How to Start Network Probe Attack Projects Using NS3

To simulate a Network Probe Attack using NS-3, we will require to execution of scenario in which an attacker transmits their probing packets we determine the active hosts, open ports, or network settings. This is frequently a precursor to larger attacks like as exploiting vulnerabilities.

Steps to Start Network Probe Attack Projects Using NS3

  1. Set Up NS-3
  • Install NS-3:

./waf configure

./waf build

  • Verify the installation with:

./waf –run hello-simulator

  1. Understand a Network Probe Attack
  • Definition: A network probe attack has contained the scanning networks or devices for vulnerabilities or information.
  • Common Probes:
    • ICMP Scan: Utilized their ICMP Echo Requests we determine their live hosts.
    • Port Scan: Transfer the packets we classify open ports.
    • Service Enumeration: The Probes for processing their services on open ports.
  1. Define the Network Topology
  • Build a simple network topology through many nodes, has including:
    • Attacker Node: Transfer the probing packets.
    • Victim Nodes: We legitimate traffic response their probing packets.
  • Sample Topology:

NodeContainer nodes;

nodes.Create(5);  // 1 attacker + 4 victim nodes

PointToPointHelper p2p;

p2p.SetDeviceAttribute(“DataRate”, StringValue(“10Mbps”));

p2p.SetChannelAttribute(“Delay”, StringValue(“2ms”));

NetDeviceContainer devices;

for (uint32_t i = 1; i < nodes.GetN(); ++i) {

devices.Add(p2p.Install(NodeContainer(nodes.Get(0), nodes.Get(i))));

}

  1. Install Network Protocols
  • Allocate IP addresses to all nodes.

InternetStackHelper stack;

stack.Install(nodes);

Ipv4AddressHelper address;

for (uint32_t i = 1; i < nodes.GetN(); ++i) {

std::ostringstream subnet;

subnet << “10.1.” << i << “.0”;

address.SetBase(subnet.str().c_str(), “255.255.255.0”);

address.Assign(devices.Get(i – 1));

}

  1. Simulate Normal Traffic
  • Enhance the legitimate traffic we replicate the general network activity.

UdpEchoServerHelper echoServer(9);

ApplicationContainer serverApps = echoServer.Install(nodes.Get(1));  // Victim node

serverApps.Start(Seconds(1.0));

serverApps.Stop(Seconds(10.0));

UdpEchoClientHelper echoClient(Ipv4Address(“10.1.1.1”), 9);

echoClient.SetAttribute(“MaxPackets”, UintegerValue(10));

echoClient.SetAttribute(“Interval”, TimeValue(Seconds(1.0)));

echoClient.SetAttribute(“PacketSize”, UintegerValue(1024));

ApplicationContainer clientApps = echoClient.Install(nodes.Get(2));  // Another victim node

clientApps.Start(Seconds(2.0));

clientApps.Stop(Seconds(10.0));

  1. Simulate the Network Probe Attack
  • ICMP Probing:
    • The attacker disrupts the ICMP Echo Requests we all victim nodes.

void ProbeNetwork(Ptr<Node> attacker, const std::vector<Ipv4Address>& targets) {

Ptr<Socket> socket = Socket::CreateSocket(attacker, TypeId::LookupByName(“ns3::Ipv4RawSocketFactory”));

for (const auto& target : targets) {

Simulator::Schedule(Seconds(5.0), [=]() {

IcmpHeader icmpHeader;

icmpHeader.SetType(IcmpHeader::ECHO);

Ptr<Packet> packet = Create<Packet>(1024); // Payload size

packet->AddHeader(icmpHeader);

socket->SendTo(packet, 0, InetSocketAddress(target, 0));

});

}

}

  • Port Scanning:
    • We transfer the various ports of TCP SYN packets.

void ScanPorts(Ptr<Node> attacker, Ipv4Address target, uint16_t startPort, uint16_t endPort) {

Ptr<Socket> socket = Socket::CreateSocket(attacker, TypeId::LookupByName(“ns3::TcpSocketFactory”));

for (uint16_t port = startPort; port <= endPort; ++port) {

Simulator::Schedule(Seconds(5.0), [=]() {

InetSocketAddress remote = InetSocketAddress(target, port);

socket->Connect(remote);

socket->Close();

});

}

}

  • Schedule the Attack:

std::vector<Ipv4Address> victimAddresses;

for (uint32_t i = 1; i < nodes.GetN(); ++i) {

victimAddresses.push_back(nodes.Get(i)->GetObject<Ipv4>()->GetAddress(1, 0));

}

ProbeNetwork(nodes.Get(0), victimAddresses);  // ICMP probe

ScanPorts(nodes.Get(0), victimAddresses[0], 1, 100);  // Port scan on one victim

  1. Enable Packet Capturing
  • Ensuring the PCAP tracing we examine their congestion.

PointToPointHelper p2p;

p2p.EnablePcapAll(“network-probe”);

  1. Run the Simulation
  • We Build and execute the simulation:

./waf –run network-probe

  • .pcap files will be generated for each network device.
  1. Analyse with Wireshark
  • Open the .pcap file in Wireshark:

wireshark network-probe-0-0.pcap

  • Used this Wireshark filters we classify the probing activity:
    • ICMP Probing: icmp.type == 8
    • TCP SYN Scan: tcp.flags.syn == 1 && tcp.flags.ack == 0
  1. Optional: Implement Detection Mechanisms
  • Replicate the defences we distinguish the probing activity:
    • Threshold-based Detection: Flag nodes distribution excessive ICMP or SYN packets.
    • Rate Limiting: Finding the number of ICMP or SYN packets per second.
  • Sample:

void MonitorTraffic(Ptr<const Packet> packet, const Address& srcAddr) {

Ipv4Header ipv4Header;

packet->PeekHeader(ipv4Header);

if (ipv4Header.GetProtocol() == Ipv4Header::PROTO_ICMP) {

NS_LOG_UNCOND(“ICMP packet from ” << ipv4Header.GetSource());

}

if (ipv4Header.GetProtocol() == Ipv4Header::PROTO_TCP) {

NS_LOG_UNCOND(“TCP packet from ” << ipv4Header.GetSource());

}

}

  1. Output Metrics
  • Examine the attack’s success and its effect:
    • Discovered the number of live hosts.
    • Identify the number of open ports.
    • Response times for ICMP or SYN packets.
  • Utilizing FlowMonitor for detailed traffic analysis:

FlowMonitorHelper flowmon;

Ptr<FlowMonitor> monitor = flowmon.InstallAll();

By following these steps, you can simulate a network probe attack in NS-3, capture the traffic using Wireshark, and optionally implement detection mechanisms. Let me know if you need further assistance with any specific aspect of the simulation!

To simulate the network probe attack in the NS3 environment and also we provide how to attach the enhance features to the simulation. If you have any queries about this approach, we will guide you.

Ensure your tasks are completed promptly and with exceptional quality by our dedicated researchers. We handle active hosts, open ports, and network configurations with expertise. It’s crucial to provide all pertinent project information to phdprojects.org. We guarantee top-notch services for Network Probe Attack projects and simulations.