In this post, we will outline how we reroute traffic meant for a specific IP back to a synthetic device running on localhost. This is useful for testers who work with products that monitor IT infrastructure, infrastructure management application testers and network testers. We will be using a couple of Python modules (fake-switches, snmpsim) and editing the iptables of the central monitoring server.
One of Qxf2’s favourite clients works in the IT Services Management and IT Automation space. They have a suite of world class IT management and monitoring tools. Some of their data collection happens over SNMP. Without revealing much, the product involves a central monitoring server that collects data from a variety of agents and devices that are either discovered or explicitly added using an IP.
2. Why use simulated devices?
We use a combination of real and synthetic devices when testing the product. The real devices are needed because (to paraphrase Conan Doyle) – life is infinitely stranger than anything which the mind of a QA could invent. We need simulated devices (generic devices/switches/routers) to test portions of the platform in a consistent and repeatable manner.
3. Scope of this blog post
In this post, we will make an already setup monitoring server to run 2 simulated devices.
a) All outgoing TCP connections from the monitoring server to the IP 126.96.36.199 will be routed to a fake switch on 127.0.0.1:8085
b) All outgoing UDP connections (SNMP uses UDP) from the monitoring server to the IP 188.8.131.52 will be routed to a simulated device on 127.0.0.1:8086
Note: There is nothing special about the IPs 184.108.40.206 and 220.127.116.11 being used here. You can substitute it with any IP you want.
We have chosen to use two Python modules – fake-switches and snmpsim – to simulate our devices. We chose these two modules because of their ease of getting setup and are sufficiently configurable for our purpose. Setup is literally a ‘pip install’ followed by one command to kick off the device. In this post, we will not go over the configuration of the devices themselves. Instead, we will focus on how to make the monitoring server think that is talking to a specific IP address when in reality, it is talking to one of our simulated devices.
5. Rerouting all outgoing TCP traffic to 18.104.22.168 back to localhost:8085
pip install fake-switches
b) Start a switch on port 8085
fake-switches --hostname my-great-switch --username admin --password istrator --listen-host 127.0.0.1 --listen-port 8085 &
c) Change the IPtables
sudo iptables -t nat -A OUTPUT -p tcp -d 22.214.171.124 --dport 1:65535 -j DNAT --to-destination 127.0.0.1:8085
d) To test the rerouting, run
ssh email@example.com and verify that you can login using the password set in step b)
6. Rerouting all outgoing UDP traffic to 126.96.36.199 back to localhost:8086
pip install snmpsim
b) Start a snmpsim device on 8086
snmpsimd.py --data-dir=./data --agent-udpv4-endpoint=127.0.0.1:8086 &
c) Changed the iptables
sudo iptables -t nat -A OUTPUT -p udp -d 188.8.131.52 --dport 1:65535 -j DNAT --to-destination 127.0.0.1:8086
d) To test the rerouting, run
snmpwalk -v1 -c public 184.108.40.206 and verify you see some SNMP response
And that’s it! We have skipped over many details in this post because we cannot share screenshots and steps specific to the application we are testing. If you feel like you need more help, please post a question below.