Wednesday, October 17, 2018

network simulation

The Simulator tries to duplicate the behavior of the device.
The Emulator tries to duplicate the inner workings of the device.


Emulation is the replacement of a real world device with an model at a well defined interface for the purposes of allowing controlled responses from the emulated real world device. The emulation is "complete" if all the interfaces are present, and the resulting observed behavior matches that of the real world device.

Simulation is the use of modeling to create a controllable, representative stand in for a complex system. Simulations are, by definition, always incomplete.

An emulation is a system that behaves exactly like something else, and adheres to all of the rules of the system being emulated. It is effectively a complete replication of another system, right down to being binary compatible with the emulated system's inputs and outputs, but operating in a different environment to the environment of the original emulated system. The rules are fixed, and cannot be changed, or the system fails.

A simulation is a system that behaves similar to something else, but is implemented in an entirely different way. It provides the basic behaviour of a system, but may not necessarily adhere to all of the rules of the system being simulated. It is there to give you an idea about how something works.

https://stackoverflow.com/questions/2174638/whats-the-difference-between-emulation-and-simulation
  • GNS3 2.1 Install and configuration on Windows 10 (Part 4): Basic GNS3 Network (your first network)


VPCS configuration must be saved in order to reopen the same project.


  • Cisco Packet Tracer is a powerful network simulation program that allows students to experiment with network behavior and ask “what if” questions. As an integral part of the Networking Academy comprehensive learning experience, Packet Tracer provides simulation, visualization, authoring, assessment, and collaboration capabilities and facilitates the teaching and learning of complex technology concepts. 
http://www.cisco.com/web/learning/netacad/course_catalog/PacketTracer.html

  • Images designed for running inside GNS3

The target is not to simulate the deployment of container infrastructure in production but use containers as light virtual machine replacing heavy qemu instance or VPCS when you want to use tools like telnet, nmap
It’s also not designed to control a docker cluster for production or development.  If you want to simulate real life containers infrastructure you need to deploy an OS on qemu and start container on it.
https://docs.gns3.com/1KGkv1Vm5EgeDusk1qS1svacpuQ1ZUQSVK3XqJ01WKGc/index.html

  • It allows enterprises, e-learning providers/centers, individuals and group collaborators to create virtual proof of concepts, solutions and training environments.

http://www.eve-ng.com/

  • UNetLabv2

labs distributed between dozens of physical or virtual nodes;
unlimited running labs for each user;
support for Ansible/NAPALM/… automation tools
http://www.routereflector.com/unetlab/#main


  • Mininet creates a realistic virtual network, running real kernel, switch and application code, on a single machine (VM, cloud or native)

Mininet is also a great way to develop, share, and experiment with OpenFlow and Software-Defined Networking systems.
http://mininet.org/
SDN, OpenFlow and Mininet

  • Mininet: Rapid Prototyping for Software Defined Networks


What is Mininet?
Mininet emulates a complete network of hosts, links, and switches on a single machine.
Mininet is useful for interactive development, testing, and demos, especially those using OpenFlow and SDN. OpenFlow-based network controllers prototyped in Mininet can usually be transferred to hardware with minimal changes for full line-rate execution.

How does it work?
Mininet creates virtual networks using process-based virtualization and network namespaces - features that are available in recent Linux kernels. In Mininet, hosts are emulated as bash processes running in a network namespace, so any code that would normally run on a Linux server (like a web server or client program) should run just fine within a Mininet "Host". The Mininet "Host" will have its own private network interface and can only see its own processes. Switches in Mininet are software-based switches like Open vSwitch or the OpenFlow reference switch. Links are virtual ethernet pairs, which live in the Linux kernel and connect our emulated switches to emulated hosts (processes).

https://github.com/mininet/mininet
  • PacketCreator

PacketCreator is provided to help network administrators to test their network, by using ARP cache poisoning and generate ICMP packets to send over the LAN.
The main idea is to allow administrators using this kind of software to secure their network to several known attacks.
This tool can also redirect switched based networks traffic (dumping and forwarding are also provided).
It is possible to create a custom-made IP packet in which you can edit IP header or every ICMP field
https://www.softpedia.com/get/Network-Tools/Network-Testing/PacketCreator.shtml


  • Nemesis

Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.
http://nemesis.sourceforge.net/


  • Nemesis Tutorial

In this tutorial, I show how to use nemesis to arp poison a windows 7 box.  Nemesis is a command-line packet injection too
http://pbnetworks.net/?cmd=bbs&id=41

  • ettercap

For arp cache poisoning to take place, the attacker needs to be in the same network segment as the systems under attack. The first step is to obtain a list of IP addresses and their associated MAC addresses
https://ettercap.github.io/ettercap/



  • dsniff

dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI.
http://monkey.org/~dugsong/dsniff/


  • Arpwatch

A good defense against these techniques is to provide port security integrated into your switches and to run arpwatch to monitor address resolution protocol traffic on your network.
Arpwatch keeps track  for  ethernet/ip  address  pairings.  It  logs into syslog activity  and reports certain changes via email
http://linuxcommand.org/man_pages/arpwatch8.html

No comments:

Post a Comment