1ISIC(1) User Manuals ISIC(1)
2
6 ISIC - IP Stack Integrity Checker
7
9 esic -i <interface> [...]
10 isic -s <source ip> -d <destination ip> [...]
11 tcpsic -s <source ip>[,port] -d <destination ip>[,port] [...]
12 udpsic -s <source ip>[,port] -d <destination ip>[,port] [...]
13 icmpsic -s <source ip> -d <destination ip> [...]
14 multisic -s <source ip>[,port] -d <destination ip>[,port] -i <inter‐
15 face> [...]
16 isic6 -s <source ip> -d <destination ip> [...]
17 tcpsic6 -s <source ip>[,port] -d <destination ip>[,port] [...]
18 udpsic6 -s <source ip>[,port] -d <destination ip>[,port] [...]
19 imcpsic6 -s <source ip> -d <destination ip> [...]
20
22 ISIC is a suite of utilities to exercise the stability of an IP Stack
23 and its component stacks (TCP, UDP, ICMP et. al.) It generates piles of
24 pseudo random packets of the target protocol. The packets are given
25 tendancies to conform to. For example 50% of the packets generated can
26 have IP Options, and 25% of the packets can be IP fragments... But the
27 percentages are arbitrary and most of the packet fields have a config‐
28 urable tendancy.
29 The packets are then sent against the target machine to either pene‐
31 trate its firewall rules or find bugs in the IP stack. ISIC also con‐
32 tains an utility (esic) that generates raw Ethernet frames to examine
33 hardware implementations, and the "multisic" tool to check multicast
34 code integrity.
35 Starting from version 0.07, ISIC includes utilities (*sic6) to test
37 IPv6 protocol stack. These would of course need IPv6 enabled in the
38 system as a prerequisite.
39
41 -c <# of packets>
42 For esic only, number of packets to send. It is equivlent to -p
43 option used by other utilities. The default is 2^32.
44 -d <destination MAC/IP>
46 Optional for esic, required for all others. For esic, this spec‐
47 ifies destination MAC address, and the default will be broadcast
48 address ff:ff:ff:ff:ff:ff. For all others, this specifies des‐
49 tination IP address. Use "-d rand" to send packets to random
50 destination MAC/IP address. For multisic, "-d rand" will make
51 destination IP address picked from the list [224, 225, 232, 233,
52 234, 235, 236, 237, 238, 239] randomly.
53 -i <interface>
55 Required by esic and multisic. This specifies the interface for
56 outgoing packets.
57 -k <num>
59 This specifies the number of skipped packets. This option is
60 useful for identifying the exact packet(s) causing the problem.
61 Default is 0.
62 -l <length>
64 For esic only, the maximum length of packet generated. Default
65 is maximum ethernet frame size 1500. Length greater than
66 default value will be rejected.
67 -m <num>
69 For esic, this is the number of packets between printout,
70 default to 1000. For all others, this specifies the maximum
71 speed of traffic generation, unit is kB/s
72 -p <num>
74 For esic, this specifies upper layer protocol number in the eth‐
75 ernet header, and default to type IP 0x0800. For all others
76 this is the number of packets to send, default is 2^32. Note
77 esic uses -c instead for this purpose.
78 -r <random seed>
80 Specify the random seed, default to current process id.
81 -s <source MAC/IP>
83 Optional for esic, required for all others. For esic, this spec‐
84 ifies source MAC address, and the default will be the MAC
85 address of given interface. For all others, this specifies
86 source IP address. Use "-s rand" to set source MAC/IP address to
87 random value.
88 -x <num>
90 Available to all but esic. Send each packet <num> times, the
91 default value is 1.
92 -v Print out the current version of ISIC test suite.
94 -z <source MAC>
96 Optional for multisic. This specifies source MAC address for
97 outgoing multicast packets, and the default will be the MAC
98 address of given interface. Use "-z rand" to set source MAC
99 address to random value.
100 -D Available to all but esic, this turns on the debugging printout.
102 Caution: the program will print out information of every gener‐
103 ated packet, the entire output will be huge.
104
107 These options are defined to all but esic. All percentage options have
108 default value of 10.
109 -i Available for icmpsic and icmpsic6 only, the percentage of ICMP
111 packets with bad ICMP checksum.
112 -t Available for tcpsic and tcpsic6 only, the percentage of TCP
114 packets with bad TCP checksum.
115 -u Available for tcpsic and tcpsic6 only, the percentage of TCP
117 packets with urgent flag set.
118 -F The percentage of fragmented packets. Note for *sic6, this is
120 the percentage of IPv6 packets with random fragment extension
121 header.
122 -I
124 For *sic6, this is the percentage of IPv6 packets with random
125 destination option header. For isic, this specifies the percent‐
126 age of packets with random IP header length. For tcpsic, udpsic
127 and icmpsic, this is the percentage of packets with random IP
128 option.
129 -T Available for tcpsic and tcpsic6 only, the percentage of TCP
131 options in the TCP header.
132 -U Available for udpsic and udpsic6 only, the percentage of UDP
134 packets with bad UDP checksum.
135 -V Avialable for isic, tcpsic, udpsic, icmpsic and isic6, this is
137 the percentage of packets with bad IP version value in the
138 header.
139
142 esic -i eth0 -s 01:02:34:56:07:89 -p rand -m 5000
143 This will generate ethernet frames with random protocol number
145 in the ethernet header, and send out through eth0 interface. In
146 the frames, the source MAC address is fixed 01:02:34:56:07:89,
147 destination will be the default broadcast MAC address. There
148 will be a printout line for every 5000 frames.
149 isic -s rand -d 10.11.12.13 -F 50 -p 100 -k 20 -r 10
151 This asks isic to generate 100 IP packets with randsom source
153 address and fixed destination address 10.11.12.13. The random
154 seed is set to 10. half of packets will be fragments. When
155 sending out, first 20 packets will be skipped, isic will start
156 from the 21st packet.
157 tcpsic -s 1.2.3.4,69 -d 21.22.23.24 -x 2 -m 1000 -T 30 -t 50
159 This advises tcpsic to generate TCP packets with source address
161 1.2.3,4 and source TCP port 69, and destination address
162 21.22.23.24 and random destination TCP port. Each packet will be
163 sent out twice, and the overall maximum speed is 1000kB/s. Of
164 all the TCP packets generated, 30% of packets will have random
165 TCP options, and 50% will have bad TCP checksum.
166 multisic -s rand -d 224.0.0.5 -i eth2 -p 50000 -F 50 -z
168 ff:ff:ff:ff:ff:ff
169 This lets multisic to send 50000 UDP packets to multicast
171 address 224.0.0.5 with random source address and source/destina‐
172 tion UDP ports. The egress interface is forced to be eth2. 50%
173 of outgoing packets will have fragments. And the source MAC
174 address is set to ff:ff:ff:ff:ff:ff.
175 udpsic6 -s rand -d 2001:1:2:3:4::2,161 -p 1000000 -I 90 -U 20
177 This lets udpsic6 to send 1 million IPv6 UDP packets with random
179 source address and source UDP port, to destination address
180 2001:1:2:3:4::2 and UDP port 161 (SNMP port). 90% of outgoing
181 packets will have random IPv6 destination option header, and 20%
182 of total packets will include incorrect UDP checksum.
183
187 Shu Xiao <sxiao@cisco.com>
188
190 Libnet (http://www.packetfactory.net/projects/libnet)
191 ISIC online (http://www.packetfactory.net/projects/ISIC) or
192 (http://isic.sourceforge.net)
193 ip6sic (http://ip6sic.sourceforge.net)
194v0.07 JANUARY 2007 ISIC(1)