The Poor Man’s IOS Traffic Generator
September 19, 2009 by Greg Ferro · 7 Comments
CHARGEN
There is a feature that is built-in to TCP known as CHARGEN, whci is short for CHARacter GENerator and it used to be a standard feature in most verions of *nix. Today this feature is disabled for security reasons (detailed in rfc864).There are a few other services in the same feature set of TCP, such as Echo, Discard and Daytime (RFC 862, 863, 867 respectively) and these are also useful.In IOS, Cisco calls all of these ‘small-servers’ and from about Version 12.2 or so, they are disabled by default. So first thing is to enable the service.
Enabling TCP Small Server on IOS
r2#conf t
Enter configuration commands, one per line.
End with CNTL/Z.
r2(config)#service tcp-small-servers
r2(config)#^Z
r2#
000120: *Mar 1 00:28:35.183 UTC: %SYS-5-CONFIG_I: Configured from console by console
You have now enabled a service that is listening for requests. Go to an adjacent router that can reach an IP address on the first router, and telnet to port 19 and a bunch of characters will display on the screen.
r1#telnet 198.18.0.2 19
Trying 198.18.0.2, 19 ...
Open
!"#$%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
!"#$%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
h"#$%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
hi#$%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
hij$%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
hijk%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
hijkl&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
hijklm'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk
lmn()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno
)*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop*+,
-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq+,-./0
123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr,-./01234
56789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs-./012345678
9:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst./0123456789:;?
@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu/0123456789:;?@ABC
DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv0123456789:;?@ABCDEFG
HIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvw123456789:;?@ABCDEFGHIJK
LMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx23456789:;?@ABCDEFGHIJKLMNO
PQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxy3456789:;?@ABCDEFGHIJKLMNOPQRS
TUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz456789:;?@ABCDEFGHIJKLMNOPQRSTUVW
XYZ[\]^_`abcdefghijklmnopqrstuvwxyz{56789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[
\]^_`abcdefghijklmnopqrstuvwxyz{|6789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_
`abcdefghijklmnopqrstuvwxyz{|}789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abc
defghijklmnopqrstuvwxyz{|}~89:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
hijklmnopqrstuvwxyz{|}~9:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl
mnopqrstuvwxyz{|}~ !:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop
qrstuvwxyz{|}~ !";?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst
uvwxyz{|}~ !"#?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwx
yz{|}~ !"#$=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv
wxyz{|}~ !"#$%>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst
uvwxyz{|}~ !"#$%&?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq
rstuvwxyz{|}~ !"#$%&'
--SNIP--
This will continue as long as you keep the session open.
Warning
IOS must generate the characters, and this is done by the CPU and is very CPU intensive on a high speed link. You should take some care only do this in the direction that you can terminate the telnet session. Thus do this on a router that is ‘nearest to you’. If you telnet from the far side back to yourself you can flood the connection and cause the router to reload (or worse).I strongly recommend that you practice this in a test environment before you do this in a live environment.
Stop the session
Enter Ctrl-Shift-6 and then x to return to the main console. Then enter ‘disc 1′ to terminate the background connection.
!"#$%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
h"#$%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
hi#$%&'()*+,-./0123456789:;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefg
hij$%&'()*+,!
Ctrl-Shift-6 and x was pressed here, you must use the ‘disconnect’ command to clear the session as it will still be running in the background.
rs#disc 1
Closing connection to 198.18.0.1 [confirm]r2#
Some Considerations
While this will definitely generate some traffic, it will not generate large volumes of traffic. Some performance considerations that should think about:
- the CPU of the remote router to generate the character stream
- the ability of the WAN link to send traffic
- the speed at which the router can send the characters to a terminal session.
Specifically, a console session with a 9600 bps rate will not generate a lot of traffic, but a telnet session directly connected at 100Mbps will generate a lot more because the transmission rate between the router and the terminal window is very fast. SSH will be slower since the encryption adds some delay to the process.
Stupid Alert: Think before start
It certainly possible that if you do this on a production network that you could cause a loss of service. You should take some time to think about the implications to your bandwidth, and make sure you know how to stop the CHARGEN, BEFORE YOU START.
You are warned.
- Serial Console on OSX
- IOS: Reverse SSH console access — Part 2
- IOS: enable and .… disable ?
- IOS: Setting the TCP timeout on IOS
- IOS:CLI Tip — terminal full help
- OS X:Terminal break for Serial Console on OS X
- Changing the break character in Cisco IOS
- IOS CLI: show run linenum
- IOS: Setting Terminal Window Length
- IOS: Clearing an interface configuration
- IOS: Console, Terminal, Monitor, VTY — what is what ?
- IOS: “terminal monitor” on, off — logging to your terminal
- The poor man’s IOS Traffic Generator
- Setting the Defaults for PUTTY
- Putty — Recommended Default Settings for a Network Engineer
- Putty, the Command Line and NO clicky clicky
- Review: goSerial — Console Break for Network Devices on OSX
Please rate this post:
Why Rate Posts?
(1 votes, average: 10.00 out of 10)
Loading ...
Greg, why would you want to do this? If you can ping a router, you know it’s up. If you want to load test it, using something like iperf (http://sourceforge.net/projects/iperf/) is going to me much more useful, yah?
Let’s see:
1) It would be very rare that I would have access to a server and be able to run a traffic generation routine. Doubly so for secure networks (and I mean properly secure, not enterprise or business networks).
2) if you want to test a given link that is between two towns in another country, using iperf isn’t an option. You would break the links in between.
3) it’s quick and dirty. See the bit about ‘poor mans traffic generator’. Sometimes good enough is enough.
Some IOS releases have (had?) the ttcp command which is way more efficient than CHARGEN.
http://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a0080094694.shtml
Not reliable enough for me to consider. Also, using a server to solve network problems is soft. Real engineers are purists.
ha ha ha ha ha.…..just kidding. Whatever works. I actually have a Java implementation for TTCP somewhere.
IOS contains TTCP client and server, so you can run it between two routers. Unfortunately the router’s CPU is not powerful enough to fill a high-speed link; we had to deploy dedicated probes for NIL Monitor.
Not for a poor man, but a Pagent IOS image could be sufficient