PCAPs for Testing¶
Security Onion 16.04 comes with several pcap samples in
You can use
tcpreplay to replay any of these pcaps on your Security Onion sensor. For example, please see https://blog.securityonion.net/2011/01/introduction-to-sguil-and-squert-part-3.html for a quick, easy use-case and what you should see in the Sguil console.
so-replay will use
tcpreplay to replay all pcap samples in
/opt/samples to your sniffing interface.