Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ISIC(1)				 User Manuals			       ISIC(1)

NAME
       ISIC - IP Stack Integrity Checker

SYNOPSIS
       esic -i _interface_ [...]
       isic -s _source ip_ -d _destination ip_ [...]
       tcpsic -s _source ip_[,port] -d _destination ip_[,port] [...]
       udpsic -s _source ip_[,port] -d _destination ip_[,port] [...]
       icmpsic -s _source ip_ -d _destination ip_ [...]
       multisic	 -s  _source  ip_[,port] -d _destination ip_[,port] -i _inter-
       face_ [...]
       isic6 -s	_source	ip_ -d _destination ip_	[...]
       tcpsic6 -s _source ip_[,port] -d	_destination ip_[,port]	[...]
       udpsic6 -s _source ip_[,port] -d	_destination ip_[,port]	[...]
       imcpsic6	-s _source ip_ -d _destination ip_ [...]

DESCRIPTION
       ISIC is a suite of utilities to exercise	the stability of an  IP	 Stack
       and its component stacks	(TCP, UDP, ICMP	et. al.) It generates piles of
       pseudo random packets of	the target protocol.  The  packets  are	 given
       tendancies  to conform to. For example 50% of the packets generated can
       have IP Options,	and 25%	of the packets can be IP fragments... But  the
       percentages  are	arbitrary and most of the packet fields	have a config-
       urable tendancy.

       The packets are then sent against the target machine  to	 either	 pene-
       trate  its  firewall rules or find bugs in the IP stack.	ISIC also con-
       tains an	utility	(esic) that generates raw Ethernet frames  to  examine
       hardware	 implementations,  and	the "multisic" tool to check multicast
       code integrity.

       Starting	from version 0.07, ISIC	includes  utilities  (*sic6)  to  test
       IPv6  protocol  stack.  These  would of course need IPv6	enabled	in the
       system as a prerequisite.

GENERAL	OPTIONS
       -c <# of	packets>
	      For esic only, number of packets to send.	It is equivlent	to  -p
	      option used by other utilities. The default is 2^32.

       -d <destination MAC/IP>
	      Optional for esic, required for all others. For esic, this spec-
	      ifies destination	MAC address, and the default will be broadcast
	      address  ff:ff:ff:ff:ff:ff.  For all others, this	specifies des-
	      tination IP address. Use "-d rand" to  send  packets  to	random
	      destination  MAC/IP  address.  For multisic, "-d rand" will make
	      destination IP address picked from the list [224,	225, 232, 233,
	      234, 235,	236, 237, 238, 239] randomly.

       -i <interface>
	      Required	by esic	and multisic. This specifies the interface for
	      outgoing packets.

       -k <num>
	      This specifies the number	of skipped  packets.  This  option  is
	      useful  for identifying the exact	packet(s) causing the problem.
	      Default is 0.

       -l <length>
	      For esic only, the maximum length	of packet  generated.  Default
	      is  maximum  ethernet  frame size	1500.  Length greater than de-
	      fault value will be rejected.

       -m <num>
	      For esic,	this is	the number of packets  between	printout,  de-
	      fault to 1000.  For all others, this specifies the maximum speed
	      of traffic generation, unit is kB/s

       -p <num>
	      For esic,	this specifies upper layer protocol number in the eth-
	      ernet  header,  and  default  to type IP 0x0800.	For all	others
	      this is the number of packets to send, default  is  2^32.	  Note
	      esic uses	-c instead for this purpose.

       -r <random seed>
	      Specify the random seed, default to current process id.

       -s <source MAC/IP>
	      Optional for esic, required for all others. For esic, this spec-
	      ifies source MAC address,	and the	default	will be	 the  MAC  ad-
	      dress of given interface.	 For all others, this specifies	source
	      IP address. Use "-s rand"	to set source MAC/IP address to	random
	      value.

       -x <num>
	      Available	to all but esic. Send each packet <num>	times, the de-
	      fault value is 1.

       -v     Print out	the current version of ISIC test suite.

       -z <source MAC>
	      Optional for multisic. This specifies  source  MAC  address  for
	      outgoing	multicast packets, and the default will	be the MAC ad-
	      dress of given interface.	Use "-z	rand" to set  source  MAC  ad-
	      dress to random value.

       -D     Available	to all but esic, this turns on the debugging printout.
	      Caution: the program will	print out information of every	gener-
	      ated packet, the entire output will be huge.

PERCENTAGE OPTIONS
       These  options are defined to all but esic. All percentage options have
       default value of	10.

       -i     Available	for icmpsic and	icmpsic6 only, the percentage of  ICMP
	      packets with bad ICMP checksum.

       -t     Available	 for  tcpsic  and  tcpsic6 only, the percentage	of TCP
	      packets with bad TCP checksum.

       -u     Available	for tcpsic and tcpsic6 only,  the  percentage  of  TCP
	      packets with urgent flag set.

       -F     The  percentage  of  fragmented packets. Note for	*sic6, this is
	      the percentage of	IPv6 packets with  random  fragment  extension
	      header.

       -I
	       For  *sic6,  this is the	percentage of IPv6 packets with	random
	      destination option header. For isic, this	specifies the percent-
	      age  of packets with random IP header length. For	tcpsic,	udpsic
	      and icmpsic, this	is the percentage of packets  with  random  IP
	      option.

       -T     Available	for tcpsic and tcpsic6 only, the percentage of TCP op-
	      tions in the TCP header.

       -U     Available	for udpsic and udpsic6 only,  the  percentage  of  UDP
	      packets with bad UDP checksum.

       -V     Avialable	 for  isic, tcpsic, udpsic, icmpsic and	isic6, this is
	      the percentage of	packets	with  bad  IP  version	value  in  the
	      header.

EXAMPLES
       esic -i eth0 -s 01:02:34:56:07:89 -p rand -m 5000

	      This  will  generate ethernet frames with	random protocol	number
	      in the ethernet header, and send out through eth0	interface.  In
	      the  frames,  the	source MAC address is fixed 01:02:34:56:07:89,
	      destination will be the default  broadcast  MAC  address.	 There
	      will be a	printout line for every	5000 frames.

       isic -s rand -d 10.11.12.13 -F 50 -p 100	-k 20 -r 10

	      This  asks  isic	to generate 100	IP packets with	randsom	source
	      address and fixed	destination address  10.11.12.13.  The	random
	      seed  is	set  to	 10.   half of packets will be fragments. When
	      sending out, first 20 packets will be skipped, isic  will	 start
	      from the 21st packet.

       tcpsic -s 1.2.3.4,69 -d 21.22.23.24 -x 2	-m 1000	-T 30 -t 50

	      This  advises tcpsic to generate TCP packets with	source address
	      1.2.3,4  and  source  TCP	 port  69,  and	 destination   address
	      21.22.23.24 and random destination TCP port. Each	packet will be
	      sent out twice, and the overall maximum speed  is	 1000kB/s.  Of
	      all  the	TCP packets generated, 30% of packets will have	random
	      TCP options, and 50% will	have bad TCP checksum.

       multisic	 -s  rand  -d  224.0.0.5  -i  eth2   -p	  50000	  -F   50   -z
       ff:ff:ff:ff:ff:ff

	      This  lets  multisic  to send 50000 UDP packets to multicast ad-
	      dress 224.0.0.5 with random source address  and  source/destina-
	      tion  UDP	 ports.	The egress interface is	forced to be eth2. 50%
	      of outgoing packets will have fragments. And the source MAC  ad-
	      dress is set to ff:ff:ff:ff:ff:ff.

       udpsic6 -s rand -d  2001:1:2:3:4::2,161 -p 1000000 -I 90	-U 20

	      This lets	udpsic6	to send	1 million IPv6 UDP packets with	random
	      source address and  source  UDP  port,  to  destination  address
	      2001:1:2:3:4::2  and  UDP	port 161 (SNMP port).  90% of outgoing
	      packets will have	random IPv6 destination	option header, and 20%
	      of total packets will include incorrect UDP checksum.

AUTHOR
       Shu Xiao	<sxiao@cisco.com>

SEE ALSO
       Libnet (http://www.packetfactory.net/projects/libnet)
       ISIC online (http://www.packetfactory.net/projects/ISIC)	or
		   (http://isic.sourceforge.net)
       ip6sic (http://ip6sic.sourceforge.net)

v0.07				 JANUARY 2007			       ISIC(1)

NAME | SYNOPSIS | DESCRIPTION | GENERAL OPTIONS | PERCENTAGE OPTIONS | EXAMPLES | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=isic&sektion=1&manpath=FreeBSD+13.1-RELEASE+and+Ports>

home | help