Background traffic

How to add network traffic to your experiment

The minimega miniclass series

Sandia National Laboratories

Overview

Most experiments require background traffic. This module covers protonuke, a
simple traffic generation tool, which is included in the minimega toolset:

protonuke

a simple, standalone, configuration-less traffic generator for IP networks.

Client modes

To use protonuke as a client, you must, at minimum, enable one or more services and provide at least one server to connect to. For example, to set protonuke to issue HTTP and HTTPS requests to google.com:

$ protonuke -http -https google.com

Using default arguments otherwise, protonuke will connect over HTTP and HTTPS to google.com, issue transactions at a random rate, and periodically report on transaction statistics.

Specifying hosts

For example:

$ protonuke -http google.com,10.0.0.0/24,facebook.com

Client protocols

protonuke is capable of producing network traffic in a variety of protocols.

Client protocols can be stacked to enable multiple protocols on a single protonuke instance.

For example, to use SSH and SMTP:

$ protonuke -ssh -smtp google.com

HTTP and HTTPS

SSH

The SSH protocol will create a persistent connection to a host provided in the host list, picked at random just as the HTTP and HTTPS protocols.

SMTP

The SMTP protocol attempts to send pre-specified email from either the built-in corpus, or from a user provided JSON file containing email.

By default, the SMTP protocol will attempt to use TLS on new connections, and fall back to plaintext if the server does not support TLS.

To disable TLS, use -smtptls=false.

By default, the username is randomized for each sent email.

To override this with the built-in corpus, use -smtpuser=<username> to set a single username.

The user can provide a JSON formatted corpus of email to use instead of the built-in corpus.

Specify user-provided email with -smtpmail=<file>. For example:

[
    {
        "To":"foo@mail.com",
        "From":"bar@mail.com",
        "Msg":"benign message"
    },
    {
        "To":"victim@mail.com",
        "From":"evil@minimega.org",
        "Msg":"CONFIDENTIAL",
        "File": "foo"
    }
]

The optional File field in the above example allows you to specify a file, or directory of files.

Additional client configuration options

There are a number of additional client configuration options that impact all enabled protocols:

Server modes

Server modes are enabled in a way similar to the client modes (-http, -https, etc.), and is enabled by specifying the -serve flag.

Enabling -serve will enable the server for all specified protocols.

By default, the server modes use built-in content generators for each protocol.

HTTP and HTTPS

The HTTP and HTTPS servers generate content for each incoming transaction from an internal content generator.

Generated content includes generated URLs and images, as shown below.

HTTP and HTTPS (cont)

User provided content can be served instead of the built-in webserver by specifying a directory with the -httproot flag.

The user can adjust the size of the image served in the built-in webserver by using the -httpimagesize flag.

This argument takes a number in megabytes.

The user can also specify a TLS certificate and key, instead of having protonuke generate a cert at launch time, by using the -httptlscert and -httptlskey flags.

SSH and SMTP

Both SSH and SMTP servers simply receive traffic from clients, and do not serve any specific content.

SMTP servers will not relay mail.

The SMTP server's status codes are RFC-compliant, but the accompanying descriptive text is unique to protonuke.

This makes it easier to determine if you are connected to a protonuke SMTP server or some other server software.

Examples

Serve all protocols with default arguments and debug logging:

$ protonuke -http -https -ssh -smtp -serve -level debug

Serve HTTP and HTTPS with custom content - a large file in a simple index.html:

$ mkdir www
$ dd if=/dev/random of=www/bigfile.png count=1024 bs=1M
$ echo "<img src=bigfile.png>" > www/index.html
$ protonuke -httproot www -http -https -serve

Start a client on all protocols, connecting to google.com:

$ protonuke -http -https -smtp -ssh google.com

Start a client on HTTP, connecting to hosts in a subnet, as well as google.com, and go as fast as possible by setting parameters on the normal distribution:

$ protonuke -u 0 -http 10.0.0.0/24,google.com

Next up…

Module 09: Plumbing it all together

Thank you

The minimega miniclass series

Sandia National Laboratories