NetScanTools Pro 11.52 was released last week and it has several improvements and updates the databases.
Packet Generator will now work better on Windows 8.x in that the operating system will no longer think it is 'not responding' while sending streams of packets. Earlier versions of Windows do not get confused like this, but apparently Windows 8 expects the message queue to be pumped more often. If the message queue is not cleared quickly enough Windows 8 grays out the software and calls it 'non-responding' which clearly was not the case with the Packet Generator.
Several things were done in Ping and Traceroute to give the user better feedback when the Windows Firewall settings are not allowing outgoing packets to be captured by WinPcap. Without knowing when the outgoing packets are sent, it's difficult to establish round-trip-time. A message will now appear explaining the problem and telling you to change the firewall settings or temporarily turn it off. The timing calculation shown in the analysis area below the results grid now shows sub-decimal timing calculations, ie. 123.456 ms instead of just 123 ms.
The Wireless Network Interface tool now has more concise explanations of what was found to better conform to industry standard terminology.
The USB version has a change that only affects the USB version: if the host has WinPcap 4.1.2 or 4.1.3 installed on it, the software uses the host's WinPcap instead of the WinPcap Pro that is on the USB. More about this in another blog post soon.
If you have an active maintenance plan, please start NetScanTools Pro, then click on Help/Check for New Version to access either the new v11.52 full install or USB upgrade patch.
Showing posts with label packet generator. Show all posts
Showing posts with label packet generator. Show all posts
Wednesday, October 2, 2013
Thursday, April 11, 2013
Packet Generator Scripting Improvements
NetScanTools Pro v11.42 introduced two major improvements to the Packet Generator scripting:
The first is a 'debugging' window. This new window, located below the main controls on the Packet Generator page serves the primary purpose of showing the command processing during scripting - if you have Enable Script Debugging Messages checked. The other purpose for it is to show certain errors when they occur.
The second improvement is the addition of five new packet reset commands. These commands are intended to be used just prior to modifying packet parameters followed by sending the packets. They reset the TCP, UDP, ICMP, CDP and ARP packet headers to known states - primarily zero. The commands are:
!TCP_RESET_PACKET - resets the TCP header
!UDP_RESET_PACKET - resets the UDP header
!ICMP_RESET_PACKET - resets the ICMP header
!CDP_RESET_PACKET - resets the CDP header and presets some fields to non-zero values
!ARP_RESET_PACKET - resets the ARP header and presets some fields to non-zero values
This is detailed in the Help file (press F1 while viewing the Packet Generator) under the topic Packet Generator - Scripting.
Be sure to use these before defining header parameters and sending packets.
The first is a 'debugging' window. This new window, located below the main controls on the Packet Generator page serves the primary purpose of showing the command processing during scripting - if you have Enable Script Debugging Messages checked. The other purpose for it is to show certain errors when they occur.
The second improvement is the addition of five new packet reset commands. These commands are intended to be used just prior to modifying packet parameters followed by sending the packets. They reset the TCP, UDP, ICMP, CDP and ARP packet headers to known states - primarily zero. The commands are:
!TCP_RESET_PACKET - resets the TCP header
!UDP_RESET_PACKET - resets the UDP header
!ICMP_RESET_PACKET - resets the ICMP header
!CDP_RESET_PACKET - resets the CDP header and presets some fields to non-zero values
!ARP_RESET_PACKET - resets the ARP header and presets some fields to non-zero values
This is detailed in the Help file (press F1 while viewing the Packet Generator) under the topic Packet Generator - Scripting.
Be sure to use these before defining header parameters and sending packets.
Tuesday, March 5, 2013
Packet Generator Scripting Tips
After a recent tech support exchange, I felt that I should add a few more tips about using the NetScanTools Pro Packet Generator in scripting mode.
It's important to note that parameters or values shown on the main Packet Generator window can be overridden by script commands. In other words, the values shown, like Time To Live will be used in the packet unless you override the parameter with the TTL=64 command.
And more importantly there are a few parameters that you should override to be sure the packet you are sending is correctly sent. Those are the values and settings shown in the packet definition windows that appear when you press Send Now, no scripting.
For example when using a script to send UDP packets, you must specify source and destination ports, whether or not to override the UDP Length and Checksum with their corresponding values and the data payload you wish to send. So for UDP, you need to use these commands prior to doing a SEND directive - don't rely on defaults because there are none:
UDP_SOURCE_PORT=
UDP_DEST_PORT=
UDP_OVERRIDE_CHECKSUM=0 or 1
if 1, then specify UDP_OVERRIDE_CHECKSUM_VALUE
UDP_OVERRIDE_LENGTH=0 or 1
if 1, then specify UDP_OVERRIDE_LENGTH_VALUE
UDP_DATAFROMFILE=1 or 0
if UDP_DATAFROMFILE is 1, then set UDP_DATAFILEPATH to the fully qualified exact path of your data file you want sent. If UDP_DATAFROMFILE is 0, then you must specify UDP_DATA.
These values you set will remain during the running of the script. So if you need to change just one or two parameters, you do not have to change them all.
Sending a TCP packet requires even more default values.
Header flags:
TCP_FIN=0 or 1
TCP_SYN=0 or 1
TCP_RST=0 or 1
TCP_PSH=0 or 1
TCP_ACK=0 or 1
TCP_URG=0 or 1
TCP_ECN=0 or 1
TCP_CWR=0 or 1
Header Fields:
TCP_SEQUENCE
TCP_ACKNOWLEDGE
TCP_WINDOW
TCP_URGENT
TCP_MSS
TCP_SACK
TCP_WINDOW_SCALING
Ports:
TCP_SOURCE_PORT=
TCP_DEST_PORT=
Misc:
TCP_OVERRIDE_CHECKSUM=0 or 1
if 1, then specify TCP_OVERRIDE_CHECKSUM_VALUE
TCP_DATAFROMFILE=1 or 0
if TCP_DATAFROMFILE is 1, then set TCP_DATAFILEPATH to the fully qualified exact path of your data file you want sent. If TCP_DATAFROMFILE is 0, then you must specify TCP_DATA.
All of the above values are fully documented in the help file. Press the F1 key while viewing the Packet Generator Tool or click on Help/Help Topics. Then navigate to Manual Tools > Packet Generator > Packet Generator Scripting. Expand the 'Setting Parameters' grouping to see the parameters and their required values.
Like I said earlier, you only need to set each of these once in your script then send the packet(s), then change only the parameters you need to change before sending the next packet.
This applies to the other types of packets that can be sent. Reminder: You may need to disable your firewall for the packets to actually be sent. Use Wireshark or our Packet Capture tool to verify that you are sending them.
Coming in v11.42 - a way to see errors and debug scripts.
It's important to note that parameters or values shown on the main Packet Generator window can be overridden by script commands. In other words, the values shown, like Time To Live will be used in the packet unless you override the parameter with the TTL=64 command.
And more importantly there are a few parameters that you should override to be sure the packet you are sending is correctly sent. Those are the values and settings shown in the packet definition windows that appear when you press Send Now, no scripting.
For example when using a script to send UDP packets, you must specify source and destination ports, whether or not to override the UDP Length and Checksum with their corresponding values and the data payload you wish to send. So for UDP, you need to use these commands prior to doing a SEND directive - don't rely on defaults because there are none:
UDP_SOURCE_PORT=
UDP_DEST_PORT=
UDP_OVERRIDE_CHECKSUM=0 or 1
if 1, then specify UDP_OVERRIDE_CHECKSUM_VALUE
UDP_OVERRIDE_LENGTH=0 or 1
if 1, then specify UDP_OVERRIDE_LENGTH_VALUE
UDP_DATAFROMFILE=1 or 0
if UDP_DATAFROMFILE is 1, then set UDP_DATAFILEPATH to the fully qualified exact path of your data file you want sent. If UDP_DATAFROMFILE is 0, then you must specify UDP_DATA.
These values you set will remain during the running of the script. So if you need to change just one or two parameters, you do not have to change them all.
Sending a TCP packet requires even more default values.
Header flags:
TCP_FIN=0 or 1
TCP_SYN=0 or 1
TCP_RST=0 or 1
TCP_PSH=0 or 1
TCP_ACK=0 or 1
TCP_URG=0 or 1
TCP_ECN=0 or 1
TCP_CWR=0 or 1
Header Fields:
TCP_SEQUENCE
TCP_ACKNOWLEDGE
TCP_WINDOW
TCP_URGENT
TCP_MSS
TCP_SACK
TCP_WINDOW_SCALING
Ports:
TCP_SOURCE_PORT=
TCP_DEST_PORT=
Misc:
TCP_OVERRIDE_CHECKSUM=0 or 1
if 1, then specify TCP_OVERRIDE_CHECKSUM_VALUE
TCP_DATAFROMFILE=1 or 0
if TCP_DATAFROMFILE is 1, then set TCP_DATAFILEPATH to the fully qualified exact path of your data file you want sent. If TCP_DATAFROMFILE is 0, then you must specify TCP_DATA.
All of the above values are fully documented in the help file. Press the F1 key while viewing the Packet Generator Tool or click on Help/Help Topics. Then navigate to Manual Tools > Packet Generator > Packet Generator Scripting. Expand the 'Setting Parameters' grouping to see the parameters and their required values.
Like I said earlier, you only need to set each of these once in your script then send the packet(s), then change only the parameters you need to change before sending the next packet.
This applies to the other types of packets that can be sent. Reminder: You may need to disable your firewall for the packets to actually be sent. Use Wireshark or our Packet Capture tool to verify that you are sending them.
Coming in v11.42 - a way to see errors and debug scripts.
Thursday, September 15, 2011
Looking for a Packet Flooder?
Check out the video on youtube after you read this post.
We have noticed that many people looking at our Packet Generator got there because they were looking for a 'Traffic Generator' or a 'Packet Flooder' - but found that the Packet Generator is really not capable of filling an interface up to the bandwidth they want. They now have their wish. And it works with IPv4 or IPv6.
NetScanTools Pro v11.10 (not released yet) has a new tool called 'Packet Flooder'. It can generate UDP packets at a very fast rate using multithreading. The packet payload can be either random numbers or alphabetical 'abcdefg' etc. The payload length can be random or fixed. The target port can be random or fixed.
Another new thing you may notice is the bandwidth gauge and historical chart. You are going to see more of these in future versions. The gauge shows the real time bandwidth utilization and the historical chart shows it over time.
Enjoy!
We have noticed that many people looking at our Packet Generator got there because they were looking for a 'Traffic Generator' or a 'Packet Flooder' - but found that the Packet Generator is really not capable of filling an interface up to the bandwidth they want. They now have their wish. And it works with IPv4 or IPv6.
NetScanTools Pro v11.10 (not released yet) has a new tool called 'Packet Flooder'. It can generate UDP packets at a very fast rate using multithreading. The packet payload can be either random numbers or alphabetical 'abcdefg' etc. The payload length can be random or fixed. The target port can be random or fixed.
Another new thing you may notice is the bandwidth gauge and historical chart. You are going to see more of these in future versions. The gauge shows the real time bandwidth utilization and the historical chart shows it over time.
Enjoy!
Thursday, August 4, 2011
Changes coming in Packet Generator
Changes are coming to NetScanTools Pro v11 Packet Generator that will help you do QoS testing. Lots of work has gone into changing the interpacket timing algorithms so that the leading edge (beginning) of a packet is as close as possible to the timing you have entered. For instance, if you have entered a 10ms packet interval (interpacket timing), Packet Generator now puts the packets out at the desired interval with microsecond resolution.
This new algorithm will be applied to all packet types, TCP, UDP, ICMP, CDP and RAW. It is best used for sending UDP packets because if you are thinking VOIP or video that's where things like jitter and packet delay variation are important.
Other changes to Packet Generator include the removal of that floating status window - it caused timing delays due to updating the window. The new packet burst mode is now operational where if you put the packet delay at zero (0), it sends a burst of packets defined by the number of duplicated packets to send out to the target. This burst mode sends the packets as fast as the interface can send them.
Both accurate interpacket timing and burst mode can be helpful in termining the location of bottlenecks and poorly performing devices.
A couple other things are being added to Packet Generator before release - and there was one bug that was fixed which affected users that have more than one outgoing interface.
This new algorithm will be applied to all packet types, TCP, UDP, ICMP, CDP and RAW. It is best used for sending UDP packets because if you are thinking VOIP or video that's where things like jitter and packet delay variation are important.
Other changes to Packet Generator include the removal of that floating status window - it caused timing delays due to updating the window. The new packet burst mode is now operational where if you put the packet delay at zero (0), it sends a burst of packets defined by the number of duplicated packets to send out to the target. This burst mode sends the packets as fast as the interface can send them.
Both accurate interpacket timing and burst mode can be helpful in termining the location of bottlenecks and poorly performing devices.
A couple other things are being added to Packet Generator before release - and there was one bug that was fixed which affected users that have more than one outgoing interface.
Tuesday, August 31, 2010
New Packet Generator Features
NetScanTools Pro v11 will have a new ARP packet generator that gives you full control over all the contents of the fields in an IPv4 ARP packet. We've also added a new hex editor tool so that you can create or change the content of payload files that you add to TCP or UDP packets.
Version 11 is not released yet, but that's a quick preview of some of the new things in the upcoming release.
Version 11 is not released yet, but that's a quick preview of some of the new things in the upcoming release.
Tuesday, April 13, 2010
Malformed UDP Packets
Malformed UDP Packets are easily generated with the new changes to the Packet Generator tool in NetScanTools Pro 10.96.1. Normally a UDP packet consists of an IP header followed by a UDP header followed by data. Usually all the parameters of those two headers are calculated at the time the packet is sent by the sockets layer, but with our Packet Generator tool we can create the packet from beginning to end including all parts of the headers.
This view from Wireshark shows a normal UDP packet:
You can see that the packet is complete and correct with all checksums and field lengths normal. The payload is only 4 bytes - it is the word 'test'.
Now look what happens if we put a value of 2 bytes into the UDP length field - remember that the UDP header itself is 8 bytes. The data payload is still the same 4 bytes. Wireshark's 'Expert Info' analyzer tells us that it is malformed and the length value is the culprit. The checksum is not analyzed and the data is not commented on.
See how Wireshark complains that the length value is less than the data and the UDP header? The message it gives is correct, the UDP length field must have a value of 8 or greater because that is the size of the UDP header itself. Can you send a UDP packet without any data? -sure, but it will also be tagged as malformed by Wireshark (exception error).
Next let's try setting the UDP header length field to something greater than the UDP header length + the data payload length. You can see that it notes that the length value (24) is greater than the payload (8 UDP header + 4 data = 12 bytes) and it does not complete the checksum calculation since all the data is not present.
A few words about what the Packet Generator tool can do. It can generate TCP, UDP, ICMP and CDP packets and send them out at a maximum repetition rate of roughly 10,000 packets per second - it is not a traffic generator capable of saturating your connection. It has a simple scripting language that allows you to send packets and even do some minor looping or use infinite looping. This is useful for connection test purposes. It uses WinPcap to generate packets, so it is pretty much limited to wired connections, not wireless connections. But even within these limits it really can show the response of applications or devices to malformed packets.
If you are interested in trying out the demo, you can do that by following this link. Please keep in mind that the demo will limit you to your local subnet but the full version does not have this limitation.
This view from Wireshark shows a normal UDP packet:
You can see that the packet is complete and correct with all checksums and field lengths normal. The payload is only 4 bytes - it is the word 'test'.
Now look what happens if we put a value of 2 bytes into the UDP length field - remember that the UDP header itself is 8 bytes. The data payload is still the same 4 bytes. Wireshark's 'Expert Info' analyzer tells us that it is malformed and the length value is the culprit. The checksum is not analyzed and the data is not commented on.
See how Wireshark complains that the length value is less than the data and the UDP header? The message it gives is correct, the UDP length field must have a value of 8 or greater because that is the size of the UDP header itself. Can you send a UDP packet without any data? -sure, but it will also be tagged as malformed by Wireshark (exception error).
Next let's try setting the UDP header length field to something greater than the UDP header length + the data payload length. You can see that it notes that the length value (24) is greater than the payload (8 UDP header + 4 data = 12 bytes) and it does not complete the checksum calculation since all the data is not present.
A few words about what the Packet Generator tool can do. It can generate TCP, UDP, ICMP and CDP packets and send them out at a maximum repetition rate of roughly 10,000 packets per second - it is not a traffic generator capable of saturating your connection. It has a simple scripting language that allows you to send packets and even do some minor looping or use infinite looping. This is useful for connection test purposes. It uses WinPcap to generate packets, so it is pretty much limited to wired connections, not wireless connections. But even within these limits it really can show the response of applications or devices to malformed packets.
If you are interested in trying out the demo, you can do that by following this link. Please keep in mind that the demo will limit you to your local subnet but the full version does not have this limitation.
NetScanTools Pro 10.96.1 Published
Yes, this is a new release: 10.96.1.
It's only been a few days since 10.96 was released, but last week a customer came to us with an important suggestion that we had to implement. The new change is in the UDP section of Packet Generator. At the customer's suggestion we added the ability to override and change the length field in the UDP header. A byproduct of this change is that the text or file data you add to the UDP packet payload is sent in it's entirety (up to the limit of your network MTU) independent of what the IP header length or UDP header length values are. Try this out using Wireshark to look at the UDP packets - Wireshark points out the packet errors you create quite well - lots of red highlighting. There were also other changes to Packet Generator in 10.96 in case you missed them. I'll be writing about this in the blog later today - click on Welcome group, then on the Blog icon.
What does this mean? it means that you now can easily create malformed UDP packets (Laura Chappell loves these).
There is also another change to the automatic checking for a new software version that you can review in the help file under General Information/Revision History.
Because these changes interrupted our normal release sequence we never did release a USB version 10.96 patch. That version was skipped for the USB version so we will be getting the 10.96.1 USB patch out shortly.
To get this new version:
From within NetScanTools Pro, please click on the left panel Welcome or Online group and then click on the Check for New Version icon. Login to obtain the updates. This upgrade is only available to persons with active maintenance plans.
It's only been a few days since 10.96 was released, but last week a customer came to us with an important suggestion that we had to implement. The new change is in the UDP section of Packet Generator. At the customer's suggestion we added the ability to override and change the length field in the UDP header. A byproduct of this change is that the text or file data you add to the UDP packet payload is sent in it's entirety (up to the limit of your network MTU) independent of what the IP header length or UDP header length values are. Try this out using Wireshark to look at the UDP packets - Wireshark points out the packet errors you create quite well - lots of red highlighting. There were also other changes to Packet Generator in 10.96 in case you missed them. I'll be writing about this in the blog later today - click on Welcome group, then on the Blog icon.
What does this mean? it means that you now can easily create malformed UDP packets (Laura Chappell loves these).
There is also another change to the automatic checking for a new software version that you can review in the help file under General Information/Revision History.
Because these changes interrupted our normal release sequence we never did release a USB version 10.96 patch. That version was skipped for the USB version so we will be getting the 10.96.1 USB patch out shortly.
To get this new version:
From within NetScanTools Pro, please click on the left panel Welcome or Online group and then click on the Check for New Version icon. Login to obtain the updates. This upgrade is only available to persons with active maintenance plans.
Subscribe to:
Posts (Atom)