.html
You need a Wireshark tool to record and control the flow of your packets.
Wireshark link:https://www.wireshark.org/
You need a buffer to control and monitor incoming packages.
That's why you have to be fluent in memory to control the buffer.
Best regards
https://www.sciencedirect.com/topics/computer-science/network-based-intrusion-detection-system
- Badges
- Science topic
- Similar topics
- Biological Science
- Bioecology
- Systems Ecology
- Landscape Ecology
- Connectivity