Professional Documents
Culture Documents
733-XXXX Rev. A
Contents
Web: http://www.netscout.com
Use of this product is subject to the End User License Agreement available at http://www.NetScout.com/legal/terms-and-
conditions or which accompanies the product at the time of shipment or, if applicable, the legal agreement executed by and
between NETSCOUT Systems, Inc. or one of its wholly-owned subsidiaries ("NETSCOUT") and the purchaser of this product
("Agreement").
Government Use and Notice of Restricted Rights: In U.S. government ("Government") contracts or subcontracts, Customer
will provide that the Products and Documentation, including any technical data (collectively "Materials"), sold or delivered
pursuant to this Agreement for Government use are commercial as defined in Federal Acquisition Regulation ("FAR") 2.101
and any supplement and further are provided with RESTRICTED RIGHTS. All Materials were fully developed at private expense.
Use, duplication, release, modification, transfer, or disclosure ("Use") of the Materials is restricted by the terms of this
Agreement and further restricted in accordance with FAR 52.227-14 for civilian Government agency purposes and 252.227-
7015 of the Defense Federal Acquisition Regulations Supplement ("DFARS") for military Government agency purposes, or the
similar acquisition regulations of other applicable Government organizations, as applicable and amended. The Use of Materials
is restricted by the terms of this Agreement, and, in accordance with DFARS Section 227.7202 and FAR Section 12.212, is
further restricted in accordance with the terms of NETSCOUT'S commercial End User License Agreement. All other Use is
prohibited, except as described herein.
This Product may contain third-party technology. NETSCOUT may license such third-party technology and documentation
("Third- Party Materials") for use with the Product only. In the event the Product contains Third-Party Materials, or in the event
you have the option to use the Product in conjunction with Third-Party Materials (as identified by NETSCOUT in the
Documentation provided with this Product), then such Third-Party Materials are provided or accessible subject to the applicable
third-party terms and conditions contained in the "Read Me" or "About" file located in the Software, on an Application CD
provided with this Product, in an appendix located in the documentation provided with this Product, or in a standalone
document where you access other on-line Product documentation. To the extent the Product includes Third-Party Materials
licensed to NETSCOUT by third parties, those third parties are third-party beneficiaries of, and may enforce, the applicable
provisions of such third-party terms and conditions.
Open-Source Software Acknowledgment: This product may incorporate open source components that are governed by the
GNU General Public License ("GPL") or licenses similar to the GPL license ("GPL Compatible License"). In accordance with the
terms of the GPL Compatible Licenses, NETSCOUT will make available a complete, machine-readable copy of the source code
components covered by the GPL Compatible License, if any, upon receipt of a written request. Please identify the NETSCOUT
product and open source component, and send a request to:
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to part 15 of
the FCC rules. These limits are designed to provide reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential area is likely to cause harmful interference, in which case
users will be required to correct the interference at their own expense.
Modifications to this product not authorized by NETSCOUT could void the FCC approval and terminate your authority to
operate the product. Please also see NETSCOUT's Compliance and Safety Warnings for NetScout Hardware Products
document, which can be found in the documents accompanying the equipment, or in the event such document is not
included with the product, please see the compliance and safety warning section of the user guides and installation
manuals.
i
No portion of this document may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or
machine form without prior consent in writing from NETSCOUT. The information in this document is subject to change without
notice and does not represent a commitment on the part of NETSCOUT.
The products and specifications, configurations, and other technical information regarding the products described or referenced
in this document are subject to change without notice and NETSCOUT reserves the right, at its sole discretion, to make changes
at any time in its technical information, specifications, service, and support programs. All statements, technical information,
and recommendations contained in this document are believed to be accurate and reliable but are presented "as is" without
warranty of any kind, express or implied. You must take full responsibility for their application of any products specified in this
document. NETSCOUT makes no implied warranties of merchantability or fitness for a purpose as a result of this document or
the information described or referenced within, and all other warranties, express or implied, are excluded.
Except where otherwise indicated, the information contained in this document represents the planned capabilities and intended
functionality offered by the product and version number identified on the front of this document. Screen images depicted in
this document are representative and intended to serve as example images only.
Telephone: US Toll Free: +1-888-357-7667; International Toll Free: +800 4764 3337.
Phone support hours are 8 a.m. to 8 p.m. Eastern Standard Time (EST).
When you contact Customer Support, the following information can be helpful in diagnosing and solving problems:
— Your organization’s name, contact name, phone number, and location of system
— Type of nGenius 3900 series switch model
— SpectraSecure serial number
— SpectraSecure Software version
— Detailed description of the problem, or source of the problem based on its symptoms
— Error text messages, supporting screen images, logs, and error files, as appropriate
Sales
Call 800-357-7666 for the sales office nearest your location.
ii
iii
Chapter 1 About This Document
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Contacting NETSCOUT Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
NETSCOUT Web Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
1
2
Chapter 1
About This Document
This document describes the system software and graphical user interface of the NETSCOUT SYSTEMS,
INC. (NETSCOUT®) SpectraSecure Software.
IMPORTANT
Please read and understand the SpectraSecure Software User Guide
(this document) before operating the software.
Related Documentation
For information related to this publication, refer to the following:
• SpectraSecure Administrator Guide
This document provides information on how to install, upgrade, and configure the SpectraSecure
software.
For product warranty information, go to my.netscout.com.
This chapter describes how to log on to the SpectraSecure console, configure an attack, and analyze the
attack test results.
• Logging in to the SpectraSecure Console
• Configuring and Starting a DDoS Attack
• Configuring and Starting a DDoS Batch or an Automation Attack
• Re-Running a DDos Attack
• Analyzing DDos Attack Test Results
• Uploading Custom IP-Tables to SpectraSecure Endpoint
• Standard Tests
• Report Generation
3 Click Login.
2 Configure the settings for the test, as described in the following table.
Parameter Description
EndPoint Select the desired EndPoint from the list. The Ports parameter will
auto-populate based on this selection.
Ports Select the desired Ports from the list. Ports already in use will not be available
for selection.
Attack Suite Select an EndPoint specific automation or a batch profile from the list.
Note: When using an attack suite all configuration details are pre-configured per EndPoint
for the selected profile. All remaining configuration controls are disabled.
Source IP Address and Enter the IP address(es) and Port number of the simulated network elements.
Port
Destination IP address Enter the IP address and Port number of the network element you are testing.
and Port Note: The Port number should match the specific protocol and service being tested.
Examples: port 80 for HTTP, port 53 for DNS, and port 5060 for SIP.
Next Hop Mac MAC address of the next hop, if known. When the specified destination will not
be ARP-ed.
Test Duration Select the desired test duration from the list. The durations range from 5
minutes to 1 hour or Continuous.
Test Bandwidth Select the desired bandwidth from the list. The bandwidths range from 1 Mbps
to 10 Gbps.
NUMA Node Enter the starting NUMA node and relative core to execute the test.
Note: Under normal circumstances, you will allow the test to run through to completion (based on the Test
Duration that you selected), but you can stop the test at any time by clicking Stop Test under the Manage
column in the Active Attacks window.
Parameter Description
Attack Suite Select the desired Automation or Batch suite from the list for the selected
EndPoint.
Note: When using an attack suite all configuration details are pre-configured per EndPoint
for the selected profile. All remaining configuration controls are disabled.
Note: Tests and batch's that are part of a batch or an automation cannot be stopped independently. Stopping
a batch or an automation will effect the test as a collection and will stop all related tests and batch's
Note: Tests and batch's that are part of a batch or an automation cannot be removed independently.
Removing a batch or an automation will remove all of the related tests, batch's and all related statistics
collected
When you start a test, SpectraSecure starts transmitting packets to the test’s destination IP address and
port number. You can analyze the test progress and results from the traffic origination and termination
sides (SpectraSecure displays transmit and receive statistics throughout the duration of the test).
Statistic Description
Bandwidth The total instantaneous transmit and receive bandwidth across all test ports.
Packets Per Second The total instantaneous number of transmitted and received packets per
second across all test ports.
Throughput The instantaneous percentage of the actual test bandwidth being generated.
3 Click on 'Select File' from right pane. Browse to file on the controller.
4 Select 'Upload'
5 Successfully uploaded IP tables shall be available as a selectable source address in the 'DDoS'
tab.
Standard tests can be easily adapted to SUT specific address-ranges by either re-defining them in the
standard test suite file or through the UI.
The test suite defines two types of tests:
Attack Flood UDP 64 Bytes UDP 64-byte Packets with set payload
• Throughput tests: These tests measure the ability of the SUT defenses to classify and permit
good traffic. The criteria tests for dropped packets over the set threshold of 1% of the transmitted
traffic.
Throughput Test UDP 570 UDP 570-byte Packets with set payload
Bytes
Traffic Mix Throughput Batch Traffic mix of valid UDP, TCP and ICMP packets
In addition to the StandardTestSuite file, users can define their own custom test suite file for customizing
batch and automation tests.
Custom tests can be enabled by specifying 'CustomTestSuite' in the S3Config.txt. Endpoint reads both
Standard and Custom test suite file at the boot up and makes them available in the UI.
Note: The custom test suite should not re-define test/batch and automation profiles used in the Standard
test-suite file.
Report Viewer displays the generated report as PDF document along with the associated file name on the
server in the left panel.
Selecting the 'Generate Report' toolbar button without selecting any tests, defaults to retrieving and
enumerating available reports at the server, as shown below.
Reports can be removed from the server by selecting 'Delete Selected Reports' toolbar button in the
Report Viewer dialog. Currently displayed report can be downloaded and saved as a PDF document locally
by selecting the download toolbar button.
PCAP Import
SpectraSecure allows importing PCAP trace to craft new attack vector.
The following guidelines apply to the pcap-trace to be imported:
• Currently only PCAP file are supported. PCAPNG is not supported.
• Supported Data Link Types. Only these:
– 1: ETHERNET
– 113: LINUX COOKED
• Supported Ether Types:
– 0x0800: IPv4
– 0x86DD: IPv6
– 0x8100 VLAN
– 0x9100: VLAN QINQ
– 0x88A8: VLAN AD
• Supported IP Protocols: (For GRE, the 'encapsulated' ether type must be IPv4 or IPv6)
– 17: UDP
– 6: TCP
– 47: GRE (Generic Routing Encapsulation)
• PCAP trace should only contain the desired PDUs.
Workflow:
• Push the selected PCAP-trace to the selected endpoint.
Select Endpoint
To delete a previously added PCAP file and the imported data, select the required entry by clicking the
list button shown below, then 'Delete'.