6

In Iran we have an ongoing problem with the govt. blocking and manipulating various network protocols. I'm looking for a tool, framework or platform to help us analyze and report on any of these activities. If the framework would let us write custom scripts it would be ideal. Sample problems we need to detect are :

  • SSL/TLS blocking
  • DNS poisoning or spoofing
  • PPTP/IPSec/OpenVPN blocking
  • Slowing down of certain protocols or sites
  • Blocking of other protocols like SPDY,VoIP, OCSP, etc.
  • Sites and services which get blocked like Facebook, Skype, WeChat, etc.
  • At certain times when there's political tension, normal protocols like https are even blocked
  • Also check internet connection quality via ping or other tests

I guess testing some of these activities needs a client/server solution which is ok. Obviously I'd prefer open source libraries as it would let us extend its functionalities with new tests or samples.

Iman
  • 63
  • 4
  • iman, welcome to SF. Sadly, much as I'm sympathetic to this issue, questions asking for product recommendations are [explicitly off-topic](http://blog.stackoverflow.com/2010/11/qa-is-hard-lets-go-shopping/) here (and on all SE sites). You might want to read http://serverfault.com/help/on-topic and then try re-working this question; to my mind, a question asking about the design and implementation of such a tool might well be more on-topic for SF than your current one. And it may be that the community disagrees with me, and this question stays open as-is! – MadHatter Dec 29 '13 at 07:41
  • @MadHatter thanks for the point, although i've seen many asking for recommendations on tools (check the 'tools' tag). i'll try to edit the question be more on topic. – Iman Dec 29 '13 at 08:33
  • 2
    If we view the OP's requirements as a sort of laundry list of checks which could potentially have value for validating an end user network, this is certainly on topic. Let's use our discretionary powers for (subjective) good :) – MikeyB Jan 01 '14 at 00:09
  • I agree with MikeyB here. If we consider this question as a 'check-before-you-deploy' network testing/capacity-planning for any user or a small business, wouldn't it make sense? Or if someone can recommend a tool then we can reorganize the question to fit to the tool itself. Thoughts? – Soham Chakraborty Jan 01 '14 at 07:50

1 Answers1

4

The Glasnost tool will do some of what you're looking for, and the tool is BSD licensed. This is a client/server tool.

I think you could build some useful scripts using nmap and its built-in scripting functionality fairly easily, as well. Having "known good" servers on the Internet that you can make connection attempts to would certainly be a requirement for this kind of solution, too. (I suppose you could make connections to public services but I'd think you'd want to connect to something you control so that you can be sure of the integrity.)

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328