Network Packet Generator or Network Traffic Generator is a tool every network engineer will sooner or later want to use. Here’s one I found and it’s great!
First time I saw an Ethernet frame in details on my CCNA class back in 2010 I immediately got the idea about generating some packets on my own. It was logical next step to ask myself: “Ok, so how can I make one of those and see what happens when I send it out on the network?”. I was not really sure that there is a tool that would make it possible.
Don’t get me wrong, net surfers don’t need this!
I mean, Yeah, ok, I know I am generating a lot of packets right now by not doing anything because my Mac is surely syncing who knows what across the Internet. The thing is, you are not really in control of your machine’s applications network layer which is talking across the network, so you can not really make much changes in frames header format and whats inside headers. Apps are sending out standard packets with standardised header format (flags, addresses etc.). The thing that we control is only the data that we send, the payload of those packets, headers, they do their thing to make the transfer possible.
You can control the packet source IP address of course, maybe MAC address sometimes on some Linux machines by editing your NIC configuration but I am sure you know that if you are still here 🙂
Network engineers do need this!
But I am a network engineer and I usually want:
- to test something
- make something that does not exist so far or is not standardised.
- I want to try to create a new protocol that will talk using IP.
- I want to change protocol implementation bugs from some vendor.
- I need a way to create test packets to investigate strange firewall packet drops.
- I want to see what will happen if some packets header flags are changed in strange way, how will that affect the packet forwarding.
- I want to send stuff across the network and see what happens.
- I need other stuff too.
I want my own packets, the one I actually created and wrote all the bits inside their header. I was actually not really aware of a tool that could do that and I did not really search for it so much.
Ostinato
As many times before, packetpushers.net was my first stop for “latest interesting random networking technology stuff”. Guys there, (@ecbanks and @etherealmind), are making really nice job giving us great, funny, interesting and informative podcasts about networking news, technology advancements and other networking geek stuff. Their podcast PQ Show 52 with Ostinato creator Srivats P. was the one that showed me this great tool. Not long after hearing this podcast I was already pushing my freshly made packets out of my notebook NIC and it was fun.
Other than stuff already mentioned above, packetpushers.net is also a wide base of networking blog articles written by networking experts who are sharing with the community latest news and resources, their new networking projects, new experiences with equipment etc.
Ostinato is a pretty neat tool that enables exactly what I wanted to do. It enables network packet creation, generation and sending to any available machine interface.
Ostinato is open-source and is completely free to use. It’s also cross-platform app so it will work as good on your Mac, Linux, BSD or Windows machine. Ostinato is network packet crafter/traffic generator and analyzer that also has a pretty good GUI that will make your packet creation a great experience. It will enable you to create and send packets in streams creating them for different protocols and sending them in different user defined rates.
As Ostinato creator Srivats P. says in podcast PQ Show 52, Ostinato is basically a “Wireshark in Reverse” and using it together with Wireshark is actually the best way to use it. You can create and send stream of packets with Ostinato and in the same time capture those packets with Wireshark so you can see what are you actually sending out. There is no other work for you to do, just hit start transfer button and then start capture button. After the transfer is done, stop the capture and hit view capture buffer button. It will open your capture directly in Wireshark and you will see what you have sent out of your NIC and what came back as a response.
Ostinato is capable to create packet headers of your choice. Some of header formats are supported to be created automatically from GUI like creation of standard Ethernet framing packets, 802.1q tagged packets, IPv4 and IPv6 packets with TCP, UDP, ICMP on layer4, HTTP, SIP, RTSP, NNTP on layer 7, etc.
For other packets where GUI is not able to get you through you can always create your packet bit by bit using Hex Dump format usually seen when opening .pcap files in Wireshark.
You are able to write your own Hex Dump and then simply load it in Ostinato and “play” it out of your NIC. The best way to do this and not spend entire day crafting all needed packets bit by bit is to use Wireshark and capture some network traffic, export Hex Dump and edit desired parts. It will be mush quicker and easier to make that and skip the “boring” parts of Hex Dump decoding with your head steps.
Except the GUI and Hex Dump editing there is also support for python scripting where user will be able to skip GUI entirely and make python scripted traffic generation. In that way you will be able to make same simulation of traffic more times and experiment with them by not having to create them over and over. It’s something like saving a experiment project, it will be saved in a python script file.
The best thing in using Ostinato is that it is complementary to Wireshark so you have a complete view of your actions. Other great feature are interface statistics that will show you real-time port packet counters and bandwidth used.
There is also framework that will help contributors to build and add to Ostinato new protocol support.
Ostinato architecture
Ostinato has two applications, Ostinato GUI console and Drone, which is basically a process like a probe. Ostinato GUI enables the user to define the packets details and drone i the one who is taking high privileges and speaks directly to machine NICs and sends packets out the NIC when you hit start.
Drone can be run on different machine than Ostinato GU. Basically it can be a small old Linux box somewhere on your network waiting for you to give the commands for sending packets. Watch it, Ostinato <-> Drone communication is not encrypted not authenticated so you do not want to leave Drone service running somewhere in your network when it is not in use.
Installation
When installed on a Mac computer, be sure that you move both Ostinato and Drone app into your application folder. After that, Ostinato needs to be started from terminal only so you can give him root privileges:
sudo /Applications/Ostinato.app/Contents/MacOS/Ostinato
It will not work simply by clicking to the app icon as it will not be able to read the NICs on your machine. There are some ways on overcoming the root privilege need but that is out of the scope of this article. More information can be found on project site http://ostinato.org that will get you to google code site of this project with all details there. Latest version was published in June, few days before the writing of this article, the same day the podcast on packetpushers.net was released.