DDOS traffic shaping simulator User Manualseproj/2009-2010/DT... · DDOS traffic shaping simulator...
Transcript of DDOS traffic shaping simulator User Manualseproj/2009-2010/DT... · DDOS traffic shaping simulator...
DDOS traffic shaping simulator
User Manual
Authors
Inbar Shabi
Anatoly Cherner
Contents
1.Loading files wizard. ........................................................... 3
2. Using control buttons. ....................................................... 6
3.Using speed slider. .............................................................. 6
4. Using charts. ...................................................................... 7
5. Time unit and Attack/legal percentage panels .................. 8
6. Properties file of the Client ................................................ 9
7. Drawbacks ....................................................................... 11
1. Loading files wizard.
After program launch will appear:
To load files we press load files button and wizard should open:
Wizard:
Choose the next button and provide the path to .net file using Browse button, if file loaded
correctly the next window will appear, otherwise error message will be displayed . Example
shows the wizard after .net file successfully loaded:
Using Browse button provide the path to .ini file, if file loaded successfully press finish button
and close the wizard. Example shows successfully loaded .ini file.
Simulator after ready to work:
2. Using control buttons. Simulator has 4 buttons: Start/Pause, Stop, Rewind and Forward:
As name suggests the Start button starts the simulation , if pressed the icon changes to Pause
icon and if the button pressed second time the simulation will pause.
Stop button resets Server, Client and all data, basically it works in the same way as if files were
loaded once more.
Forward button increases simulation speed.
Rewind button runs simulation backwards.
3.Using speed slider. To increase the speed we can use the speed slider, but it also allows us to control the
simulation in the same way as with control buttons.
The speed defined by slider position , if it’s set to values between 0 and 10, the simulation
runs forward. If it’s set to 0 the simulation will pause. If we set it to values between -10 to 0 ,
the simulation will run backwards
4. Using charts There are 2 types of charts in the simulator, one shows the statistics of the traffic received by
target and the second shows the statistics for the filtering router and one of it’s targets.
Target chart - using combo box we can choose one of target and see it’s statistics, with blue
color we show the values of the preference vector and with other colors we show the actual
values for traffic delivered to traffic.
When simulation starts , the chart shows average of traffic calculated for all targets, but if we
choose certain target it will show the values for this target only. In the following example we
can see the average calculated for all targets in simulation and that actual values of udp do not
overload the value from preference vectors but the tcp-syn traffic overloads the value of
preference vectors:
Also we provide monitoring for CPU and memory state of the targets, in the same example we
can see that values for CPU are 100% and it means that targets are overloaded and the
memory consumption is 10000mB.
Filtering router and it’s target chart – as in the previous case , using combo boxes we can
choose the filtering router and on of it’s targets. But there the default shown by the chart isn’t
average, instead we show the chart for the filtering router with minimal id and for one of it’s
targets with minimal id. In the following example we show the values for router 1 and target
number 5.The values of the chart separated to 4 parts and we can see that filtering router
haven’t discarded any traffic and that of all traffic the legal one takes 60% and the traffic of
attack takes 40% .
5. Time unit and Attack/legal percentage panels Time unit panel shows the values of time unit for the packets that are on the screen. When
the simulation runs forward, panel shows the maximal TU value, when simulation runs
backwards, it shows the value of the packet with minimal TU.
When simulation stopped, the values are zeroed.
Attack and Legal percentage - the panel shows the percentage of the legal and attack traffic
that is currently processed.
In the following example we can see the values:
6. Properties file of the Client
The Client and server can be configured using properties.ini file. We’ll explain property using
actual file:
;defines look and feel for application
;SubstanceCremeLookAndFeel
;SubstanceBusinessLookAndFeel
;SubstanceChallengerDeepLookAndFeel
;SubstanceBusinessBlackSteelLookAndFeel
;SubstanceBusinessBlueSteelLookAndFeel
;SubstanceAutumnLookAndFeel
lookandfeel=SubstanceCremeLookAndFeel
;path to network icons directory
networkIconsFolderPath=ICONS\NET
;path to buttons icons directory
buttonIconsFolderPath=ICONS\BUTTONS
;path to maps icons directory, maps can be changed using background field
mapsIconsPath=MAPS
;server port for TCP connection
serverPort=2002
;defines the type of connection between Client and Server,values can be - ip or LOCAL or localhost,
;when local means that Server and Client run on the same machine without using network layer,
;localhost means that connection will be established on the same machine but using network layer
;ip means remote connection when modules are on different machines
serverName=local
;client buffer size, or the number of events that Clients stores on it's size, lower values mean lower memory
consumption, but higher traffic between Server and Client
clientBufferSize=3
;server buffer size, or the number of events that Server stores on it's side before they sent to Client,lower values mean
lower memory consumption, but higher traffic between Server and Client
serverBufferSize=6
;the number of events that Client aquires from Server during one get invocation
sendAtOnce=1
;the number of events that Client adds to visualization buffer after he gets them from Server
getAtOnce=1
;to lower CPU consumage CLient makes a sleep after each call to Server, parameter defines the time for sleep
sleep=200
;client history size
historySize=100000
;program icon
icon=logo_16.png
;welcome icon
welcomeIcon=welcome7.bmp
;backGround icon-first parameter allows background, second is image name, third is zoomable option
backGround=false,Europe_outline_map_35.jpg,true
7. Drawbacks
There exist a couple of things that we should take into account when we work with the
Simulator. At first the simulator works with buffer, it means that when switching the target or
router there will be delay, the delay time grows with the Client buffer size, so proper values
should be chosen.
The history on the Client side is bounded by historySize , so if simulation runs and creates
more events that Client can remember , they will be deleted and couldn’t be recovered and of
course we couldn’t load them using history.
The visualization of the Client heavily depends on the values set in clientbBuffer, serverBuffer,
getAtOnce and setAtOnce , so proper setting should be chosen. For more details refer to
Possible upgrades for simulator document.