Simulating Different Network Protocols?

Is this possible within GNS3?

I am experimenting labbing different ACL scenarios and curious if there is a definitive way to simulate other protocols other than ICMP (ping).

I've tried some extended pings and where it asks for "type of service" I tried entering different protocol numbers but I don't believe this function may be what it is supposed to be used for.

Ideas?

Find more posts tagged with

Comments

EdTheLad

The "type of service" i.e. TOS field is the 8 bit qos field inside the ip header. Bits 0,1 and 2 represent IP precedence, 3-6 are Tos, bit 7 is always 0.
Then DSCP was defined as the 6 most significant bits 0 - 5, while remaining 2, 6 and 7 are used for ECN.
If you want to test specific ports you could telnet using a port number.

SecurityThroughObscurity

I only recommend Scapy - powerful packet crafting tool written on python.
But you need to connect gns3 to the real network.

johnwest43

I usally use telnet to test ACL's. for example telnet 10.1.1.1 80 , this will test if an ACL to permit or deny HTTP traffic is working as expected.

Danielh22185

johnwest43 wrote: »

I usally use telnet to test ACL's. for example telnet 10.1.1.1 80 , this will test if an ACL to permit or deny HTTP traffic is working as expected.

Nice! This is what I was looking for. For some reason this didn't pop into my head. Was up late and had a long shift at work. We actually do this at work on Citrix Load Balancers all the time to verify the client server connections are working via the pre-configured ports.

Thanks for the reminder!

Dieg0M

You can use IP SLA's to send any udp/tcp traffic from whatever port number you like. I use it to troubleshoot when I have little visibility within a DMZ that has very restrictive rules in place. I wrote an article on this if you want to take a look at my IP SLA section.

Danielh22185

Dieg0M wrote: »

You can use IP SLA's to send any udp/tcp traffic from whatever port number you like. I use it to troubleshoot when I have little visibility within a DMZ that has very restrictive rules in place. I wrote an article on this if you want to take a look at my IP SLA section.

Oh nice! That sounds like fun to play with! I am pretty familiar with the configuration parameters. This I actually troubleshoot a lot at work but more troubleshooting voice protocols / jitter across network paths. This could work though thanks for the idea!