Greetings,
I am new to Suricata and networks. I have a question,
I have a VM and I installed Suricata 7.0.0 there. I was wondering if I can test my custom rules by using the same VM where suricata is installed by sending test packets using scapy? Will it be possible or I should create a separate VM to send test packets to my Suricata VM? Thanks
Since Suricata can capture packets from a pcap file (or pcap-directory), you should be able to use scapy to generate the pcap files and then use Suricata for analysis/detection/etc.
Suricata can be controlled by suricatasc – there are a number of pcap related commands that might be suitable for your situation.
Hello, thank you for sharing this information. I will check it out. I also have decided to send test packets from another VM source since I think will be easier to create scenarios. Thank you again.