Looking for a comparison between Suricata and Snort? I wasn’t either, but someone did it and posted the results online. While I’m not surprised by the results, I really wanted to link to this comparison mostly because of the way you can click around in the report and see various tidbits like what specific payloads they sent and other test cases. While this isn’t absolutely detailed and recreatable (take for instance all the client side attacks), this still should give anyone some idea on what to do to test your own IPS/IDS implementations, whether you’re an admin setting up a sensor or even an auditor who needs to do some deeper verification that an IDS/IPS is performing as expected over a particular traffic segment.
By the way, if you haven’t before, feel free to browse around the site topics at the top and drill down to some useful how-to’s and sort-of-turotials on various tools and techniques in security and pen-testing.