How-to generate traffic in your network for just one Raspberry Pi

We had a problem how-to  generate real life network traffic for our network, so that our sensor will react? One solution can be punch of virtual machines, but we needed WiFi and I did not want to invest adapters. Then Raspberry Pi 3 comes out. I get idea, what if we use RPi3 for our traffic generator?

MAC-address list example.

URL-category example.

Ok, how all this is done? Quite simple actually. We need one Raspberry Pi3 (or model B /w WiFi dongle). I assume that your RPi is installed /w basic image, so I don’t give instructions for that.

First install wget and macchanger (apt-get install wget, macchanger).

Second download majestic and modify (or OpenDNS) top one million websites.

1. # wget http://downloads.majestic.com/majestic_million.csv
2. (Linux)# sed -i ‘1d’ majestic_million.txt (mac)# sed -i.bak ‘1d’ majestic_million.txt

3. # awk -F ‘,’ {‘print $3’} majestic_million.csv > majestic_million.txt

Third create file called mac-host.txt and add MAC-address and hostname information for it.

# MAC-address Vendor
# 00CDFE Apple Inc.
# 38F23E Microsoft Mobile Oy
# 3C5AB4 Google Inc.
# 18AF61 Apple Inc.
# 001175 Intel Corporate
# E4F89C Intel Corporate
# 24DBAC HUAWEI TECHNOLOGIES CO. LTD
# 745F00 Samsung Semiconductor Inc.
# 0023C2 SAMSUNG Electronics. Co. LTD
# 00E003 NOKIA WIRELESS BUSINESS COMMUN
# 006094 IBM Corp
# 00A027 FIREPOWER SYSTEMS, INC.
# 000903 Panasas, Inc
# 000EC0 Nortel Networks
# 0080C7 XIRCOM
# CC78AB Texas Instruments
# 84C7EA Sony Mobile Communications AB
# 90842B LEGO System A/S
# A8A795 Hon Hai Precision Ind. Co.,Ltd.
# D067E5 Dell Inc.
# B02628 Broadcom Limited
00:cd:fe:aa:bb:cc FakeClient1
38:f2:3e:aa:bb:cc FakeClient2
3c:5a:b4:aa:bb:cc FakeClient3
18:af:61:aa:bb:cc FakeClient4
00:11:75:bb:cc:aa FakeClient5
e4:f8:9c:bb:cc:aa FakeClient6
24:db:ac:bb:cc:aa FakeClient7
74:5f:00:bb:cc:aa FakeClient8
00:23:c2:cc:bb:aa FakeClient9
00:e0:03:cc:bb:aa FakeClient10
00:60:94:cc:bb:aa FakeClient11
00:a0:27:cc:bb:aa FakeClient12
00:09:03:ff:dd:aa FakeClient13
00:0e:c0:fa:da:ca FakeClient14
00:80:c7:fa:dd:cc FakeClient15
cc:78:ab:aa:aa:ba FakeClient16
84:c7:ea:ab:ba:cc FakeClient17
90:84:2b:ca:ca:aa FakeClient18
a8:a7:95:0c:ec:c1 FakeClient19
d0:67:e5:00:01:02 FakeClient20
b0:26:28:23:21:23 FakeClient21

After this you can create script generate_web.sh which randomly creates new entry in your firewall/wlan-ap/switch etc device.

#!/bin/bash
# Shell script that randomly draws user-agent, web-site and mac-address
# after that it will make wget for that site.
# Sorry folks, if you looks your logs and see Amiga user-agent :)
#
# Under GPL. Ville Leinonen/2017/09/19
#
while [ : ]
do
   URL="$(shuf -n 1 majestic_million.txt)"
   UA="$(shuf -n 1 user-agents.txt)"
   SP="$(shuf -i 120-900 -n 1)"

   wget --user-agent="$UA" -O /dev/null $URL > /dev/null 2>&1
   sleep 2
   wget --user-agent="$UA" -O /dev/null www.internetbadguys.com > /dev/null 2>&1
   sleep $SP

   MAC=$(cat mac-host.txt | grep -v '#' | awk -F ' ' '{ print $1 }' | shuf -n 1)
   HOST=$(grep -i $MAC mac-host.txt | awk -F ' ' '{ print $2 }')

   macchanger -m $MAC wlan0
   hostname $HOST
   echo $HOST
   ifdown wlan0
   ifup wlan0
   service dhcpcd restart
done

Script makes new connection somewhere between 120 and 900 second. Site called www.internetbadguys.com is used by testing OpenDNS.

There is still missing for part that get bad files for AMP analysis, but I have ideas for that too. Maybe I will tell it later.

I suggest that you run this script inside screen or make it daemon.

File user-agents.txt can be like this:

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/7.0)
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Mozilla/5.0 (iPhone; CPU iPhone OS 8_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12D508 Safari/600.1.4
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) CriOS/44.0.2403.67 Mobile/12H321 Safari/600.1.4
Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0E; .NET4.0C)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
Amiga-AWeb/3.4.167SE
Amiga-AWeb/3.5.07 beta
AmigaVoyager/3.4.4 (MorphOS/PPC native)
AmigaVoyager/2.95 (compatible; MC680x0; AmigaOS)
AmigaVoyager/3.2 (AmigaOS/MC680x0)
Links (0.98; Win32; 80×25)
Links (2.1; Linux 2.6.18-gentoo-r6 x86_64; 80×24)
Links (0.96; Linux 2.4.20-18.7 i586)
Links (2.1pre18; Linux 2.4.31 i686; 100×37)
Links (2.2; Linux 2.6.25-gentoo-r9 sparc64; 166×52)
Links (2.3pre1; Linux 2.6.35-22-generic i686; 177×51)
Links (2.8; CYGWIN_NT-6.2-WOW64 1.7.25(0.270/5/3) i686; GNU C 4.7.3; windows)