There is a saying in network training that I’ve heard from a number of instructors. That is, “Be the packet.” The idea is that if you think about networking from the perspective of the packet, hard-to-understand concepts might make better sense. Now, putting yourself in the position of the packet is easier said than done if you don’t really grasp what makes up a packet.
Any of us that have gone through network fundamentals know the OSI model, and any of us that have spent time with Wireshark have a sense of how the OSI model maps to individual packets. Wireshark breaks the packet down into framing headers, IP headers, transport headers, and so on, until you get to the payload. That sort of breakdown goes a long way towards “being the packet.”
But…have you ever wanted to make your own packet? In other words, actually craft a packet of your own imagination? I mean, you should be able to do that, right? Something is taking traffic from your web browser and sticking that payload into a packet that can cross the Internet. And those crafty folks who write NMAP certainly make some interesting packets they throw at networks to see what happens.
If software developers and network driver writers can make their own packets, can’t you? Ah, right…you’re not a developer. Your coding-fu is weak, as is mine. Still, there’s hope for us in an open source tool called Ostinato. Ostinato calls itself “Wireshark in reverse.” With Ostinato, you can make your own packets, custom crafting them any way you like.
Today on the Packet Pushers Priority Queue, we’re talking with one of the Ostinato creators, Srivats P.
Part 1 – Background
- Ostinato is open. Do we mean “open” as in open source? Or do we mean “open” like some of the new definitions of open that vendors are using to describe their closed, commercial products?
- What platforms are supported?
- How many folks are contributing to the project?
- The last binary distribution I see from the download site is dated July 7, 2014, and here it is April 2015. Should I be worried? Special note – since recording this, Srivats released a new version (0.7) of Ostinato in June 2015.
- I have to ask…why the name “ostinato”? I know the word to be a musical term that refers to an underlying, repetitive theme in a piece. The Wikipedia article on the word cites Ravel’s “Bolero” as an example. How does that idea tie into this product?
- Let’s talk about Ostinato use cases.
- Developer community working on networking software
- QA testers, python scripting supported, also can save streams as a python script
- Security – pen testing, google “packets of death”
- GNS3 – study, certification traffic generation
- Not for the network n00b.
Part 2 – Usage
- Client – server.
- Drone is the server.
- The GUI is the client, but there is also a python option. And others.
- So, you can do a build a server with a bunch of NICs, run Drone, use it a server to support multiple clients.
- What considerations are there when installing Ostinato?
- Elevated privileges. For instance, launching via sudo on OS X, or there will be no interfaces in the port group.
- Drone is what needs this. Can “setuid” bit.
- When building a packet to be sent by Ostinato, there is a concept of a “stream.” Please explain this idea.
- When building a stream, talk through some of what you can do.
- Ethernet framing
- 802.1q tagging
- TCP, UDP, ICMP, etc.
- DSCP / ToS byte value
- There’s lots of randomization options, as well as sequencing options for various fields in a packet Ostinato is generating. Was that driven by user requests, or did it just seem like the right thing to do?
- I noticed you can set up several streams to run back to back. What are some use cases for this?
- It would be hard to craft an entire data stream by hand, packet by packet. Are there shortcuts?
- Talk about your DPDK development project.
- Is there anything else interesting about Ostinato that we haven’t talked about yet?
- How can people who want to contribute to Ostinato get involved?
- Bug reports
- Contribute a protocol builder (sort of like a Wireshark dissector)
- Project website – http://ostinato.org
- Twitter – @ostinato
- Mailing List – [email protected] & https://groups.google.com/forum/#!forum/ostinato
- Packets of Death – http://blog.krisk.org/2013/02/packets-of-death.html
- Ostinato for GNS3 – http://www.bernhard-ehlers.de/projects/ostinato4gns3/index.html
- DPDK – Ostinato Prototype – http://www.slideshare.net/pstavirs/dpdk-accelerated-ostinato
- PLVision/DPDK-Ostinato Performance Report (1G) – http://plvision.eu/blog/ostinato-and-intel-dpdk-data-rates-report/
- PLVision/DPDK-Ostinato Performance Report (10G) – http://plvision.eu/blog/ostinato-and-intel-dpdk-10g-data-rates-report-on-intel-cpu/
- PLVision/DPDK-Ostinato code – https://github.com/PLVision/ostinato-dpdk