doc/src/testingtools.html

   1 <html>
   2 <head>
   3 <title>FreeS/WAN survey of testing tools</title>
   4 <!-- Changed by: Michael Richardson, 02-Jan-2002 -->
   5 <meta name="keywords" content="Linux, IPsec, VPN, security, FreeSWAN, testing, nettools">
   6
   7 <!--
   8
   9 Written by Michael Richardson for the Linux FreeS/WAN project
  10 Freely distributable under the GNU General Public License
  11
  12 More information at www.freeswan.org
  13 Feedback to users@lists.freeswan.org
  14
  15 $Id: testingtools.html,v 1.1 2004/03/15 20:35:24 as Exp $
  16
  17 $Log: testingtools.html,v $
  18 Revision 1.1  2004/03/15 20:35:24  as
  19 added files from freeswan-2.04-x509-1.5.3
  20
  21 Revision 1.1  2002/03/12 20:57:25  mcr
  22         review of tools used for testing FreeSWAN systems.
  23
  24
  25 -->
  26 </head>
  27
  28 <body>
  29
  30 <h1>Survey of testing tools</h1>
  31
  32 <h2><A HREF="http://freshmeat.net/projects/apsend">http://freshmeat.net/projects/apsend</A></h2>
  33
  34 <P>
  35 About: <A HREF="">APSEND</A> is a TCP/IP packet sender to test firewalls and other
  36 network applications. It also includes a syn flood option, the land
  37 DoS attack, a DoS attack against tcpdump running on a UNIX-based
  38 system, a UDP-flood attack, and a ping flood option. It currently
  39 supports the following protocols: IP, TCP, UDP, ICMP, Ethernet frames
  40 and you can also build any other type of protocol using the generic
  41 option. The scripting language of apsend is already written, but not
  42 yet public.
  43 </P>
  44
  45 <P>
  46 STATUS: The public web site seems to have died
  47 </P>
  48
  49 <h2><A HREF="http://freshmeat.net/projects/hping2">http://freshmeat.net/projects/hping2</A></h2>
  50
  51 <P>
  52 About: <A HREF="http://www.hping.org/">hping2</A> is a network tool
  53 able to send custom ICMP/UDP/TCP packets and to display target replies
  54 like ping does with ICMP replies. It handles fragmentation and
  55 arbitrary packet body and size, and can be used to transfer files
  56 under supported protocols. Using hping2, you can: test firewall rules,
  57 perform [spoofed] port scanning, test net performance using different
  58 protocols, packet size, TOS (type of service), and fragmentation, do
  59 path MTU discovery, tranfer files (even between really Fascist
  60 firewall rules), perform traceroute-like actions under different
  61 protocols, fingerprint remote OSs, audit a TCP/IP stack, etc. hping2
  62 is a good tool for learning TCP/IP.
  63 </P>
  64
  65 <P>
  66 This utility has rather complicated usage and no man page at present.
  67 The documentation is supposed to be in HPING2-HOWTO, but that file
  68 seems to be absent.
  69 </P>
  70
  71 <h2><A HREF="http://freshmeat.net/projects/icmpush">http://freshmeat.net/projects/icmpush</A></h2>
  72
  73 <P>
  74 About: ICMPush is a tool that send ICMP packets fully customized from command
  75 line. This release supports the ICMP error types Unreach, Parameter
  76 Problem, Redirect and Source Quench and the ICMP information types
  77 Timestamp, Address Mask Request, Information Request, Router
  78 Solicitation, Router Advertisement and Echo Request. Also supports
  79 ip-spoofing, broadcasting and other useful features. It's really a
  80 powerful program for testing and debugging TCP/IP stacks and networks.
  81 </P>
  82
  83 <P>
  84 </P>
  85
  86 <h2><A HREF="http://freshmeat.net/projects/isic">http://freshmeat.net/projects/isic</A></h2>
  87
  88 <P>
  89 ISIC sends randomly generated packets to a target computer. Its
  90 primary uses are to stress-test an IP stack, to find leaks in a
  91 firewall, and to test the implementation of IDSes and firewalls. The
  92 user can specify how often the packets will be frags, have IP options,
  93 TCP options, an urgent pointer, etc. Programs for TCP, UDP, ICMP,
  94 IP w/ random protocols, and random ethernet frames are included.
  95 </P>
  96
  97 <h2><A HREF="http://freshmeat.net/projects/sendpacket">http://freshmeat.net/projects/sendpacket</A></h2>
  98
  99 <P>
 100 Send Packet is a small but powerful program to test how your network
 101 responds to specific packet content. Via a config file and/or command
 102 line parameters, you can forge (modify the headers of) your own
 103 TCP/UDP/ICMP/IP packets and send them through your network. Also,
 104 following the Easy Sniffer modular philosophy, you can specify wich
 105 modules you'd like to build.
 106 </P>
 107
 108 <h2><A HREF="http://freshmeat.net/projects/aicmpsend/">http://freshmeat.net/projects/aicmpsend/</A></h2>
 109
 110 <P>
 111 AICMPSEND is an ICMP sender with many features including ICMP
 112 flooding and spoofing. All ICMP flags and codes are implemented. You
 113 can use this program for various DoS attacks, for ICMP flooding and
 114 to test firewalls.
 115 </P>
 116
 117 <h2><A HREF="http://freshmeat.net/projects/sendip/">http://freshmeat.net/projects/sendip/</A></h2>
 118
 119 <P>
 120 SendIP is a command-line tool to send arbitrary IP packets. It has a
 121 large number of options to specify the content of every header of a
 122 RIP, TCP, UDP, ICMP, or raw IPv4/IPv6 packet. It also allows any data
 123 to be added to the packet. Checksums can be calculated automatically,
 124 but if you wish to send out wrong checksums, that is supported too.
 125 </P>
 126
 127 <h2><A HREF="http://laurent.riesterer.free.fr/gasp/index.html">http://laurent.riesterer.free.fr/gasp/index.html</A></h2>
 128
 129 <P>
 130 GASP stands for 'Generator and Analyzer System for Protocols'. It
 131 allows you to decode and encode any protocols you specify.
 132 </P>
 133
 134 <P>
 135 The main use is probably to test networks applications : you can
 136 construct packets by hand and test the behavior of your program when
 137 facing some strange packets. But you can image a lot of other
 138 application : e.g. manipulating graphical file or executable
 139 headers. Just describe the specification of the structured data.
 140 </P>
 141
 142 <P>
 143 GASP is divided in two parts : a compiler which take the specification
 144 of the protocols and generate the code to handle it, this code is a
 145 new Tcl command as GASP in build upon Tcl/Tk and extends the scripting
 146 facilities provided by Tcl.
 147 </P>
 148
 149 <h2><A HREF="http://pdump.lucidx.com/">http://pdump.lucidx.com/</A></h2>
 150 <h2><A HREF="http://freshmeat.net/projects/aps/">http://freshmeat.net/projects/aps/</A></h2>
 151 <h2><A HREF="http://freshmeat.net/projects/netsed/">http://freshmeat.net/projects/netsed/</A></h2>
 152 <h2><A HREF="http://www.via.ecp.fr/~bbp/netsh/">http://www.via.ecp.fr/~bbp/netsh/</A></h2>
 153 <h2><A HREF="http://www.elxsi.de/">http://www.elxsi.de/</A></h2>
 154 <h2><A HREF="http://www.laurentconstantin.com/us/lcrzo/">http://www.laurentconstantin.com/us/lcrzo/</A></h2>
 155 <h2><A HREF="http://www.joedog.org/libping/index.html">http://www.joedog.org/libping/index.html</A></h2>
 156 <h2><A HREF="http://feynman.mme.wilkes.edu/projects/xNetTools/">http://feynman.mme.wilkes.edu/projects/xNetTools/</A></h2>
 157 <h2><A HREF="http://freshmeat.net/projects/pktsrc/">http://freshmeat.net/projects/pktsrc/</A></h2>
 158 <h2><A HREF="http://freshmeat.net/projects/lcrzoex/">http://freshmeat.net/projects/lcrzoex/</A></h2>
 159 <h2><A HREF="http://freshmeat.net/projects/rain/">http://freshmeat.net/projects/rain/</A></h2>
 160 <P>
 161 rain is a powerful packet builder for testing the stability of
 162 hardware and software. Its features include support for all IP
 163 protocols and the ability to fully customize the packets it sends.
 164 </P>
 165
 166 <P>(Note, this is not the same as /usr/games/rain)</P>
 167
 168 <h2><A HREF="http://freshmeat.net/projects/libnet">http://freshmeat.net/projects/libnet</A></h2>
 169 <h2><A HREF="http://freshmeat.net/projects/pftp">http://freshmeat.net/projects/pftp</A></h2>
 170 <h2><A HREF="http://freshmeat.net/projects/pung">http://freshmeat.net/projects/pung</A></h2>
 171
 172 <P>
 173 pung is a simple server tester. It tries to connect via TCP/IP to a
 174 server but does not transfer any data. It is meant to be used in
 175 scripts that check a list of servers, helping to detect certain common
 176 problems.
 177 </P>
 178
 179 <h2><A HREF="http://freshmeat.net/projects/thesunpacketshell">http://freshmeat.net/projects/thesunpacketshell</A></h2>
 180 <h2><A HREF="http://freshmeat.net/projects/webperformancetrainer">http://freshmeat.net/projects/webperformancetrainer</A></h2>
 181 <h2><A HREF="http://sourceforge.net/projects/va-ctcs">http://sourceforge.net/projects/va-ctcs</A></h2>
 182 <h2><A HREF="http://synscan.nss.nu/programs.php">http://synscan.nss.nu/programs.php</A></h2>
 183 <h2><A HREF="http://sourceforge.net/projects/va-ctcs">http://sourceforge.net/projects/va-ctcs</A></h2>
 184 <h2><A HREF="http://freshmeat.net/projects/ettercap/">http://freshmeat.net/projects/ettercap/</A></h2>
 185 <h2><A HREF="http://www.dtek.chalmers.se/~d3august/xt/index.html">http://www.dtek.chalmers.se/~d3august/xt/index.html</A></h2>
 186 <h2><A HREF="http://www.opersys.com/LTT/">http://www.opersys.com/LTT/</A></h2>
 187 <h2><A HREF="http://packetstorm.securify.com/DoS/indexdate.shtml">http://packetstorm.securify.com/DoS/indexdate.shtml</A></h2>
 188 <H2> <A HREF="http://comnet.technion.ac.il/~cn1w02/">TCP/IP noise simulator</A></H2>