[unisog] network traffic simulations

Peter Van Epp vanepp at sfu.ca
Thu Mar 9 16:39:05 GMT 2006


On Thu, Mar 09, 2006 at 09:30:21AM -0500, Nathan W. Labadie wrote:
> Quick question:
> 
> We're currently looking into a platform for doing simulations of network 
> traffic. This would include creating a large number of random flows, 
> packets, src/dst ports, etc to mimic the typical behavior of a 
> university network. We're basically looking for a way to "burn in" new 
> network equipment before it's placed in production. Does anyone have 
> any experience or recommendations?
> 
> Thanks much,
> Nate
> 
> -- 
> Nathan W. Labadie
> Sr. Security Specialist
> Network Services
> Wayne State University
> http://security.wayne.edu
> 
> "They that can give up essential liberty to obtain a little temporary 
> safety deserve neither liberty nor safety."
> - Benjamin Franklin, 1759
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

	As has been suggested, tcpreplay will do this for you. Input data can
be convieniently (for some value of convienient :-)) collected with 2 tcpdump
machines capturing the full duplex stream from a tap inserted at a suitably
high traffic point in your network and then merged with tcpmerge (which I fixed
to do exactly this with tcpreplay :-)) to get the single stream that tcpreplay
wants. That will get the closest simulation to real traffic (because it is :-))
that you can get. You need to watch privacy issues around the tcpdump data 
though (I captured full packets which means that data is very sensitive and
needs to be carefully secured so it doesn't leak out, or editted with something
like netdude to make it less sensitive). Performance on all fronts on fast 
links is also an issue :-). A span port on a switch (which will give the 
required single stream) may be an even easier way of doing this (I have 
a multiport optical tap in my network already so the full duplex capture was
easier for me).

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada


More information about the unisog mailing list