Frog51 is a high-performance, multi-profile network traffic stress framework written in modern C++23. Designed for academic research, controlled lab validation, and network resilience benchmarking, it implements a broad set of protocol stress profiles with a focus on performance, observability, and reproducibility.
β οΈ CONTROLLED LAB USE ONLY
This project is intended exclusively for isolated environments, authorized security research, defensive validation, protocol experimentation, and resilience benchmarking. It must only be used on systems and networks you own or are explicitly authorized to test.
| Profile | Scenario | Description | Reference |
|---|---|---|---|
| 1 | HTTP/2 Rapid Reset Simulation | Models high-rate stream churn behavior for resilience analysis | CVE-2023-44487 |
| 2 | Multi-Profile Coordination | Combined protocol stress for layered defense evaluation | - |
| 3 | Memcached Amplification Simulation | Models high-gain reflection/amplification behavior in research settings | - |
| 4 | DNS Amplification Simulation | Traditional volumetric amplification profile for mitigation validation | - |
| 5 | HTTP Request Pressure | Application-layer request exhaustion scenario | - |
| 6 | HTTP/2 Stream Pressure | High stream concurrency prior to rapid-reset style patterns | - |
| 7 | TCP SYN Pressure | Evaluates TCP state handling and connection establishment resilience | - |
| 8 | Slow Connection Retention | Low-and-slow connection occupancy testing | - |
| 9 | UDP Throughput Stress | Basic volumetric datagram profile | - |
| 10 | ICMP Throughput Stress | ICMP-based network path and control-plane stress | - |
- C++23 Modern Codebase with contemporary standard library features
- Raw Socket Support for packet-level research and custom protocol modeling
- Multi-threaded Architecture designed to scale across available CPU cores
- Real-time Statistics with live throughput and event counters
- Custom Protocol Construction for IP, TCP, UDP, and ICMP packet generation
- Low-overhead Metrics Path using atomic counters and burst-oriented transmission
- Research-oriented Design suitable for repeatable lab experiments
# Ubuntu/Debian
sudo apt update
sudo apt install clang lld libc++-dev libc++abi-dev
# CentOS/RHEL
sudo yum install clang lld libcxx-devel
# macOS
brew install llvm libc++# Clone repository
git clone https://github.com/victormeloasm/frog51.git
cd frog51
# Compile with high optimization
clang++ -std=c++23 -O3 -flto -fuse-ld=lld -march=native -mtune=native \
-o frog51 src/frog51.cpp -lpthread# Debug build with sanitizers
clang++ -std=c++23 -g -fsanitize=address,undefined -fno-omit-frame-pointer \
-o frog51_debug src/frog51.cpp -lpthread
# PGO build
clang++ -std=c++23 -O3 -flto -fprofile-generate -fuse-ld=lld \
-o frog51_pgo src/frog51.cpp -lpthread
# Generate representative lab profile data only on an isolated loopback or test namespace
./frog51_pgo 127.0.0.1 -p 8080 -c 100000
clang++ -std=c++23 -O3 -flto -fprofile-use -fuse-ld=lld \
-o frog51 src/frog51.cpp -lpthreadsudo ./frog51 <LAB_TARGET_IP> [OPTIONS]# Local loopback validation with bounded packet count
sudo ./frog51 127.0.0.1 --all -c 50000 -t 8
# TCP SYN profile in an isolated lab VLAN or namespace
sudo ./frog51 10.10.10.2 --syn -p 443 -t 8 -c 100000
# Multi-profile stress with bounded execution in a controlled environment
sudo ./frog51 10.10.10.2 --multi -p 8080 -t 16 -c 50000
# Short validation run for metrics collection
sudo ./frog51 127.0.0.1 --all -c 10000 -t 4| Option | Description | Default |
|---|---|---|
-p PORT |
Target port | 80 |
-t N |
Thread count | CPU cores Γ 2 |
-c N |
Packet count (0 = continuous run) | 0 |
--all |
Enable all implemented stress profiles | false |
--syn |
Enable only the TCP SYN profile | false |
--multi |
Enable coordinated multi-profile mode | false |
--burst-size N |
Packets per burst | 100 |
--packet-size N |
Packet size in bytes | 512 |
Important: Always use bounded runs and isolated targets. Avoid using continuous mode except in tightly controlled test environments.
Frog51 Architecture:
βββ Packet Engine
β βββ IP Header Construction
β βββ TCP SYN Packet Crafting
β βββ UDP Datagram Building
β βββ ICMP Packet Generation
βββ Profile Engine
β βββ Multi-Profile Coordinator
β βββ Thread Management
β βββ Real-time Statistics
βββ Network Layer
β βββ Raw Socket Management
β βββ Checksum Calculation
β βββ Protocol Simulation
βββ Monitoring
βββ Performance Metrics
βββ Profile Counters
βββ Live Console Dashboard
// Each worker operates independently over a shared configuration
Thread 0: [SYN] [UDP] [ICMP] [HTTP/2] [Stats]
Thread 1: [SYN] [UDP] [ICMP] [HTTP/2] [Stats]
...
Thread N: [SYN] [UDP] [ICMP] [HTTP/2] [Stats]- Lock-free Statistics through atomic operations
- Burst-oriented Packet Sending to reduce syscall overhead
- Pre-allocated Buffers for repeated packet construction
- Scheduler-aware Execution with optional priority tuning
- Socket Buffer Tuning for sustained throughput experiments
| Configuration | Packets/Second | Bandwidth | CPU Usage |
|---|---|---|---|
| 8 threads | 500,000 pps | 2.1 Gbps | 45% |
| 16 threads | 950,000 pps | 4.0 Gbps | 75% |
| 32 threads | 1,800,000 pps | 7.5 Gbps | 95% |
| 64 threads | 3,200,000 pps | 13.4 Gbps | 100% |
These figures are representative and depend on NIC, kernel tuning, CPU topology, buffer sizing, and the specific profile mix enabled.
STRESS: 15472938 pkts | 132.4 GB | 1850432 pps | 9.8 Gbps | RR:384722 MP:572839 SYN:692833
- Mitigation Pipeline Evaluation for rate limiting, filtering, and scrubbing logic
- Load Balancer Characterization under high connection churn and mixed traffic
- Cloud and Edge Capacity Testing in isolated environments
- Protocol Stack Robustness Analysis for TCP/IP implementations and state handling
- Kernel and Driver Behavior Study under sustained packet-generation workloads
- Defense Mechanism Development for detection and mitigation tuning
- Incident Response Exercises in isolated cyber ranges
- Forensic Signature Development using repeatable traffic patterns
- Benchmarking of IDS/IPS, WAF, and L4/L7 Controls
- Reproducible Stress Testing for academic papers or lab reports
# Suricata examples for lab validation
alert ip any any -> $HOME_NET any (
msg:"Frog51 TCP SYN Pressure Detected";
flow:stateless;
flags:S,12;
threshold: type both, track by_dst, count 1000, seconds 1;
sid:1000001;
rev:1;
)
alert udp any any -> $HOME_NET any (
msg:"Frog51 UDP Throughput Stress Detected";
depth:512;
threshold: type both, track by_dst, count 5000, seconds 1;
sid:1000002;
rev:1;
)- Rate Limiting with per-source or per-destination quotas
- SYN Cookies and backlog hardening
- State Table Protection for firewalls and proxies
- Traffic Classification via IDS/IPS or eBPF/XDP pipelines
- Anycast and Distribution for volumetric absorption scenarios
- Connection Timeouts and Concurrency Caps for slow-retention profiles
void simulate_http2_rapid_reset(int thread_id) {
// Research-oriented simulation of high-rate stream churn
for (uint32_t i = 0; i < config_.http_streams; ++i) {
stats_.record(AttackVector::HTTP2_RAPID_RESET, 128);
}
}void execute_multivector_attack(int thread_id, int sock, uint32_t dst_ip, std::span<char> packet) {
send_syn_flood(thread_id, sock, dst_ip, packet);
send_udp_flood(thread_id, sock, dst_ip, packet);
send_icmp_flood(thread_id, sock, dst_ip, packet);
stats_.record(AttackVector::MULTIVECTOR_STORM, config_.packet_size * 3);
}// Direct packet construction with minimal copying
void build_syn_packet(std::span<char> packet, uint32_t src_ip, uint32_t dst_ip,
uint16_t src_port, uint16_t dst_port, int thread_id) {
struct iphdr* ip = reinterpret_cast<struct iphdr*>(packet.data());
struct tcphdr* tcp = reinterpret_cast<struct tcphdr*>(packet.data() + sizeof(struct iphdr));
// Header population and checksum calculation
}- Raw sockets generally require elevated privileges
- NIC offload settings may affect measured throughput
- Kernel buffer sizes and scheduler behavior influence sustained performance
- Profile combinations can significantly change packet-per-second vs bandwidth characteristics
- Continuous mode should be reserved for isolated, supervised test ranges
Contributions are welcome from security researchers, network engineers, and systems programmers.
- Fork the repository
- Create a feature branch
git checkout -b feature/amazing-feature - Commit your changes
git commit -m 'Add amazing feature' - Push to the branch
git push origin feature/amazing-feature - Open a Pull Request
- Performance optimization
- Additional observability and metrics
- Safer lab execution controls
- Protocol profile accuracy
- Detection and mitigation integration
- Reproducibility tooling for research environments
This project is licensed under the terms described in LICENSE.md.
Legal and Ethical Notice This software is intended strictly for defensive research, resilience validation, and controlled laboratory experimentation. Users are solely responsible for ensuring compliance with all applicable laws, regulations, and authorization requirements.
Frog51 is best understood as a high-performance traffic stress and resilience research framework, not as a general-purpose offensive utility. Its value lies in helping researchers and defenders understand system behavior, validate protections, benchmark handling capacity, and develop robust countermeasures in controlled environments.
πΈ Frog51 β High-performance network resilience research in modern C++23.