What comes first? Do you spend big on security and monitoring tools, appliances and software? Or deploy a smart aggregation layer fabric to support and feed these toolsets? Introduction IPS, IDS, DDoS protection, monitoring toolsets, Network Performance Monitoring, malware detection… All these toolsets are relevant and important in their own right. However they all have one thing in common, Packets! They all need to be fed packets to be at their most useful.
Crafting packets and test profiles is becoming much easier with tools such as scapy and Trex, the following tutorial will walk through a test case for creating ‘EtherIP’ or RFC 3378 type packets and a test stream Using Scapy Scapy is a well known packet creating, manipulation and testing tool written in python. Details can be found within the Github repo: https://github.com/secdev/scapy You can use Scapy in interactive mode to create and define packets, however we have an easy method which will: Create a new custom packet / packet header (EtherIP - tunneling ethernet frames in IP) Commonly used for Wifi tunnels Generate a .pcap file from this packet Add this to a profile and generate a defined packet-per-second rate Create streams within the profile Simulate a test stream within Trex using ‘stl-sim’ and confirm our packets and profile are ready to be used for testing A recent requirement to test some firewall infrastructure under load when processing fragmented EtherIP traffic from Wifi tunnels spawned this test.
With the recent trend and growth in monitoring tools, security and surveillance, TAP aggregation has become a necessity. We recently had a look at BigSwitch BigTap which is their tap aggregation solution, we put this through some basic load and functional testing with Trex… BigTap Overview BigTap is essentially a production-grade SDN solution on commodity bare-metal switches providing tap aggregation capabilities. More detail on the current software version can be found here: Big Tap Monitoring Fabric The solution provides some filtering capabilities along with the ability to scale 10, 40, 100G taps to any collector or device at multiple points along with line rate replication of traffic.
We recently had a requirement to perform some load testing on some new firewalls, time and cost were two main constraints along with some flexibility in using our own traffic profiles. After debating our options for a short time we settled on a new type of traffic generation tool, its open source, flexible, very cost effective, with no vendor / hardware lock-in… Cisco Trex is an open source traffic generation toolset, comparable to tools such as IXIA, SPIRENT etc… It’s purpose is to overcome some challenges such as cost, scale, standardisation, and flexibility.
When assessing new products, whether it’s software or hardware, you should have a clear process on how to asses whether the product is meeting all of your requirements. Below is that very process that we’ve used in our organisations many times and has served us well when assessing technologies. The proof of concept should be broken down into the following stages: Requirements Research Short List Trial Validation & Recommendation Requirements You may be wondering why requirements is before research?
Summary: Reduce cost by utilising existing infrastructure to provide segmentation and network isolation Branch and WAN logical isolation has become more of a security requirement these days for both small and large enterprise as more services are run directly out of branches whether they be payment services, marketing, or day to day operations. With this comes an increased level of security requirements to segregate traffic from various sources, there might be a requirement to have external parties access internet resources from your sites or VPN back to their own DC’s.
Summary: A quick and portable utility using html forms to extract NetScout data from nGenius, via the NetScout API’s available Relevance and why this tool is useful NetScout provides the ability to extract raw data from its built in tables, this can be done via specific SQL queries, however they also provide an API which works with html get/post queries. This method is easier, more portable and supports extraction of data in xml, csv, html.
Summary: A quick and easy port-scanner tool implemented in Python, which is easy to modify and expand Why would we create a custom port-scanner? Sometimes and under some circumstance it is not viable to download or install a tool to run a quick port-scan, and a practical tool such as this is a great way to explore python networking basics and demonstrate how easy it is to interact with native sockets on linux and Windows machines through Python.