Traffic simulation on the wordpress site

By @rosinni at 4Geeks Academy

Estas instrucciones están disponibles en Español

Before you start...

We need you! These exercises are built and maintained in collaboration with contributors such as yourself. If you find any bugs or misspellings please contribute and/or report them.

This project seeks to generate artificial traffic from a Kali Linux machine to a website hosted on a Debian server using the Apache Benchmark (ab) tool. Additionally, monitoring tools will be implemented on the server to detect traffic surges and evaluate its performance.

🌱 How to start a project?

Do not clone any repository! Just follow instructions below:

To carry out this project, we will need 2 virtual machines:

• One will be the Debian virtual machine where we previously built the WordPress website.
• The other will be the Kali virtual machine as the attacker. If you have not installed Kali Linux yet, please follow these instructions: Installing Kali Linux on a virtual machine.

Requirements

• Oracle VirtualBox
• Virtual machine with Kali Linux (Attacker): To generate traffic.
• Virtual machine with Debian (Web Server): Where we have the Apache server and the WordPress site hosted.

📝 Instructions

Step 1: Configure the Network in VirtualBox

Configure the Network of the Debian Machine (Web Server)

• Open VirtualBox.
• Select your Debian virtual machine and click on "Settings".
• Go to the "Network" section and ensure that "Adapter 1" is enabled and set to "Bridged Adapter".
• En el campo "Nombre", selecciona el adaptador de red física que deseas usar (el que tu host está utilizando para conectarse a la red, como Wi-Fi o Ethernet). Esto suele ser algo como "Intel(R) Ethernet Connection" o "Wi-Fi".
• Save the changes and close the settings window.

Configure the Network of the Kali Linux Machine (Attacker)

• Select your Kali Linux virtual machine and click on "Settings".
• Go to the "Network" section and ensure that "Adapter 1" is enabled and set to "Bridged Adapter".
• In the "Name" field, select the same physical network adapter you selected for the Debian machine.
• Save the changes and close the settings window.

Step 2: Obtain the IP Address of the Machines to Connect Them.

With "Bridged Adapter" configured, the machines should automatically obtain an IP address from your router or network's DHCP server.

On the Debian Machine (Web Server)

• Start the Debian virtual machine.
• Open a terminal and execute the $ ip addr show command to view the assigned IP address:

Look for the section corresponding to your network interface (usually eth0 o enp0s3) and find the line that starts with inet. There you will see the assigned IP address, something like 192.168.1.x.

On the Kali Linux Machine (Attacker)

• Open a terminal and execute the $ ip addr show command to view the assigned IP address:

Look for the section corresponding to your network interface (usually eth0 o enp0s3) and find the line that starts with inet. There you will see the assigned IP address, something like 192.168.1.x.

Step 3: Verify the Connection Between the Machines

From the Kali Linux Machine (Attacker):

• Open a terminal and ping the Debian machine to verify the connection:

$ ping <IP_debian>

Replace <IP_debian> with the IP address you obtained for the Debian machine.

From the Debian Machine (Web Server):

• Open a terminal and ping the Kali Linux machine to verify the connection:

$ ping <IP_kali>

Replace <IP_kali> with the IP address you obtained for the Kali machine.

Graphical example of how the pings look when connected:

Step 4: Simulate Traffic on the Website

On the Kali Linux Machine (Attacker):

We will use Apache Benchmark (AB) as a tool to generate traffic on the website.

Installation and Usage of Apache Benchmark

Apache Benchmark (AB) is a tool that allows you to generate test traffic to a web server. Follow these steps to install and use ab from Kali Linux:

1. Installation of Apache Benchmark

$ sudo apt-get update
$ sudo apt-get install apache2-utils

2. Generate Traffic to the Website

$ ab -n 1000 -c 10 http://<IP_debian>/

The command ab -n 1000 -c 10 http://<IP_debian>/ hwill make Apache Bench send 1000 HTTP requests to the web server at http://<IP_debian>/, with 10 requests being made concurrently, simulating 10 concurrent users accessing the server..

NOTE: Replace <IP_debian> with the IP address of the Debian server.

Step 5: Monitoring Server Performance

On the Debian server, we are going to install monitoring tools like htop to observe the performance during the tests.

Installing htop

$ sudo apt-get update
$ sudo apt-get install htop

Real-Time Monitoring with htop

htop is an interactive process monitoring tool that provides a detailed view of the system resource usage.

• Run the following command in the terminal to monitor CPU, memory, and other system resources in real-time while running tests with Apache Benchmark.

$ htop

You will see something like this:

• CPU Usage: Shows real-time CPU usage, usually divided into bars representing each CPU core.
• Memory Usage: Displays RAM and swap memory usage.
• Tasks: Lists active processes with details such as PID, user, CPU and memory usage, runtime, and the command that started the process.
• Load Average: Shows the system load average over the last 1, 5, and 15 minutes.
• Uptime: Indicates how long the system has been running since the last reboot.

Project Delivery

In the cloned repository, you must submit 2 reports.

• The first report should be named report_ab.txt. Generate this report when performing the attack on your Kali virtual machine with the following command:

$ ab -n 5000 -c 200 http://<IP_debian>/ > report_ab.txt

• The second report should be created with the name report_htop.txt and include observations on the server performance on your Debian machine while using htop.

Copy these lines into the report_htop.txt file and fill in the corresponding information.

  observations:
  evaluation_if_server_could_handle_load:
    - performance_metrics:
        - stable_memory: # Here you can note how many requests per second maintained stable memory usage
        - cpu_load_average: # Here you can note what average CPU load percentage was maintained

  specification_of_excessive_resource_usage:
    - cpu_peak_usage:
        - observed: true  # Indicate if a CPU usage peak of 90% was observed during the first few minutes of maximum load (the value would be true or false)
        - peak_percentage: 90
        - request_count_at_peak:
            - value:  # Here you can note the specific number of requests at which the peak occurred

Contributors

Thanks goes to these wonderful people (emoji key):

1. Rosinni Rodríguez (rosinni) contribution: (build-tutorial) ✅, (documentation) 📖

2. Alejandro Sanchez (alesanchezr), contribution: (bug reports) 🐛

3. Lorena Gubaira (lorenagubaira), contribution: (bug reports) 🐛, contribution: (editor), (translation) 🌎

This project follows the all-contributors specification. Contributions of any kind are welcome!

This and many other exercises are built by students as part of the 4Geeks Academy Coding Bootcamp by Alejandro Sánchez and many other contributors. Find out more about our Full Stack Developer Course, and Data Science Bootcamp.You can alse deepdive in the world of cybersecurity with our Cybersecurity Bootcamp