ccie.security lab - traffic generator Ostinato
I remember the times we were trying to develop the own traffic generator because there wasn't any kind of smart tool that could help in case of penetration testing, DoS attack simulation or just for testing purpose. was trying to write some procedures in C language to modify the IP header and was absolutely happy when I got first pagent (special Cisco IOS with traffic generator feature). Then, I have heard about the Ostinato traffic generator, so tried for once ... and I think there's no better open-source traffic generator (except the Kali) that could be used within the UNL.
download/installI started with downloading the QEMU based image (qcow2) from the Bernhard's web - check here. Then, you can easily use it - just create the folder in
configuringthe concept of using Ostinato is the client/server communication. the client also called the agent is the GUI we can use for controlling the drone controller. there is also python api we can use to control the drone (the UNL device). just add the ostinato drone to your unl lab, using these parameters:
two ethernet interfaces are just because one interface is used for the management purpose and the second is the source interface of the traffic streams. from the UNL perspective, the interfaces are
or you can add this command to the
After the IP is entered, the agent connects to the drone via the TCP/7878 and checks the interfaces eligible to send the testing traffic streams. as I'm using the only one testing interface, it should look like this:
generating the trafficlet's try to create some testing traffic, with some specific parameters. To be easily vereified (later in this article), we will use the UDP traffic, that will be destined for one router (L2 MAC will be eth0/0 interface), source will be the ostinato eth0 interface MAC. Destination IP will be the IP address of that router interface and source will be spoofed (18.104.22.168), the L4 will be UDP/63123.
the new stream is created by clicking the left button in the stream window:
when the stream is created, we can assign the name (doubleclick in the name field) and configure the specific parameters by clicking on the settings wheel.
the first tab of the settings is about the general characteristics of the packet content - L1-L7 header and the final size of the frame.
and of course we will continue by specifying the detailes of the individual headers. I have checked the destination router's interface:
and of course the same thing for the drone's eth0 interface:
so the L2 (MAC) header is about the following settings:
leaving Ethernet header just with the EtherType of 0x0800 (IPv4)
IPv4 header is a little bit more complex so we can change ToS (for the QoS testing purpose), TTL value and IP addresses of course, so let's use our IPs - source is spoofed 22.214.171.124 and the destination is the R4 e0 interface:
have forgotten to specify the UDP source port - it can be any value, so let's use the 32768 and the destination port is as mentioned above - 63123. I will use this port number to verify on the destination router little bit later
and leaving the default value for payload but it can be specified anything you can imagine
we are very close to run this stream and check it on R4, but it's needed to specify the overall characteristics of the flow. it can be specified whether it's continuos stream or bursty stream, then number of packets/bursts and the final rate. I want drone to send 100 packets with the rate of 20 pps, it means 5 seconds of slowly outgoing 100 packets. don't forget to click on the apply button otherwise the stream is not eligible to run!
running and verifying the streamlet's run the sream on the eth0 interface. I'm using the INE topology, so the ostinato eth0 interface is without the IP address, the SW3 switchport is in vlan 104, the same vlan is configured on the e0/0 interface that is pointing the R4's e0/0. port information is showing our ostinato eth interface is up but not sending the traffic. the received packets are just some configuration noise I haven't removed from the network, so please ignore it.
I have configured simple access-list just to track the incoming the stream and avoid any other traffic is entering the interface:
so when I click on the "play" button, 100 packets are sent towards the SW3 and R4, with all the characteristics we defined earlier and I should see the incoming traffic (as we used the R4 e0/0's MAC address) in the console output (the
the GUI counters look good:
then debugging looks also good:
and of course the access-list looks as expected:
other examplelet's try the sequence of the streams - 5 streams with the same characteristics except the ToS field. there will be sent 5 packets per stream (per ToS) with the IP Precedence of 1, 2, 3, 4 and 5. The verification access-list is as follows:
you can use the "clone stream" option and copy the original stream four times, then set the ToS value only (be aware it's mandatory to use the ToS DEC value!) ... and the corresponding set of streams is:
and of course, as expected:
there is a lot of we can do with Ostinato, dozens of options we can adjust etc. hope you've enjoyed this article and you'll enjoy the work with this great tool!
That's it! how easy ... enjoy and good luck!
add your own note here: