The Poor Man’s IOS Traffic Generator

18 January, 2008 by Greg Ferro Print Posting

This is a feature that I used to use years ago, but had forgotten about. For some reason, I remembered it today and it is still as useful as it ever was. Read on…

There is a feature that is built-in to TCP known as CHARGEN, whci is short for CHARacter GENerator and it used to be a standard feature in most verions of *nix. Today this feature is disabled for security reasons (detailed in rfc864).There are a few other services in the same feature set of TCP, such as Echo, Discard and Daytime (rfc 862, 863, 867 respectively) and these are also useful.In IOS, Cisco calls all of these ’small-servers’ and from about Version 12.2 or so, they are disabled by default. So first thing is to enable the service.

r2#conf tEnter configuration commands, one per line. End with CNTL/Z. r2(config)#service tcp-small-servers r2(config)#^Z r2# 000120: *Mar 1 00:28:35.183 UTC: %SYS-5-CONFIG_I: Configured from console by console

You have now enabled a service that is listening for requests. Go to an adjacent router that can reach an IP address on the first router, and telnet to port 19.

r1#telnet 198.18.0.2 19 Trying 198.18.0.2, 19 ... Open !"#$%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg !”#$%&’()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg h”#$%&’()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg hi#$%&’()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg hij$%&’()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg hijk%&’()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg hijkl&’()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg hijklm’()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk lmn()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno )*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop*+, -./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq+,-./0 123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr,-./01234 56789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs-./012345678 9:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst./0123456789:;? @ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu/0123456789:;?@ABC DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv0123456789:;?@ABCDEFG HIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvw123456789:;?@ABCDEFGHIJK LMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx23456789:;?@ABCDEFGHIJKLMNO PQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy3456789:;?@ABCDEFGHIJKLMNOPQRS TUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz456789:;?@ABCDEFGHIJKLMNOPQRSTUVW XYZ[\]^_`abcdefghijklmnopqrstuvwxyz{56789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[ \]^_`abcdefghijklmnopqrstuvwxyz{|6789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ `abcdefghijklmnopqrstuvwxyz{|}789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abc defghijklmnopqrstuvwxyz{|}~89:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg hijklmnopqrstuvwxyz{|}~9:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl mnopqrstuvwxyz{|}~ !:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop qrstuvwxyz{|}~ !”;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst uvwxyz{|}~ !”#?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx yz{|}~ !”#$=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv wxyz{|}~ !”#$%>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst uvwxyz{|}~ !”#$%&?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq rstuvwxyz{|}~ !”#$%&’

This will continue as long as you keep the session open.

Warning

IOS must generate the characters, and this is done by the CPU and is very CPU intensive on a high speed link. You should take some care only do this in the direction that you can terminate the telnet session. Thus do this on a router that is ‘nearest to you’. If you telnet from the far side back to yourself you can flood the connection and cause the router to reload (or worse).I strongly recommend that you practice this in a test environment before you do this in a live environment.

Stop the session

Enter Ctrl-Shift-6 and then x to return to the main console. Then enter ‘disc 1′ to terminate the background connection.

!"#$%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg h”#$%&’()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg hi#$%&’()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg hij$%&’()*+,!

Ctrl-Shift-6 and x was pressed here, you must use the ‘disconnect’ command to clear the session as it will still be running in the background.

rs#disc 1 Closing connection to 198.18.0.1 [confirm]r2#