I found a very useful tool when practicing the INE labs. How to generate
traffic with traceroute. I’ve used telnet lots of times to generate TCP
traffic on different ports but what if we want to generate UDP traffic instead?
We can used traceroute to our advantage.
The topology is the one I’ve been using for my last posts with two routers
connected by a FastEthernet link.
First we create an access-list on R1 that will deny UDP on ports 9 and 19
but allow everything else.
We will confirm connectivity by doing a ping and then a telnet.
The traffic is passing successfully. Lets check the access-list on R1.
We have matches in the ACL, now lets generate traffic with traceroute.
We will type traceroute and then enter the options.
The important thing here is of course to change the port to something else
than the default port 33434. You can see by the !A in the answer that the
traffic was prohibited. Lets confirm this with looking at the ACL on R1.
And that is how you generate traffic with traceroute. Combined with the telnet
tool we can pretty much simulate most of TCP or UDP traffic. This gives us an
advantage in the lab so that we may test our ACLs to see that they are working
as expected.
Daniel thanks very useful !
could you give me an example on how to use telnet for testing tcp traffic in different ports ?
INE describes using DNS for udp traffic tests
either sla is fast when you are used to its syntax
Hi Gio,
It is very easy. You can do it like this:
telnet 1.2.3.4 bgp /source-interface lo0
That will test if port 179 is open on host 1.2.3.4 and we source the packets from loopback 0. If you want to send traffic on custom port you can do telnet 1.2.3.4 333. This is a great way of testing for open ports and to check if users have problems accessing a mailserver or something like that. Then you can telnet on SMTP port to mail server and then see that you are connected and type commands to it if you like.
this will only work correctly for the first hop. the next packets generated will have the initial port + 3 or something like that so it might be a problem generating the same port traffic for remote hosts
Yeah, may not be very useful in real life unless you are trying to reach something directly connected. Should be good for the lab though where we have control over everything that is not the backbone.
Yes but you can set the “minimum time to live” to 29 so the first packet can reach the destination.