Top Menu

CRACKER™ Professional Edition

VoIP Penetration & Stress testing

CRACKER Professional from Velona Systems is a dedicated VoIP load tester, with SIP over TLS as standard, available as a Cloud service (SaaS) solution, or as an on-premise installation sited entirely inside an end-customer’s private IP network or DMZ.

It can be used to quickly establish the design and operational limits of all forms of SIP based VoIP equipment, such as, IP PBXs, SIP Trunks, IMS Core Networks, Enterprise SBCs (E-SBCs), Core Network side SBCs, IP Phones, Softphones, SIP Application Servers, and Softswitches.


  • T/D-DOS agent Testing
  • SPIT agent Testing
  • Nuisance Calling
  • End Point Rebooting
  • SIP Parser Stressing
  • SIP Load Testing
  • SIP over TLS stress Testing

Key Benefits

  • Cloud-based service for easy, scalable, resilient service delivery
  • Significantly lower costs than existing on-site hardware based solutions that are currently used
  • Ability to create custom and default test set-ups
  • Rapid deployment means you hit the ground running immediately after order placement
  • No on-premises equipment means no CAPEX or Admin costs
  • Pay-as-you-go model means you can tailor your spending to the budget allocated to your project
  • Stress testing through a Cloud SaaS means all new tool updates are automatically picked up, with no impact on your performance or productivity

CALL +353 21 242 8400 TODAY

Call us today or email us at to learn how we can secure your business against VoIP Fraud and other malicious attacks.

CRACKER Professional allows you to verify the maximum number of voice calls for your System Under Test (SUT), for call setups, sustained calls and call failures, or any mixture of the three. It provides the ability to send call setup signalling (INVITEs) and background signalling traffic, such as, OPTIONS & NOTIFY messages. Transport Protocols supported include UDP, TCP & TLS, with both RTP and Secure RTP (sRTP) media also possible. CRACKER Professional also provides the capability to act as both the originating and terminating agent if the SUT passes through the SIP and media e.g. SIP proxies, IP PBXs, or SBCS.

Sustained testing is provided with extremely flexible setup with ramp up and down depending on chosen busy hour(s). G.711 a/u law or G.729A codecs are provided and calls may be answered, unanswered or a mixture of the two. The call arrival pattern can use Poisson Distribution or a static specified number of calls per second, while call duration / call hold time can be a single static or variable value. The users served by the SUT may use a mix of different domains and sub domains and multiple certificates for TLS can be used for each domain or sub domain. MD5 password support is provided for scenarios where end points must be registered with the SUT and where the SUT is actually only passing through such registrations, such as in case of a Session Border Controller (SBC).

(Features come as standard)

  • SIP Port Scanning
  • Extension Discovery
  • Password Attack
  • Registration Hijacking
  • Toll Fraud Testing


  • T/D-DOS agent Testing
  • SPIT agent Testing
  • Nuisance Calling
  • End Point Rebooting
  • SIP Parser Stressing
  • SIP Load Testing
  • SIP over TLS stress Testing


  • Web front-end and scheduler
  • Exec and Engineer level reporting
  • Compliance reporting
  • Critical vulnerability alerting
  • White-label capability

Flexibility in set-up

CRACKER Professional provides a flexible and powerful GUI and command line interface to allow easy-to-use test scripts to be created, stored and scheduled. It scales from a simple test bed with just a few end points to the most complex Core Network, requiring multiple components in the SUT requiring hundreds of thousands of calls. Any mixture of the transport protocols and media can be used simultaneously. Flexible message templates for SIP messages allow for a wide variety of scenarios to be supported, with storage and reporting of all tests is provided.

CRACKER Professional is easily configured with flexibility in choosing:

  • required capacity, for example, calls per second
  • whether to terminate as well as originate calls
  • transport type to use (UDP, TCP or TLS)
  • TCP or UDP port list
  • target numbers on the SUT
  • extension/number range settings
  • test duration
  • total number of calls
  • static or random call length / call hold duration
  • % of answered, unanswered, & failed calls
  • failure code settings
  • ring time answer and un-answer delay settings
  • busy hour settings
  • % of the total traffic sent in busy hour period(s)
  • Message templates for INVITE & background messages (OPTIONS & NOTIFY)
  • frequency at which to send background messages (OPTIONS & NOTIFY)

Features and Specification

UDP, TCP (via IPv4 or IPv6), TLS

G.711 A/μ-law, G.722.1, G.723, G.729, GSM, iLBC, Speex, RTP, Secure RTP (SRTP), and RTCP

1889, 2327, 2617, 2976, 3261, 3264, 3550, 4028

Call control capability:

  • UAC and UAS registration
  • SIP over TCP, TLS and UDP
  • SIP authentication: digest security scheme
  • Outgoing, incoming, pass-through SIP call simulation
  • Limitless simultaneous calls (SIP+RTP)
  • Customisable SIP headers and SDP attributes
  • Receiving calls with and without registration at SIP Tester

How we do it

VoIP Load Testing is based around Velona’s VOIP security test engine, which has a suite of automated SIP penetration & stress test run-books which assess the robustness of any element on the Enterprise or Core side of a VoIP network.

The overall goal of stress testing is to establish the limitations of the element or system being tested, and ensure a product or solution can meet the purposes for which it has been chosen. It can ensure all solutions launched can meet the demand from their customers, and also find out if any vulnerabilities exist for actual attacks, such as, Denial of Service (DoS) and Distributed Denial of Service (DDoS).

Why VoIP Load Testing Matters

Velona’s CRACKER Professional allows you to easily and independently benchmark the capacity of your Infrastructure while demonstrating ongoing reliability and security program improvements to your customers, your executive management, and your compliance team.

By availing of the pay-as-you-use options of our VoIP Load Testing solutions, you get the freedom to focus your investment (both time and money) on all aspects of your business, while being able to rely on a comprehensive stress based evaluation of your product’s design limitations.

Velona Gives You Dedicated SIP Expertise

load testing can be used along with Velona’s CRACKER Enterprise Edition to fully demonstrate the progress of vulnerability management & security awareness programs.

When you use Velona’s Cloud Security products you gain:

  1. Fully transparency of your Infrastructure’s capacity to service busy hour traffic, and withstand DoS attacks
  2. Verifiable proof of the highest possible level of SIP Threat prevention for your element or end-to-end solution set
  3. Access to dedicated external SIP expertise & an ever-expanding security knowledge base
  4. Higher product value and promotion potential

The Advantages of Partnering with Velona

We continuously update our Test capability to optimize the benefits of your test runs, but always allow you to benchmark on a like-for-like basis. So you have the benefit of being able to avail of the latest feature set, centrally available from the Cloud, with no impact on your side.


  • Continuosly updated
  • Optimum scalability
  • Always available

  • Built by SIP experts to remove 99% of the knowledge complexity requirement of SIP/VoIP
  • We know the vulnerabilities in voice systems which can quickly impact system capacity

  • Simply use our advanced VoIP security testing as required
  • Reduce need for expensive equipment

Who are Velona Systems?

We make voice communications safer by providing scalable Cloud based VoIP Security to reduce risk in main areas of revenue loss, productivity loss and brand damage.

Deep rooted EXPERIENCE – Our services are made possible by a dedicated Service Enabling SIP test engine, designed from decades of hard earned experience of leading-edge Telecommunications testing, architecture, design, deployment and support, in various aspects of VoIP, SIP & FMC networks.

Load test with real world scenarios – By carefully studying real life traffic behaviour, as well as SIP protocol design we help you test for what actually happens so that you maximize the capabilities of your business assets.
Trusted by a Market Leading Operators – We already help Tier 1 and Tier 2 Operators maximize their Fixed Mobile Converged (FMC) assets, further strengthen their solutions, and ultimately secure more business.