您可以使用 ARP 中毒(欺骗)来应用模拟的外部效果吗?
我们正在研究创建网络效应服务器的方法。 我的意思是中央服务器将检查网络上的所有数据包,并根据实际网络外部的因素(例如天气和视线)应用逻辑(丢弃、延迟、更改等)。
这一切都与运行多个现实世界实体的模拟有关:网络中的物理节点将代表 3D 虚拟世界中的 3D 移动实体。 正如我所提到的,影响将根据节点的“虚拟世界位置”之间的视线、距离、干扰等进行计算。
我知道其他工具可以让您实现此类效果(例如 OPNET,我们可能会将其用作解决方案的一部分),但它们通常要求您将数据直接路由到它们进行处理。 它们也不处理 UDP 或 TCP。
我需要一种方法来透明地运行我们的服务器并应用效果,而无需更改 UDP 和 TCP 的任何现有软件(无论如何,有些软件是无法更改的)。
在这个程度上,我们正在考虑使用 ARP 中毒(或欺骗,无论您喜欢如何称呼它),强制所有流量通过这些服务器中的一台(或可能是多台以实现负载平衡)来执行数据包整形。
这是一个可行的方法吗? (不想花费数周的时间进行开发,然后才意识到存在太多障碍或完全不可能)
如果可行的话,是RFC826(加上5227 和 5494) 关于ARP的最新文档? 有更好的文档吗?
当某些网络 节点是虚拟机(它们可能 桥接或 NAT'ed)?
是否有任何库可以让您在 C# 中执行此操作?
(我们对我们使用的语言持开放态度,但可能更喜欢基于 C# 或 Qt 的解决方案)
We are looking at ways of creating a network effects server. By this I mean a central server that will inspect all the packets on the network and apply logic (drop, delay, alter, etc) based on factors external to the actual network such as weather and line-of-sight.
This is all to do with running simulations of multiple real-world entities: a physical node in the network would represent a 3D moving entity in the 3D virtual world. As I mentioned, the effects would be calculated on line-of-sight, distance, interference, etc between the "virtual-world position" of the nodes.
I am aware of other tools that let you do these kind of effects (such as OPNET, which we might use as part of the solution), but they typically require you to route the data directly to them for processing. They also don't handle either UDP or TCP.
I need a way to transparently run our server and apply the effects without changing any existing software (and some can't be changed, anyway) for both UDP and TCP.
To that extent, we were thinking of using ARP-poisoning (or spoofing, whichever you prefer to call it), to force all the traffic through one (or potentially multiple for load-balancing) of these servers to perform the packet shaping.
Is this a feasible approach? (don't want to spend weeks developing before realizing that there are too many obstacles or that it is flat-out impossible)
If it is feasible, is RFC826 (plus 5227 and 5494) the latest document on ARP? Is there a better document out there?
Would this work when some of the network
nodes are Virtual Machines (they might
be bridged or NAT'ed)?Are there any libraries that let you do this in C#?
(We are open to the language we use, but probably prefer C# or Qt-based solutions)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
从技术上讲,你可以使用 ARP 中毒来做到这一点,但我真的不认为我会推荐它。 我真的不明白你为什么要尝试这样做,但从它的声音来看,你希望模拟可能由射频设备引起的数据包丢失/损坏的类型。
首先,您提到了 C#,它实际上不是执行此操作的语言,低级网络距离太远。 我认为 C# 确实提供了一个原始套接字类,但如果您尝试模拟 TCP/IP 和 UDP 并且欺骗不属于您主机的地址,它实际上会丢弃您的数据包。 可能有办法阻止这种情况,但您必须研究 .Net Raw Socket。
您也可以将 WinPcap 与 ac# 包装器一起使用。 但它仍然不是本机实现,并且可能会遭受性能损失。 我使用过一个 WinPcap 的 C# 包装器,名为 SharpPcap,但是有些部分不太好已实施,我必须根据需要对其进行修改。 我已经做了一些以 300Mbps 捕获流量的简单测试,但这并不包括任何协议分析或将数据包注入回网络。 这也可以用于将数据包放回到网络上,但在过去,这又是众所周知的低性能。 我的网络同行的普遍看法是,如果没有 Gbps 速度的硬件辅助,就无法完成这种类型的检查。
我看到你注意到你控制着路由器和实验室。 我不知道思科是否对此功能有最低要求,但您可以将静态路由指向接口。 因此,如果您将拦截服务器挂在路由器的一个端口上,并为每个主机添加路由到您的拦截服务器,那么它很可能会接收通过路由器路由的所有流量。 您可以通过将接口而不是 IP 地址定义为下一个跃点来实现此目的。
*请注意 Bob McCormick 的注释,它只会影响不同子网上的主机,但是有一个简单的作弊方法,在每个主机上(如果分配了静态 IP 地址)将子网掩码设置为 /32(即 255.255.255.255)。 这实际上会迫使主机发送所有由路由器路由的帧,因为它不再知道与它自己在同一网络上的任何其他用户。
最后一个警告是我不知道这是否适用于虚拟机。 我认为如果你使用vmware中的一种类型的网络接口就可以了,但我没有尝试过,也不知道其他虚拟机提供商。
然而,如果您正在进行这种级别的工作,我建议您再次考虑使用 Linux 作为您发送流量的主机,也许还可以使用 Bob McCormick 推荐的工具。 然而,在 Linux 中,我确信有大量的工具可以设置来模拟您正在寻找的此类事件。
Technically you can use ARP poisoning to do this, however I really don't think I would recommend it. I really don't understand why you're trying to do this, but from the sounds of it you're looking to similate the types of packet loss / corruption that could be caused by RF equipment.
First off, you mentioned C#, which really isn't the language for doing this, the low level networking is too far removed. I think C# does provide a raw socket class, but if you try to emulate TCP/IP and UDP and spoof addresses not belong to you're host, it actually drops you're packets. There might be a way to stop this, but you would have to research the .Net Raw Socket.
You can use WinPcap with a c# wrapper as well. But it's still not a native implementation and may suffer performance penalties. There is a C# wrapper for WinPcap which I have used called SharpPcap, however some parts aren't well implemented and I had to modify it for what I needed. I have done some simple tests of capturing traffic at 300Mbps, but that hasn't including any protocol analysis or any injection of the packets back onto the network. This can also be used for putting the packets back onto the network, but again in the past this was reputably low performance. Common perception amoung my networking peers is that this type of inspection cannot be done without hardware assist into the Gbps speeds.
I see you noted that you control the router and the lab. I don't know if Cisco has a minimum requirements for this feature, but you can point a static route to an interface. So if you hang you're intercept server off one port of the router and put routes in for every host to go to you're intercept server, it would feasibly receive all the traffic being routed through the router. You do this by defining an interface as you're next hop instead of an IP address.
*Please note Bob McCormick's note that it will only affect hosts on different subnets, however there is an easy cheat, on each host (if assigned static IP addresses) put the subnet mask to be /32 (ie. 255.255.255.255). This will essentially force the host to send all it frames to be routed by the router, since it is no longer aware of any other users on the same network as itself.
The last caveat is I have no idea if this will work in a virtual machine. I think it will if you use the one type of network interface in vmware, but I have not tried it, and have no idea about the other virtual machine providers.
However, if you are doing this level of work, I would suggest that again you look at using linux for the host you're sending you're traffic too, and maybe the tool Bob McCormick recommended. However, in linux i'm sure there are a great number of tools that can be set up to simulate these sorts of events you're looking for.
我不是 ARP 中毒方面的专家,但我相信要可靠且一致地实现其效果,您需要获得路由器的同意。 我的意思不是合法性方面的同意,而是路由器实际上会将您设置为网络上所有设备的中间人的同意。
有这种可能吗?
编辑:既然你控制了网络,我认为你根本不需要ARP中毒。 我不确定你的拓扑是什么样的,但对于小型/中型设置,我会从 CISCO 或同等设备切换并研究运行 Linux 盒子作为路由器。 然后根据需要删除/延迟/更改数据包所需的任何脚本等。 使用 Linux 而不是 Cisco 的决定可能有点敏感,我不是专家,但对于小型实验室来说,这不应该有任何问题。
我个人使用 shorewall(iptables 的前端)来分段我的网络并在分段之间丢弃/拒绝/允许数据包。 连接它以使用由外部因素控制的脚本将需要大量的 iptables 工作来动态添加和删除规则,但肯定是可行的。
免责声明:我从未使用过 Cisco 设备,因此我不知道它们具有哪些高级功能。 也许他们有能力运行这样的高级逻辑,如果是的话,那就更好了——我只是假设他们没有。
I'm not an expert on ARP Poisoning, but I believe that to achieve its effects reliably and consistently you would need the consent of the router. I don't mean consent in terms of legalities, but consent in that the router will actually set you up as the middle-man for all devices on the network.
Is that a possibility?
Edit: Since you control the network, I don't think you need ARP Poisoning at all. I'm not sure what your topography looks like, but for a small/medium setup I would switch from a CISCO or equivalent device and investigate running a linux box as a router. Then whatever scripts and such as necessary to drop/delay/alter packets as needed. The Linux-instead-of-Cisco decision might be a little touchy, I'm not an expert but for a small lab it shouldn't be any sort of problem.
I personally use shorewall (a frontend to iptables) to segment my network and drop/reject/allow packets between segments. Hooking it up to use scripts controlled by external factors would be a lot of iptables work to add and remove rules dynamically, but certainly doable.
Disclaimer: I've never worked with Cisco devices, so I don't know what advanced functions they're capable of. Perhaps they are capable of running advanced logic like this, if so, so much the better - I was just assuming they weren't.
欺骗永远不会可靠。 这基本上是您与您所欺骗的 IP 地址的合法所有者之间的一场竞赛。
请注意,任何涉及使用路由器的配置(例如使用 Linux 路由器的建议等)将仅允许您影响不同子网上的主机之间的流量。
如果这对您有用,我建议您从 Netem 功能开始 (http://www .linuxfoundation.org/en/Net:Netem)在 Linux 内核中? Netem 将允许您控制 Linux 内核转发的任何数据包的带宽、延迟、抖动、数据包重新排序等。 我曾多次使用它来模拟 Cisco 路由器之间的 WAN 特性,以测试 QOS 配置。
Spoofing is never going to be reliable. It's basically a race between you and the legitimate owner of the IP address you're spoofing.
Note that any configurations that involves using a router, like the suggestion to use a linux router, etc., will only allow you to affect traffic between hosts that are on different subnets.
If that works for you, may I suggest that you begin with the Netem functionality (http://www.linuxfoundation.org/en/Net:Netem) in the Linux kernel? Netem will allow you to control bandwidth, delay, jitter, packet re-ordering, etc. for any packets forwarded by the Linux kernel. I've used it a number of times to simulate WAN characteristics between Cisco routers for testing QOS configurations.