DDOS traffic shaping simulator

User Manual

Authors

Inbar Shabi

Anatoly Cherner

Contents

1.Loading files wizard. ........................................................... 3

2. Using control buttons. ....................................................... 6

3.Using speed slider. .............................................................. 6

4. Using charts. ...................................................................... 7

5. Time unit and Attack/legal percentage panels .................. 8

6. Properties file of the Client ................................................ 9

7. Drawbacks ....................................................................... 11

1. Loading files wizard.

After program launch will appear:

To load files we press load files button and wizard should open:

Wizard:

Choose the next button and provide the path to .net file using Browse button, if file loaded

correctly the next window will appear, otherwise error message will be displayed . Example

shows the wizard after .net file successfully loaded:

Using Browse button provide the path to .ini file, if file loaded successfully press finish button

and close the wizard. Example shows successfully loaded .ini file.

Simulator after ready to work:

2. Using control buttons. Simulator has 4 buttons: Start/Pause, Stop, Rewind and Forward:

As name suggests the Start button starts the simulation , if pressed the icon changes to Pause

icon and if the button pressed second time the simulation will pause.

Stop button resets Server, Client and all data, basically it works in the same way as if files were

loaded once more.

Forward button increases simulation speed.

Rewind button runs simulation backwards.

3.Using speed slider. To increase the speed we can use the speed slider, but it also allows us to control the

simulation in the same way as with control buttons.

The speed defined by slider position , if it’s set to values between 0 and 10, the simulation

runs forward. If it’s set to 0 the simulation will pause. If we set it to values between -10 to 0 ,

the simulation will run backwards

4. Using charts There are 2 types of charts in the simulator, one shows the statistics of the traffic received by

target and the second shows the statistics for the filtering router and one of it’s targets.

Target chart - using combo box we can choose one of target and see it’s statistics, with blue

color we show the values of the preference vector and with other colors we show the actual

values for traffic delivered to traffic.

When simulation starts , the chart shows average of traffic calculated for all targets, but if we

choose certain target it will show the values for this target only. In the following example we

can see the average calculated for all targets in simulation and that actual values of udp do not

overload the value from preference vectors but the tcp-syn traffic overloads the value of

preference vectors:

Also we provide monitoring for CPU and memory state of the targets, in the same example we

can see that values for CPU are 100% and it means that targets are overloaded and the

memory consumption is 10000mB.

Filtering router and it’s target chart – as in the previous case , using combo boxes we can

choose the filtering router and on of it’s targets. But there the default shown by the chart isn’t

average, instead we show the chart for the filtering router with minimal id and for one of it’s

targets with minimal id. In the following example we show the values for router 1 and target

number 5.The values of the chart separated to 4 parts and we can see that filtering router

haven’t discarded any traffic and that of all traffic the legal one takes 60% and the traffic of

attack takes 40% .

5. Time unit and Attack/legal percentage panels Time unit panel shows the values of time unit for the packets that are on the screen. When

the simulation runs forward, panel shows the maximal TU value, when simulation runs

backwards, it shows the value of the packet with minimal TU.

When simulation stopped, the values are zeroed.

Attack and Legal percentage - the panel shows the percentage of the legal and attack traffic

that is currently processed.

In the following example we can see the values:

6. Properties file of the Client

The Client and server can be configured using properties.ini file. We’ll explain property using

actual file:

;defines look and feel for application

;SubstanceCremeLookAndFeel

;SubstanceBusinessLookAndFeel

;SubstanceChallengerDeepLookAndFeel

;SubstanceBusinessBlackSteelLookAndFeel

;SubstanceBusinessBlueSteelLookAndFeel

;SubstanceAutumnLookAndFeel

lookandfeel=SubstanceCremeLookAndFeel

;path to network icons directory

networkIconsFolderPath=ICONS\NET

;path to buttons icons directory

buttonIconsFolderPath=ICONS\BUTTONS

;path to maps icons directory, maps can be changed using background field

mapsIconsPath=MAPS

;server port for TCP connection

serverPort=2002

;defines the type of connection between Client and Server,values can be - ip or LOCAL or localhost,

;when local means that Server and Client run on the same machine without using network layer,

;localhost means that connection will be established on the same machine but using network layer

;ip means remote connection when modules are on different machines

serverName=local

;client buffer size, or the number of events that Clients stores on it's size, lower values mean lower memory

consumption, but higher traffic between Server and Client

clientBufferSize=3

;server buffer size, or the number of events that Server stores on it's side before they sent to Client,lower values mean

lower memory consumption, but higher traffic between Server and Client

serverBufferSize=6

;the number of events that Client aquires from Server during one get invocation

sendAtOnce=1

;the number of events that Client adds to visualization buffer after he gets them from Server

getAtOnce=1

;to lower CPU consumage CLient makes a sleep after each call to Server, parameter defines the time for sleep

sleep=200

;client history size

historySize=100000

;program icon

icon=logo_16.png

;welcome icon

welcomeIcon=welcome7.bmp

;backGround icon-first parameter allows background, second is image name, third is zoomable option

backGround=false,Europe_outline_map_35.jpg,true

7. Drawbacks

There exist a couple of things that we should take into account when we work with the

Simulator. At first the simulator works with buffer, it means that when switching the target or

router there will be delay, the delay time grows with the Client buffer size, so proper values

should be chosen.

The history on the Client side is bounded by historySize , so if simulation runs and creates

more events that Client can remember , they will be deleted and couldn’t be recovered and of

course we couldn’t load them using history.

The visualization of the Client heavily depends on the values set in clientbBuffer, serverBuffer,

getAtOnce and setAtOnce , so proper setting should be chosen. For more details refer to

Possible upgrades for simulator document.