您可以使用ARP中毒(欺骗)来应用模拟的外部效果吗? [英] Can you use ARP-Poisoning (spoofing) to apply simulated external effects?
问题描述
我们正在研究创建网络效果服务器的方法.我的意思是说,中央服务器将检查网络上的所有数据包并根据实际网络外部的因素(例如天气和视线)应用逻辑(丢弃,延迟,更改等).
We are looking at ways of creating a network effects server. By this I mean a central server that will inspect all the packets on the network and apply logic (drop, delay, alter, etc) based on factors external to the actual network such as weather and line-of-sight.
这与运行多个真实世界实体的仿真有关:网络中的物理节点将代表3D虚拟世界中的3D移动实体.如我所提到的,将在虚拟世界位置"与虚拟世界位置"之间的视线,距离,干扰等上计算影响.的节点.
This is all to do with running simulations of multiple real-world entities: a physical node in the network would represent a 3D moving entity in the 3D virtual world. As I mentioned, the effects would be calculated on line-of-sight, distance, interference, etc between the "virtual-world position" of the nodes.
我知道其他工具可以使您产生这种效果(例如OPNET,我们可能将其用作解决方案的一部分),但是它们通常需要您将数据直接路由到它们进行处理.他们也不处理UDP或TCP.
I am aware of other tools that let you do these kind of effects (such as OPNET, which we might use as part of the solution), but they typically require you to route the data directly to them for processing. They also don't handle either UDP or TCP.
我需要一种方法来透明地运行我们的服务器并应用效果,而无需更改UDP和TCP的任何现有软件(无论如何也不能更改某些软件).
在这种情况下,我们正在考虑使用ARP中毒(或欺骗,无论您喜欢称呼它为哪个),以强制所有流量通过这些服务器中的一个(或可能是多个,以实现负载平衡)来执行数据包整形.
To that extent, we were thinking of using ARP-poisoning (or spoofing, whichever you prefer to call it), to force all the traffic through one (or potentially multiple for load-balancing) of these servers to perform the packet shaping.
这是可行的方法吗? (不想花数周的时间才意识到存在太多障碍或完全不可能)
Is this a feasible approach? (don't want to spend weeks developing before realizing that there are too many obstacles or that it is flat-out impossible)
如果可行,请 RFC826 (加上 5494 )关于ARP的最新文档?有更好的文件吗?
If it is feasible, is RFC826 (plus 5227 and 5494) the latest document on ARP? Is there a better document out there?
在某些网络上可以正常工作吗 节点是虚拟机(它们可能 被桥接或NAT')?
Would this work when some of the network nodes are Virtual Machines (they might be bridged or NAT'ed)?
是否有任何库可以让您在C#中执行此操作?
Are there any libraries that let you do this in C#?
(我们对使用的语言持开放态度,但可能更喜欢基于C#或Qt的解决方案)
(We are open to the language we use, but probably prefer C# or Qt-based solutions)
推荐答案
从技术上讲,您可以使用ARP中毒来做到这一点,但是我真的不建议这样做.我真的不明白为什么要尝试这样做,但是从声音的角度来看,您正在寻找一种可以简化由RF设备引起的数据包丢失/损坏的类型.
Technically you can use ARP poisoning to do this, however I really don't think I would recommend it. I really don't understand why you're trying to do this, but from the sounds of it you're looking to similate the types of packet loss / corruption that could be caused by RF equipment.
首先,您提到了C#,它实际上不是执行此操作的语言,低级网络已被删除.我认为C#确实提供了原始套接字类,但是如果您尝试模拟不属于您的主机的TCP/IP和UDP和欺骗地址,它实际上会丢弃您的数据包.可能有一种方法可以阻止这种情况,但是您必须研究.Net Raw Socket.
First off, you mentioned C#, which really isn't the language for doing this, the low level networking is too far removed. I think C# does provide a raw socket class, but if you try to emulate TCP/IP and UDP and spoof addresses not belong to you're host, it actually drops you're packets. There might be a way to stop this, but you would have to research the .Net Raw Socket.
您也可以将WinPcap与c#包装程序一起使用.但是它仍然不是本机实现,并且可能会遭受性能损失.我曾经使用过一个用于WinPcap的C#包装器,称为 SharpPcap ,但是某些部分效果不佳实施,我必须根据需要对其进行修改.我已经做了一些简单的测试,以300Mbps的速度捕获流量,但是还没有进行任何协议分析或将数据包注入到网络中.这也可以用于将数据包放回网络,但是在过去,这又是性能低下的原因.在我的网络同行中,普遍的看法是,如果没有Gbps速度的硬件协助,就无法进行这种检查.
You can use WinPcap with a c# wrapper as well. But it's still not a native implementation and may suffer performance penalties. There is a C# wrapper for WinPcap which I have used called SharpPcap, however some parts aren't well implemented and I had to modify it for what I needed. I have done some simple tests of capturing traffic at 300Mbps, but that hasn't including any protocol analysis or any injection of the packets back onto the network. This can also be used for putting the packets back onto the network, but again in the past this was reputably low performance. Common perception amoung my networking peers is that this type of inspection cannot be done without hardware assist into the Gbps speeds.
我看到您注意到您控制了路由器和实验室.我不知道思科是否对此功能有最低要求,但是您可以将静态路由指向接口.因此,如果您挂起了路由器,则将其拦截在路由器的一个端口之外,并为每台主机放置路由,以使其进入要拦截的服务器,它将可行地接收通过路由器路由的所有流量.您可以通过定义接口(而不是IP地址)来实现此目的.
I see you noted that you control the router and the lab. I don't know if Cisco has a minimum requirements for this feature, but you can point a static route to an interface. So if you hang you're intercept server off one port of the router and put routes in for every host to go to you're intercept server, it would feasibly receive all the traffic being routed through the router. You do this by defining an interface as you're next hop instead of an IP address.
*请注意鲍勃·麦考密克(Bob McCormick)的注意,它只会影响不同子网中的主机,但是有一个简单的作弊方法,在每台主机上(如果分配了静态IP地址)将子网掩码设置为/32(即255.255.255.255) ).从本质上讲,这将迫使主机发送所有要由路由器路由的帧,因为它不再知道与它在同一网络上的任何其他用户.
*Please note Bob McCormick's note that it will only affect hosts on different subnets, however there is an easy cheat, on each host (if assigned static IP addresses) put the subnet mask to be /32 (ie. 255.255.255.255). This will essentially force the host to send all it frames to be routed by the router, since it is no longer aware of any other users on the same network as itself.
最后一个警告是我不知道这是否可以在虚拟机中工作.我认为,如果您在vmware中使用一种类型的网络接口,那会,但是我还没有尝试过,并且对其他虚拟机提供商一无所知.
The last caveat is I have no idea if this will work in a virtual machine. I think it will if you use the one type of network interface in vmware, but I have not tried it, and have no idea about the other virtual machine providers.
但是,如果您正在执行此级别的工作,我建议您再次考虑使用Linux作为发送主机的方式,这也会给您带来流量,也许鲍勃·麦考密克(Bob McCormick)推荐了该工具.但是,在Linux中,我确定可以设置很多工具来模拟您正在寻找的这类事件.
However, if you are doing this level of work, I would suggest that again you look at using linux for the host you're sending you're traffic too, and maybe the tool Bob McCormick recommended. However, in linux i'm sure there are a great number of tools that can be set up to simulate these sorts of events you're looking for.
这篇关于您可以使用ARP中毒(欺骗)来应用模拟的外部效果吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
