How to Implement Ping Sweep Attack in NS2
To implement the ping sweep attack in ns2 has series of steps to follow. These attacks are generally a network exploration strategy in which an attacker delivers ICMP Echo Requests (ping request) to several IP addresses to specify which hosts are alive on a network. It can be replicated in ns2 by setting up the nodes to send ICMP Echo Requests to numerous other nodes in the network and storing which nodes reacts with ICMP Echo Answers.
In NS2, set up nodes that deliver ICMP packets to several target nodes to simulate a ping sweep attack and record the responses. Even though NS2 doesn’t directly execute the ICMP protocol, you can simulate it using UDP agents or build a custom simulation script to imitate ping activities.
Follow the provided steps to establish this attack using ns2:
- Steps to Implement Ping Sweep Attack in NS2:
- Create the network topology: Design nodes as well as the attacker (the node performing the ping sweep) and several target nodes.
- Simulate the ping sweep attack: The attacker node sends ICMP-like requests (using UDP in NS2) to multiple nodes, and the target nodes react with ICMP-like replies.
- Capture and log responses: Track which nodes replied to the ping requests to replicate the network reconnaissance.
Example TCL Script for Simulating Ping Sweep Attack in NS2
This example develop one attacker node (n0) that sends ICMP-like ping requests to several target nodes (n1, n2, n3).
TCL Script for NS2 (Ping Sweep Simulation)
# Create a new simulator instance
set ns [new Simulator]
# Open trace and nam files
set tracefile [open “ping_sweep_trace.tr” w]
$ns trace-all $tracefile
set namfile [open “ping_sweep.nam” w]
$ns namtrace-all-wireless $namfile
# Define the attacker and target nodes
set attacker [$ns node] ;# Attacker node performing ping sweep
set target1 [$ns node] ;# Target node 1
set target2 [$ns node] ;# Target node 2
set target3 [$ns node] ;# Target node 3
# Create UDP agents for ping-like traffic
set udp_attacker [new Agent/UDP]
set null_target1 [new Agent/Null]
set null_target2 [new Agent/Null]
set null_target3 [new Agent/Null]
# Attach agents to nodes
$ns attach-agent $attacker $udp_attacker
$ns attach-agent $target1 $null_target1
$ns attach-agent $target2 $null_target2
$ns attach-agent $target3 $null_target3
# Function to simulate a ping request (ICMP Echo Request) and response (ICMP Echo Reply)
proc send_ping_request { attacker target } {
global ns
# Create a CBR application for ping request
set cbr_ping [new Application/Traffic/CBR]
$cbr_ping set packetSize_ 64 ;# Simulate ICMP packet size (64 bytes)
$cbr_ping set rate_ 1Kb ;# Low rate for ping requests
$cbr_ping attach-agent $attacker
# Connect the attacker to the target
$ns connect $attacker $target
# Send the ping request and schedule responses
$ns at 1.0 “$cbr_ping start”
$ns at 2.0 “$cbr_ping stop”
$ns at 2.1 “log_ping_response $target”
}
# Function to log ping responses (simulate ICMP Echo Reply)
proc log_ping_response { target } {
global ns
# Check if the target node is responding
puts “Ping response received from target $target”
}
# Send ping requests to all targets in the ping sweep
$ns at 1.0 “send_ping_request $udp_attacker $null_target1”
$ns at 1.5 “send_ping_request $udp_attacker $null_target2”
$ns at 2.0 “send_ping_request $udp_attacker $null_target3”
# Define finish procedure
proc finish {} {
global ns tracefile namfile
$ns flush-trace
close $tracefile
close $namfile
exec nam ping_sweep.nam &
exit 0
}
# End the simulation at 3.0 seconds
$ns at 3.0 “finish”
# Run the simulation
$ns run
Explanation of the Script:
- Network Setup:
- The attacker node (attacker) sends ICMP-like requests to three target nodes (target1, target2, target3).
- Use the UDP agents to replicate ICMP traffic since NS2 doesn’t natively support ICMP. A CBR (Constant Bit Rate) traffic generator is used to simulate the sending of ICMP Echo Requests.
- Ping Simulation:
- The send_ping_request function simulates the sending of an ICMP Echo Request to a target node by using a UDP connection.
- After the request is sent, the log_ping_response function logs the response to simulate an ICMP Echo Reply.
- The attacker node sequentially sends ping requests to the target nodes at various times (1.0s, 1.5s, and 2.0s).
- Trace Files and Visualization:
- The trace file (ping_sweep_trace.tr) logs the traffic events, and NAM visualizes the network and the ping sweep attack.
- Customizing the Ping Sweep Attack
You can expand and tailor the ping sweep simulation in NS2 in numerous ways:
- a) Increase the Number of Targets:
You can include more target nodes to replicate a larger network being scanned by the ping sweep attack. Simply state more nodes and include more calls to send_ping_request.
set target4 [$ns node]
$ns at 2.5 “send_ping_request $udp_attacker $null_target4”
- b) Simulate Different Response Behavior:
You can simulate various target activities by including logic to decide whether or not a target node reacts to the ping request (for instance: for targets that are down or unreachable).
proc log_ping_response { target response_enabled } {
if { $response_enabled } {
puts “Ping response received from target $target”
} else {
puts “Target $target did not respond (host unreachable)”
}
}
- c) Measure Response Time:
You can store the round-trip time (RTT) of each ping request to compute the response times, simulating the usual activities of a ping command.
proc measure_rtt { start_time end_time } {
set rtt [expr $end_time – $start_time]
puts “Round-trip time (RTT): $rtt seconds”
}
- Analyzing Ping Sweep Attack
You can assess the trace file to aggregate information about which nodes reacted to the ping requests. Here’s how you can operate analysis:
- Packet capture: Define which nodes responded by using the trace file (ping_sweep_trace.tr).
- Network visualization: Visualize the ping sweep and the reacts from target nodes by opening the NAM file (ping_sweep.nam).
- Advanced Features (Optional)
- a) Stealth Ping Sweep (Slow Scan):
You can slow down the rate at which ping requests are sent, decreasing the chance of detection by network security systems by simulating a stealthier ping sweep.
$cbr_ping set rate_ 500b ;# Very low rate for stealth ping
$ns at 10.0 “send_ping_request $udp_attacker $null_target1” ;# Delay the pings
- b) Logging Packet Loss:
Compare the amount of request deliver with the number of response received to accomplish the logic to track packet loss.
- c) Simulating Firewall Blocking:
You can include firewall logic to particular target nodes that block ICMP-like ping requests, replicating a network with firewalls in place.
proc log_ping_response { target response_enabled } {
if { $response_enabled == 0 } {
puts “Ping request to $target blocked by firewall”
}
}
We have presented the detailed demonstration on how to implement the Ping Sweep Attack using ns2 simulation tool through this manual. Also, you can customize, analyze and attach advanced mechanisms into the simulation network. You can refer the sample snippets, if needed.
Discover engaging project ideas from our researchers. Receive customized support for implementing Ping Sweep Attack in NS2. We provide detailed comparison analysis for your projects; just send us your project information for further assistance. We specialize in setting up NS2 nodes and can handle the ICMP protocol for you.