Protocol Modeler lets you quickly develop network-layer attacks by using fault-injection components. The attacks are aimed at uncovering vulnerabilities in underlying software, whether it be closed-source "blackbox" testing of a commercial product--say your perimeter firewall's IP-based administrative interfaces--or testing of an in-house Web application under development. Protocol Modeler is capable of virtually any type of test because, even if the prebuilt fault injectors don't address your testing needs, it's possible to create your own fault injectors--albeit with much work.
You can manipulate simpler types of network traffic using the GUI tools and undertake more complex tasks using a PERL-like API, though once you head down that road, you've lost most of the speed and elegance of test creation that make Protocol Modeler attractive.
You Go Test
When we first fired up Protocol Modeler in our Chicago Neohapsis partner labs, we used the product's wizards to walk us through common security-testing activities. One wizard crawls a Web site looking for SQL-disclosure vulnerabilities, cross-site scripting bugs and opportunities for successful command-injection attacks. Unfortunately, even on the small test Web site we pointed this script at--a beta version of our corporate intranet server--Protocol Modeler crashed. Cenzic blamed the crash on bugs that had infiltrated the latest released version of the code (more on this later). A smaller site with less user interaction proved a more digestible target.
Another wizard tests firewalls. Basically, it turns Protocol Modeler into a glorified port scanner--a rather uninteresting use for such a flexible tool.