simulation network

Dear All,

Kindly I want to create a simulation environment for Zeek detection capability as IDS and calculate detection time.

The simulation environment will be on citrix xencenter hypervisor. I want to install 2 virtual machines , one of them is zeek IDS and the other one is the attacker machine. I want to send traffic from attacker machine and the traffic is mirrored to Zeek vm to detect attack.

Any help for this setup.

Disclaimer: It’s early and I’ve not finished my coffee…

I would create a virtual environment with a dedicated VLAN. In VMware, this can be a virtual network without a physical interface attached. Have Zeek observe traffic of that virtual network. This will keep the traffic observed to just the attack traffic and remove other “noise”.

If you are wishing to test and collect some sort of telemetry, I would get a tcpdump of the attack traffic. You can then replay it all you wish at varying speeds, etc…

I think this is what you are looking for. If not, apologies. I’ll grab another cup of coffee and try harder.

::smile::

you also could use something like detectionlab

https://github.com/clong/DetectionLab

First of All, Sorry for interrupting you morning coffee :slight_smile:

I will try to find similar option on citrix xenserver.

Thanks and have a good day.

​Thanks a lot seems great.