i am doing some simulations of DDOS SYN FLOOD attack on a real network using virtual machines and i want to modify the current behavior of TCP three-way-handshake on Linux Mint, can anyone give me a guide or the steps to do ?
If you want to change the kernel code, then you need to know where they are, and then edit the code, compile them and run. Here is a network can help you know how to do these things, but the knowledge of Linux network stack is not include.
Related
Would a Tun/tap device avoid a netmap/pf_ring/dpdk installation ? If tun/tap allow to bypass kernel, isn't it the same thing ?
Or those codes bring so many optimizations that they overclass tun os bypass strategy ?
The final goal is to port tcp/ip from kernel to user space, FOR TESTING PURPOSES.
I don't quite understand here.
Thanks
no.
for userspace tcpip implementation see lwip or rumpkernel.
dpdk/pfring/netmap as you probably know are about getting packets to userspace as fast as possible.
tun/tap are virtual interface things. probably not what you're after.
Tun/tap are not particularly performant. They miss out on the IP stack, but there is a lot of copying still involved. Profile some code using them to see. I think the best option for straight userspace networking is probably AF_PACKET using the ring buffer option, but that will is still an indirect ring buffer that gets copied to the network card ring buffer rather than being direct like you get with solutions like dpdk. It depends on your performance requirements - if it is just for testing correctness any solution should be fine.
Having simulated a router, it's important that it should be able to generate an ARP Request and respond to the same. I do not understand how to begin implementing the same?
Are there an API's that exist in C that generate ARP Request.
Suppose I have a route lookup in my simulated router and I find out that, the route exists but there is no static ARP entry, the process should be able to generate an ARP Request.
Do I need a tap interface for this sort of functionality?
I believe to answer your question, knowledge of the environment is needed. What OS is your simulator running in? Unix, Linux, Windows, OS X? And you are developing router software for which hardware (or chipset or embedded software, real-time operating system?)
If you are simulating your hardware router software in an OS like windows, there are utilities and commands that you can have your sandboxed simulator environment issue that can be intercepted by your simulated router.
Bottom line, a little more knowledge of the environment of your simulator might help! Good luck :)
I'm currently building a network monitoring system that will notify me if any interface errors or network issues. after building it we would like to be able to test if it works before implementing it to our network, so need a way of simulating network interface errors on a switch or networking device?
I was thinking about cutting ethernet cables or terminating them wrong, but ideally I need soemthing that can create loads of different types of interface errors
any help would be much appreciated
Sean
You could download Nagios which is a powerful, enterprise-class host, service, application, and network monitoring program. Designed to be fast, flexible, and rock-solid stable. Nagios runs on *NIX hosts and can monitor Windows, Linux/Unix/BSD, Netware, and network devices.
you can download other network monitoring systems from sourceforge they have many different network tools written in different languages most of them are open source. you can take notes of their
design and maybe add to the application you building.
if you want to test your application the best thing to do is to tested on real environment, I believe their might be one or two Virtual Lab.
But Ideally I would tested on real interfaces
One of the ways to simulate network failures would be to dynamically change the firewall settings. You can make packets drop, hosts, disappear, etc. This doesn't require any physical damage to anything :)
Hi Guys I'm debugging some CS program and to view the performance of the application in slow internet I tried many different ways. However the best would be the Server and the client be in the same PC ---- my debugging environments for both the server side and the client is setup in one PC.
So I'm wondering is there anyway to limit the speed? I'm using TCP but I don't know too much in-depth knowledge of it.
Thank you
There are two important factors regarding a "slow" internet connection that you need to test out since they have different implications for your application: bandwidth and latency.
If you provide some more details about what os you are running your tests on, it would be easier to recommend a way to limit the network performance.
On a related side note, it's generally a bad idea to performance test any kind of networking using the loopback device on your machine, since many aspects of this will perform very different than the regular network device on your machine.
You mention in the comments this needs to be done on windows, while the Network Emulators I know of (e.g. netem, TCN, other variants) all require Linux. So one thing you could do is create a virtual machine (VirtualBox is fine, I did similar things with it), install linux on it, configure 2 network interfaces, emulate the slow/long/lossy/jittery network between them, and route the test traffic through it from windows.
Finally I found this does what I need.
http://www.nirsoft.net/utils/socket_sniffer.html
Captures Windows Socket traffic, no matter it's local or not.
I have an old school foxpro web app that I am trying to help limp along while I rewrite the system. Every day, multiple times, I get this following error message: The specified network name is no longer available.
Does anyone have any suggestions how to troubleshoot this? Perhaps, prove to my IT guys that there really is a network issue. I have theories, but I have no idea how to prove anything, it always comes back to foxpro sucks rewrite it now.
I'll take any help, tools, and will answer any questions that may clarify this for you.
thanks
We have a very large multi-user VFP application on hundreds of sites. Occasionally you get this sort of problem. It is almost always down to environmental issues.
Had one just recently where a client had two machines continually crashing out of the VFP application. Network IT guys swearing up and down that it's not their problem. But what's this in the System Log of both machines? Why, it's the Broadcom NIC reporting a network link loss detected at the same times the application crashed.
Check if the client and server NICs in your situation can report this.
You could consider writing a small program that pings the network resource periodically. You might just look for a file and if the network is failing and the program cannot find the file email the folks in charge of the network and yourself. This would be an independent app, and best if not written in FoxPro so you can independently prove it is not the application or the language/tool it was written in.
I have seen this when networks have bad wiring, a bad port on the switch/hub, a failing NIC in the mix, and sometimes when the network is just flooded with requests from workstations.
You also did not mention if this was a wireless connection. I am hoping not, but I have seen wireless (especially slower wireless) hubs fail with respect to the network overload and slow and unreliable performance. Especially compared to a wired network.
Rick Schummer
In addition to the comments about IP address, is the setting on the network controller to be energy efficient? and thus turn itself off when not actively in use.