Ensuring that a distributed system with strict dependability constrain
ts meets its prescribed specification is a growing challenge that conf
ronts software developers and system engineers. This paper presents a
technique for probing and fault injection of fault-tolerant distribute
d protocols. The proposed technique, called script-driven probing and
fault injection, can be used for studying the behaviour of distributed
systems and for detecting design and implementation errors of fault-t
olerant protocols. The focus of this work is on fault injection techni
ques that can be used to demonstrate three aspects of a target protoco
l: detection of design or implementation errors; identification of vio
lations of protocol specifications; and insight into design decisions
made by the implementers. The emphasis of our approach is on experimen
tal techniques intended to identify specific ''problems'' in a protoco
l or its implementation rather than the evaluation of system dependabi
lity through statistical metrics such as fault coverage. To demonstrat
e the capabilities of this technique, the paper describes a probing an
d fault injection toot, called the PFI tool (probe/fault injection too
l), and a summary of several extensive experiments that studied the be
haviour of two protocols: the Transmission Control Protocol (TCP) and
a group membership protocol (GMP).