Software suggestions on building a "passive" and "active" WAN simulation and fuzzing device?

Question

I want to build a more-or-less self-contained box that I can plug two or more endpoints into (routers, mainly) that will simulate a WAN. I want to be able to mess up traffic in all sorts of ways, both "passive" (for example, natural network problems like latency, packet loss, bandwidth restrictions) and "active" (such as DoS attacks, MiTM attacks, and other more nefarious actions). I want to be able to bang on my router configurations in all sorts of ways without attracting unwanted attention or affecting my production network.

As far as I can tell, there are no free solutions for doing this, which is fine, but I'd like to figure out what tools to use.

So far, I think for the "active" side of things, Metasploit is the clear choice. The "passive", however I'm not so sure about. Here's what I've been looking at:

MAYBE:

TCNG: Old, though. Last release in 2004.

ns-2: Seems more "research-y" but has potential.

ns-3: Also has potential.

Cisco Packet Tracer: Not exactly free. It is pretty, but does it have the "fuzzing" aspect?

DummyNet: It seems a bit raw, but it's been suggested it might be the best option.

EDIT:

CORE: The Common Open Research Emulator seems really promising.

REJECTED:

GNS-3: More for hardware emulation.

Lagfactory: Seems to have vanished.

Fiddler: HTTP(S) traffic only

NetLimiter: Doesn't seem to have intentional network damage feature

LanForge ICE: Looks to be expensive.

Thoughts or suggestions very much appreciated!

Answer 1

I once built one of these rigs for Electronic Arts to handle online-game traffic simulations to ensure the best possible user experience despite network conditions.

The free option was NIST Net from the National Institute of Standards and Technology (NIST). Based on Linux, free, complex and limited, but might be just what your looking for.

The expensive, but dammed impressive option was a Storm Appliance from Shunra, dedicated hardware with multiple network interface configurations, and was driven through visio, so you could litterally draw your network topology and then run simulations on it using data points you detemrined in advance or actually recorded traffic from the tinterweb :)

Impressive tech.

Answer 2

I would run a bunch of machines each in their own virtual machine (VM), and with a virtual network connecting them. You can configure Linux to act as a router, or get other free open-source router software, so each router can be its own VM as well.

Particularly if you want to do fuzzing, I think this will be higher fidelity than simulation.

You might also check out the DETER testbed. It might be just what you're looking for.