Traffic generators

Traffic generators

Traffic generators can support the work of administrators in terms of testing and understanding their own network. Traffic generators allow you to find bottlenecks in the network, test new equipment for performance, and test monitoring systems. Traffic generators also allow you to check the behavior of network devices in terms of handling unusual / corrupted packets or frames. Additionally, monitoring and analyzing network connections, including IP addresses, is crucial for administrators.

Traffic generators are divided into two main types:

Stateless generators – these tools only send packets without waiting for a response. This makes them ideal for testing network load (e.g. DDoS attack simulations on layers 3, 4, and 7). Generators of this type are great for examining the behavior of network devices in high traffic conditions, but do not analyze the return data. In the context of testing the speed of Internet connections, these generators can be used for ADSL tests.

Client-server generators – operate in interactive mode, which means that they both send packets and receive responses, allowing for detailed analysis. These tools are used to measure latency, packet loss, jitter, and other network parameters. In such cases, the client is responsible for initiating traffic, while the server collects and analyzes the data. The functionality of these tools allows for comprehensive network testing and analysis.

Examples of one-way traffic generators are:

• hping3 => opensource
• scapy => opensource
• Raven-Storm  => opensource
• httpflood => opensource
• PacketSender => free
• Nping => free

In the context of network diagnostics, these tools can be used to analyze hosts.

They are usually simple programs that run on Linux and are operated from the command line.

Examples of client-server traffic generators are:

• Spirent => paid
• Ostinato => paid
• Trex => opensource

Traffic generators can be used both on a computer and on a server, allowing you to monitor and analyze the network configuration on different devices. In the context of testing network connections, it is important to provide the appropriate hostname or computer name.

Traffic generators are key to measuring network throughput, which allows you to evaluate the performance of connections. In the case of specific scenarios, such as testing new configurations, traffic generators are irreplaceable.

Server diagnostics and testing server connections are important for assessing the stability and performance of the network. Monitoring the local network allows you to collect information about the available devices and their parameters.

Traffic generators allow you to perform various network tests, which is essential for administrators. Running network testing tools is a key step in diagnostics and analysis.

Tools such as whois are used for network analysis and diagnostics, providing detailed information about IP addresses and network operators.

Detailed examples of the use of tools

Hping3 – installation and launch

Hping3 is a tool dedicated to Linux system administrators for managing and monitoring networks. Installation is done via the package manager, e.g.: apt install hping3

With Hping3 you can monitor and analyze network connections, including IP address and IP address.

Command invoking help: hping3 –help

Hping3 offers a wide range of functionality, allowing you to generate network traffic with various parameters. In the context of network diagnostics, it can be used to analyze hosts.

Hping3 is useful for both administrators and regular computer users, allowing you to monitor and configure the network on your computer.

Programs such as Hping3 may require you to provide a hostname or computer name to test a network connection. It allows you to measure network throughput, which is crucial for assessing the performance of connections. In the case of specific scenarios, Hping3 can be used to generate network traffic.

It also allows for server diagnostics and testing, as well as communication with the server to assess network stability. Hping3 can also monitor devices on the local network. It allows for performing various network tests, which allows for analyzing the packet transmission routes.

Running Hping3 is a key step in network diagnostics and testing.

Hping3 uses the whois function to analyze and diagnose the network, providing detailed data on IP addresses.

Example of using hping3, for generating packets

The ability to use a switch that allows for the generation of packets with a different source address allows for generating simulated DDoS attacks on the infrastructure, which is extremely useful for administrators who supervise complex IT infrastructures. An ordinary computer or a small home server with a 1gb/10gb network card allows for performing tests that allow checking most corporate networks.

Additionally, monitoring and analyzing network connections requires knowledge of the IP address and the ability to track network traffic to identify problems.

Testing the speed of Internet connections, including ADSL, is essential for assessing network performance.

The functionality of traffic generators such as Hping3 allows for a wide range of tests that can simulate different network scenarios. In the context of network diagnostics, a host is often used to analyze packet routes and identify problems.

Configuring and monitoring the network on a computer is important for both administrators and regular computer users. Various applications can track network traffic and collect data on the connection parameters on a computer.

When testing network connections, it is important to provide the appropriate host or computer name. For example, in the TraceRouteOK program, it is enough to enter the domain name or IP address. Measuring the network bandwidth is essential for assessing its performance. Tools such as Bandwidth Meter allow you to generate reports and identify problems in the network. For specific scenarios, traffic generators can be used to simulate different network conditions.

Server diagnostics and testing, including assessing response time and connection speed, are essential for ensuring network stability. Communication with the server allows you to evaluate the performance of the connection.

Monitoring the local network allows you to collect information about available machines and open ports within the same network.

Traffic generators allow you to perform various tests, allowing users to emulate network activity and analyze the paths of packets.

Running network testing tools such as iPerf is a key step in diagnosing and evaluating the performance of connections.

Network analysis and diagnostic tools such as whois are useful for determining IP address information and locating problems in network connections.

Scapy: analysis

A tool that we can run as a python module/package. It allows us to generate arbitrary packages in the form of python scripts, which is extremely useful for network administrators who oversee complex IT infrastructures. With its help, we can test, for example, the resistance of our network to malicious injection of routing information or overflow of mac, arp or neighbor tables for routing protocols.

Source: https://github.com/davidbombal

With a simple script, you can perform an attack to inject malicious routing information or flood the device with false information about the neighborhood. Additionally, this tool allows you to monitor and analyze network connections by entering an IP address, which is crucial for administrators.

Scapy offers a wide range of functionality that allows you to test the speed of Internet connections, including ADSL, and generate network traffic in various scenarios. This tool also allows you to diagnose networks by entering a host for analysis.

Scapy is useful for both administrators and regular computer users, allowing them to better understand and manage the network configuration on their computer. You can also define a host or computer name to test the connection on the network.

This tool allows you to accurately measure network bandwidth, which is crucial for optimizing the performance of connections. For specific scenarios, such as testing resistance to attacks, Scapy is irreplaceable.

It also allows you to diagnose the server and test connections to the server, allowing you to assess the performance and stability of the network. Additionally, this tool is useful for monitoring the local network, collecting information about available machines and open ports.

Scapy allows you to perform various network tests, allowing users to emulate network activities and analyze packet transmission routes. Running the tool is a key step in network diagnostics and testing.

It also offers a whois function that is useful in network analysis and diagnostics, providing detailed data on network operators and the geographic location of IP addresses.

Raven-storm

Raven-Storm is a stress-testing solution that is extremely useful for network administrators to manage and monitor complex IT infrastructures. It has predefined options that make it easy to select the type of tests and run them in a simple way from the command line.

The program allows you to monitor and analyze network connections, including IP addresses, which is crucial for administrators.

The program guides us intuitively through the available options and allows you to define the initial parameters of our tests, including ADSL connection speed tests. The intensity of the tests depends on the physical resources on which Raven-Storm is installed, as well as the available network connection.

Raven-Storm offers a wide range of functionality that allows you to generate network traffic with different parameters.

In addition, the program allows for network diagnostics by entering the host address for analysis.

Raven-Storm is useful for both administrators and regular computer users, allowing them to better understand and manage the network configuration on their computer.

The program requires the hostname or computer name to be entered to test the network connection, which facilitates precise monitoring.

Raven-Storm allows for accurate measurements of network bandwidth, which is crucial for optimizing connection performance.

For specific scenarios, such as testing different types of connections, the program offers flexible configuration options.

Raven-Storm allows for server diagnostics and testing, which is important for assessing network performance and stability.

Additionally, the program can monitor devices on the local network, collecting information about available machines and open ports.

Raven-Storm allows for performing various network tests, allowing users to emulate network activities and analyze packet transmission routes.

Launching the tool is simple and intuitive, which is key to effective network diagnostics.

Raven-Storm uses the whois function for network analysis and diagnostics, providing detailed data on network operators and the geographical location of IP addresses.

PacketSender

PacketSender, unlike the above-mentioned programs, is available for every platform => Windows, Linux, Mac. It is a simple graphical program that allows you to generate packets with predefined filters.

The intuitive use of the program from the GUI level allows you to quickly create the desired packages. It can partially operate in client-server mode and check responses to queries, e.g. http, measure the time of packages. Unfortunately, it does not have a server part, only a client application.

Trex: throughput

Trex is an open-source project from Cisco that fully operates as a traffic generator in the form of a client server. Thanks to this, we can install it in two different parts of our network and comprehensively check its parameters. To use it, we need two virtual machines on which the software will be launched. This is a comprehensive solution that allows you to test the network for various application traffic.

The software is used from the command line, but a GUI snap-in is also available to make it easier to manage and analyze the collected results.

Trex supports packet generation for protocols such as VxLAN, GRE, and NSH. The tool can be run in continuous or burst mode, allowing for flexibility in adapting to test requirements.

Additionally, it offers the ability to import .pcap files that can be sent over the network to reflect real traffic.

Thanks to its advanced architecture, Trex is an ideal tool for testing solutions such as NAT, DPI, load balancer, and firewalls. Analyzing the results allows you to easily verify whether the device meets the technical parameters specified in the manufacturer’s specifications.

Thanks to the specified software, we are able to conduct comprehensive network performance tests.

As some tests have shown so far, network devices have performance problems when handling unusual traffic, e.g. generating a very large number of small UDP packets can lead to a device restart or hang. The problem is not the number of packets itself, but the problem with handling a large number of interrupts from the network card to the CPU.

Spirent

Spirent Control Panel

Load test results of sample firewalls

Sample load report of tests conducted using Spirent

Test procedure description

Spirent is an advanced paid tool used to test network performance. It allows for detailed configuration of tests for protocols such as HTTP, HTTPS, FTP, SMTP or POP3. Tests are performed in an environment with 10Gbase-SR ports, from which data on the performance of network devices is collected.

1.1. Test environment

1.2. Two 10Gbase-SR ports will be prepared to connect the device under test to the test environment. A portable computer will also be prepared to manage the device under test

1.3. On the TCP traffic tester (C100), the test parameters will be configured as follows:

1.3.1. General configuration

1.3.2. HTTP1.1 configuration

1.3.3. HTTS1.1 configuration

1.3.4. POP3 configuration

1.3.5. SMTP configuration

1.3.6. FTP configuration

1.1.   Firewall Traffic Filtering Policy

Nr Reg	Source	Target	Protocol	Action
1.	Any	10.11.0.0/2410.12.0.0/24	HTTP, HTTPS,DNS, FTP, POP3, SMTP, IMAP, LDAP,SMTPS, SNMP, SSH, TELNET, UDP/1-65535	Allow
2.	Any	Any	HTTP, HTTPS, SSH, TELNET	Allow
3.	Any	Any	Any	Deny

1.2. The test will consist of a UDP and TCP traffic test running simultaneously. The tested firewall will be loaded with TCP and UDP traffic with a total intensity of 5.8 + 4 = 9.8 Gb/s

Results of firewall load traffic

Network devices may have difficulty handling unusual traffic, such as large amounts of small UDP packets, which can lead to reboots.

Problems often result from the large number of interrupts generated by the network cards to the CPU.

Traffic generators are an essential tool in every network administrator’s arsenal. Their use allows not only for better understanding and control of network throughput, but also for quick detection of potential threats and vulnerabilities. Regular testing with these tools helps identify problems before they affect end users, minimizing the risk of downtime and business losses. With the versatility of tools such as Hping3, Scapy, Trex, and Spirent, administrators can create test scenarios tailored to the specific needs of their infrastructure, ensuring its stability and security in the long term.

Remember: Regular network testing and performance monitoring is key to minimizing downtime and traffic handling issues.