
Traffic generator theory 

All web administrators care about their server security, but only few understand all implications of this word.
Most of them will make sure the server is well protected against classic attack via classic exploits.
The administrator will take care about passwords being secure, the server software being up to date, open ports etc

However, some of the attacks use a different approach. Some use brute force for attacks. 
Yes, these are the DOS-type and similar attacks in which the server is flooded with TCP requests. 
The main problem here is detection of such an attack. How can the server determine if it deals with an DOS attack or if it is simply overloaded with valid requests (the site 'suffers' a popularity jump).
Joo (Y. Joo, V. Ribeiro, A. Feldmann, A. C. Gilbert, and W. Willinger, TCP/IP Traffic Dynamics and Network Performance: A Lesson in Workload Modeling, Flow Control, and Trace-driven Simulations. CCR, April 2001) suggests that "a traffic workload can either completely ignore the empirically observed high variability at the TCP connection level (i.e., assume "infinite sources") or explicitly account for it with the help of heavy-tailed distributions for TCP connection sizes or duration".

For details you may also want to read: 
 * M. Yuksel, B. Sikdar, K. S. Vastola, and B. Szymanski. Workload Generation for NS Simulations of Wide Area Networks and the Internet. pages 93-98, San Diego, CA, 2000. 
 * J. Cao, W.S. Cleveland, Y. Gao, K. Jeffay, F.D. Smith, and M.C. Weigle, Stochastic Models for Generating Synthetic HTTP Source Traffic, IEEE INFOCOM, March 2004. 


However, a server can be also overloaded via 'normal' web traffic (web pages) request.
How: today most web pages are dynamically generated. These page generators could be some sort of CMS (content management system) such as Joomla, Wordpress or Drupal.
These CMS could have hundreds of thousands of lines of code. PHP code. We all know that PHP code is interpreted code therefore requires large amounts of CPU compared with compiled programs.

A single page could take seconds to be generated if it contains lots of elements (paragraphs, images, styles). Therefore is enough to request several pages from a server in a short interval to totally overload the CPU.

There are lots of TCP traffic generators out there that will help you test your server under TCP stress conditions.
For example BreakingPoint (by Ixia - www.ixiacom.com) can generate up to 15 million TCP sessions.
By the way Ixia provides lots of server security related tools. You may want to take a look at all products they offer.

But these are not suitable for a CPU overload of this type. Our WEB traffic generator allows you to test your server under such conditions. 
You can send a visitor to your web site every second and see how the server reacts to this. Server's firewall won't be able to eliminate this traffic because it comes from different IPs. Therefore it looks like any other natural traffic it receives.

Another purpose that we had in mind was to test the response of a commercial web hosting server. We were experiencing intermittent traffic failure with our web host (BlueHost.com), however, the tech support was denying this.  They won't start diagnostic work until they will see the actual error. Sending screenshots was not enough as they said "it happens only at your end".

The problem appeared intermittently so we had to manually refresh a web page for hours hoping we will see the failure again. The only way to make it reproduce on demand was to modify Web Traffic Generator to request the same page at a 30 seconds interval. When the page failed to load an audio signal was generated. 
Now this mod evolved as an independent program: Web Site Down www.soft.tahionic.com/internet-web_site_down
This dedicated program can be used instead of Web Traffic Generator with better results and less CPU work involved. 
Combine the reports given by this program with a 3rd party witness (like www.isitDownRightnow.com) and you will have undeniable proof for your web hosting company that they have problems.

If your corporation have similar problems and you need a dedicated diagnostic tool we are happy to assist you.