'IGMP'에 해당되는 글 3건

  1. 2014.04.07 Assigned Internet Protocol Numbers (1)
  2. 2009.12.04 Multicast IGMP Message
  3. 2009.07.21 Nemesis - 패킷 생성 (arp,dns,ethernet,icmp,igmp,ip,ospf,rip,tcp,udp)
2014. 4. 7. 18:20

Assigned Internet Protocol Numbers

Assigned Internet Protocol Numbers

DecimalKeyword Protocol IPv6 Extension Header Reference 
0HOPOPTIPv6 Hop-by-Hop OptionY[RFC2460]
1ICMPInternet Control Message[RFC792]
2IGMPInternet Group Management[RFC1112]
4IPv4IPv4 encapsulation[RFC2003]
6TCPTransmission Control[RFC793]
8EGPExterior Gateway Protocol[RFC888][David_Mills]
9IGPany private interior gateway (used by Cisco for their IGRP)[Internet_Assigned_Numbers_Authority]
10BBN-RCC-MONBBN RCC Monitoring[Steve_Chipman]
11NVP-IINetwork Voice Protocol[RFC741][Steve_Casner]
12PUPPUP[Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, "PUP: An Internetwork Architecture", XEROX Palo Alto Research Center, CSL-79-10, July 1979; also in IEEE Transactions on Communication, Volume COM-28, Number 4, April 1980.][[XEROX]]
14EMCONEMCON[<mystery contact>]
15XNETCross Net Debugger[Haverty, J., "XNET Formats for Internet Protocol Version 4", IEN 158, October 1980.][Jack_Haverty]
17UDPUser Datagram[RFC768][Jon_Postel]
18MUXMultiplexing[Cohen, D. and J. Postel, "Multiplexing Protocol", IEN 90, USC/Information Sciences Institute, May 1979.][Jon_Postel]
19DCN-MEASDCN Measurement Subsystems[David_Mills]
20HMPHost Monitoring[RFC869][Bob_Hinden]
21PRMPacket Radio Measurement[Zaw_Sing_Su]
22XNS-IDPXEROX NS IDP["The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specification", AA-K759B-TK, Digital Equipment Corporation, Maynard, MA. Also as: "The Ethernet - A Local Area Network", Version 1.0, Digital Equipment Corporation, Intel Corporation, Xerox Corporation, September 1980. And: "The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specifications", Digital, Intel and Xerox, November 1982. And: XEROX, "The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specification", X3T51/80-50, Xerox Corporation, Stamford, CT., October 1980.][[XEROX]]
27RDPReliable Data Protocol[RFC908][Bob_Hinden]
28IRTPInternet Reliable Transaction[RFC938][Trudy_Miller]
29ISO-TP4ISO Transport Protocol Class 4[RFC905][<mystery contact>]
30NETBLTBulk Data Transfer Protocol[RFC969][David_Clark]
31MFE-NSPMFE Network Services Protocol[Shuttleworth, B., "A Documentary of MFENet, a National Computer Network", UCRL-52317, Lawrence Livermore Labs, Livermore, California, June 1977.][Barry_Howard]
32MERIT-INPMERIT Internodal Protocol[Hans_Werner_Braun]
33DCCPDatagram Congestion Control Protocol[RFC4340]
343PCThird Party Connect Protocol[Stuart_A_Friedberg]
35IDPRInter-Domain Policy Routing Protocol[Martha_Steenstrup]
37DDPDatagram Delivery Protocol[Wesley_Craig]
38IDPR-CMTPIDPR Control Message Transport Proto[Martha_Steenstrup]
39TP++TP++ Transport Protocol[Dirk_Fromhein]
40ILIL Transport Protocol[Dave_Presotto]
41IPv6IPv6 encapsulation[RFC2473]
42SDRPSource Demand Routing Protocol[Deborah_Estrin]
43IPv6-RouteRouting Header for IPv6Y[Steve_Deering]
44IPv6-FragFragment Header for IPv6Y[Steve_Deering]
45IDRPInter-Domain Routing Protocol[Sue_Hares]
46RSVPReservation Protocol[RFC2205][RFC3209][Bob_Braden]
47GREGeneric Routing Encapsulation[RFC1701][Tony_Li]
48DSRDynamic Source Routing Protocol[RFC4728]
49BNABNA[Gary Salamon]
50ESPEncap Security PayloadY[RFC4303]
51AHAuthentication HeaderY[RFC4302]
52I-NLSPIntegrated Net Layer Security TUBA[K_Robert_Glenn]
53SWIPEIP with Encryption[John_Ioannidis]
54NARPNBMA Address Resolution Protocol[RFC1735]
55MOBILEIP Mobility[Charlie_Perkins]
56TLSPTransport Layer Security Protocol using Kryptonet key management[Christer_Oberg]
58IPv6-ICMPICMP for IPv6[RFC2460]
59IPv6-NoNxtNo Next Header for IPv6[RFC2460]
60IPv6-OptsDestination Options for IPv6Y[RFC2460]
61any host internal protocol[Internet_Assigned_Numbers_Authority]
62CFTPCFTP[Forsdick, H., "CFTP", Network Message, Bolt Beranek and Newman, January 1982.][Harry_Forsdick]
63any local network[Internet_Assigned_Numbers_Authority]
64SAT-EXPAKSATNET and Backroom EXPAK[Steven_Blumenthal]
65KRYPTOLANKryptolan[Paul Liu]
66RVDMIT Remote Virtual Disk Protocol[Michael_Greenwald]
67IPPCInternet Pluribus Packet Core[Steven_Blumenthal]
68any distributed file system[Internet_Assigned_Numbers_Authority]
69SAT-MONSATNET Monitoring[Steven_Blumenthal]
70VISAVISA Protocol[Gene_Tsudik]
71IPCVInternet Packet Core Utility[Steven_Blumenthal]
72CPNXComputer Protocol Network Executive[David Mittnacht]
73CPHBComputer Protocol Heart Beat[David Mittnacht]
74WSNWang Span Network[Victor Dafoulas]
75PVPPacket Video Protocol[Steve_Casner]
76BR-SAT-MONBackroom SATNET Monitoring[Steven_Blumenthal]
77SUN-NDSUN ND PROTOCOL-Temporary[William_Melohn]
78WB-MONWIDEBAND Monitoring[Steven_Blumenthal]
80ISO-IPISO Internet Protocol[Marshall_T_Rose]
83VINESVINES[Brian Horn]
84TTPTransaction Transport Protocol[Jim_Stevens]
84IPTMInternet Protocol Traffic Manager[Jim_Stevens]
86DGPDissimilar Gateway Protocol[M/A-COM Government Systems, "Dissimilar Gateway Protocol Specification, Draft Version", Contract no. CS901145, November 16, 1987.][Mike_Little]
88EIGRPEIGRP[Cisco Systems, "Gateway Server Reference Manual", Manual Revision B, January 10, 1988.][Guenther_Schreiner]
90Sprite-RPCSprite RPC Protocol[Welch, B., "The Sprite Remote Procedure Call System", Technical Report, UCB/Computer Science Dept., 86/302, University of California at Berkeley, June 1986.][Bruce Willins]
91LARPLocus Address Resolution Protocol[Brian Horn]
92MTPMulticast Transport Protocol[Susie_Armstrong]
93AX.25AX.25 Frames[Brian_Kantor]
94IPIPIP-within-IP Encapsulation Protocol[John_Ioannidis]
95MICPMobile Internetworking Control Pro.[John_Ioannidis]
96SCC-SPSemaphore Communications Sec. Pro.[Howard_Hart]
97ETHERIPEthernet-within-IP Encapsulation[RFC3378]
98ENCAPEncapsulation Header[RFC1241][Robert_Woodburn]
99any private encryption scheme[Internet_Assigned_Numbers_Authority]
101IFMPIpsilon Flow Management Protocol[Bob_Hinden][November 1995, 1997.]
102PNNIPNNI over IP[Ross_Callon]
103PIMProtocol Independent Multicast[RFC4601][Dino_Farinacci]
107A/NActive Networks[Bob_Braden]
108IPCompIP Payload Compression Protocol[RFC2393]
109SNPSitara Networks Protocol[Manickam_R_Sridhar]
110Compaq-PeerCompaq Peer Protocol[Victor_Volpe]
111IPX-in-IPIPX in IP[CJ_Lee]
112VRRPVirtual Router Redundancy Protocol[RFC5798]
113PGMPGM Reliable Transport Protocol[Tony_Speakman]
114any 0-hop protocol[Internet_Assigned_Numbers_Authority]
115L2TPLayer Two Tunneling Protocol[RFC3931][Bernard_Aboba]
116DDXD-II Data Exchange (DDX)[John_Worley]
117IATPInteractive Agent Transfer Protocol[John_Murphy]
118STPSchedule Transfer Protocol[Jean_Michel_Pittet]
119SRPSpectraLink Radio Protocol[Mark_Hamilton]
121SMPSimple Message Protocol[Leif_Ekblad]
122SMSimple Multicast Protocol[Jon_Crowcroft][draft-perlman-simple-multicast]
123PTPPerformance Transparency Protocol[Michael_Welzl]
124ISIS over IPv4[Tony_Przygienda]
126CRTPCombat Radio Transport Protocol[Robert_Sautter]
127CRUDPCombat Radio User Datagram[Robert_Sautter]
130SPSSecure Packet Shield[Bill_McIntosh]
131PIPEPrivate IP Encapsulation within IP[Bernhard_Petri]
132SCTPStream Control Transmission Protocol[Randall_R_Stewart]
133FCFibre Channel[Murali_Rajagopal][RFC6172]
135Mobility HeaderY[RFC6275]
138manetMANET Protocols[RFC5498]
139HIPHost Identity ProtocolY[RFC5201]
140Shim6Shim6 ProtocolY[RFC5533]
141WESPWrapped Encapsulating Security Payload[RFC5840]
142ROHCRobust Header Compression[RFC5858]
253Use for experimentation and testingY[RFC3692]
254Use for experimentation and testingY[RFC3692]

출처 : iana.org

Trackback 1 Comment 1
  1. 2014.04.07 18:22 address edit & del reply


2009. 12. 4. 11:42

Multicast IGMP Message


IGMP는 Client와 Router(L3 장비) 간의 Multicast 정보를 교환할 때 사용하는 Protocol로 Multicast Group에 대해 가입과 탈퇴를 유지하기 위하여 사용된다.

IGMP를 통하여 Multicast Group에 join을 할 거면 Client에서 데이터를 받기 원하는 Multicast 주소를 라우터에게 알려 Multicast Group에 가입시키고 더이상 Multicast 데이터를 받기를 원치 않으면 그룹에서 탈퇴하겠다는 메시지를 라우터에게 알린다.

또한 IGMP는 계속하여 Multicast 데이터를 받을 지를 묻는 Query 역할도 한다.

 2. IGMP Message

IGMP Message는 Query Message와 Report Message와 Leave Message 가 있다. 각 각에 대해 알아보면...

0x11 Membership Query : 라우터가 호스트에게 Multicast Group으로 발송하는 데이터를 받기 원하는지 묻는다.
0x12 IGMP version 1 Membership Report : Query에 대한 답변으로 IGMP version 1로 받기를 원할 때 사용한다.
0x16 IGMP version 2 Membership Report : Query에 대한 답변으로 IGMP version 2로 받기를 원할 때 사용한다.
0x17 Leave Report : IGMP version 2에만 사용하는 Message로 데이터를 그만 받기를 원할 때 사용한다.

※ 각 Message에 대해 다음 Topology를 통해 알아보자.

1) Topology

※ R1을 가상으로 서버로 만들고 P1, P2, P3는 가상의 Client로 한다.

    P1에 이더넷 포트 중 하나는 VM-Ware Lan Card와 연결 시켜 IGMP Message에 대한 Capture를 한다.

2) Config

1> Basic Config

※ 각 라우터마다 공통적으로 설정한다. Multicasting Routing Protocol은 나중에 포스트로 다루어 보도록 한다.

2> Multicast Group 가입

※ Clinet 쪽인 P1에서 임시적인 방법으로 Join을 하여 IGMP v2 Membership Report를 보낸다.

    그리고 계속하여 Multicast Group에 Join 할 것인지 묻는 Membership Query를 받는다.

3> Multicast Group 탈퇴

※ Multicast Group에서 탈퇴함으로 Leave Report를 보낸다.

3) Analyze

1> Membership Query Message

※ Multicast Server가 Multicast가 가능한 Host에게 Query를 한다.(

2> IGMP version 2 Membership Report Message

※ Multicast Group에 Join 함으로 Membership Report 메시지를 보낸다. ip igmp version 1으로 하면 IGMP v1 Report 메시지가 올 것이다.

3> Leave Report

※ 그룹에서 탈퇴하면 Leave 메시지를 Multicast가 가능한 라우터에게 보낸다.(

>>> 이와 같이 IGMP를 통하여 Multicast Group에 가입할 지 탈퇴할 지 정보를 주고 받는다.

출처 : http://blog.naver.com/kwi3094

Trackback 0 Comment 0
2009. 7. 21. 11:58

Nemesis - 패킷 생성 (arp,dns,ethernet,icmp,igmp,ip,ospf,rip,tcp,udp)

Nemesis packet injection utility

"Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s), etc." - Curt Wilson in Global Incident Analysis Center Detects Report (SANS Institute - Nov 2000)

What is Nemesis?

Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis is developed and maintained by Jeff Nathan <jeff at snort dot org>.


[Jun 29 2003]
Nemesis 1.4beta3 Build 22 is the most functional version of Nemesis to date. Problems in the Windows version of Nemesis have been fixed by fixing

[Feb 17 2003]
New in Build 18 is the -Z command line switch for the Windows version of Nemesis. The -Z command line switch will list the available network interfaces for use in link-layer injection.

[Feb 12 2003]
Windows version of Nemesis is now available. Please test it out and see how well it compares to the version for UNIX-like systems.

[Feb 3 2003]
After a year and a half in hiatus, a new version of Nemesis is nearly complete. The current codebase has been almost entirely rewritten and all that remains before a full release of 1.4 is to complete the updates to the RIP protocol injector and to rewrite the OSPF injector. Rather than make users wait any longer, these beta versions available in the meantime.

Nemesis for UNIX-like systems

latest version: nemesis-1.4beta3.tar.gz Build 22 (ChangeLog) (CHECKSUM) [Jun 29 2003]
supported protocols: ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP
supported platforms: *BSD(i), Linux, [Trusted] Solaris, Mac OS X


Nemesis for Windows systems

latest version: nemesis-1.4beta3.zip Build 22 (ChangeLog) (CHECKSUM) [Jun 29 2003]
supported protocols: ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP
supported platforms: Windows 9x, Windows NT, Windows 2000, Windows XP




  • nemesis tcp -v -S -D -fSA -y 22 -P foo

    Send TCP packet (SYN/ACK) with payload from file 'foo' to target's ssh port from to (-v allows a stdout visual of current injected packet)

  • nemesis udp -v -S -D -x 11111 -y 53 -P bindpkt

    send UDP packet from to's name-service port with a payload read from a file 'bindpkt'. (again -v is used in order to see confirmation of our injected packet)

  • nemesis icmp -S -D -G -qR

    send ICMP REDIRECT (network) packet from to with preferred gateway as source address. Here we want no output to go to stdout - which would be ideal as a component in a batch job via a shell script.

  • nemesis arp -v -d ne0 -H 0:1:2:3:4:5 -S -D

    send ARP packet through device 'ne0' (eg. my OpenBSD pcmcia nic) from hardware source address 00:01:02:03:04:05 with IP source address to destination IP address with broadcast destination hardware address. In other words, who-has the mac address of, tell - assuming 00:01:02:03:04:05 is the source mac address of our 'ne0' device.



nemesis-icmp - ICMP Protocol (The Nemesis Project)


nemesis-icmp [-vZ?] [-a ICMP-timestamp-request-reply-transmit-time ] [-b original-destination-IP-address ] [-B original-source-IP-address ] [-c ICMP-code ] [-d Ethernet-device ] [-D destination-IP-address ] [-e ICMP-ID ] [-f original-IP-fragmentation ] [-F fragmentation-options ] [-G preferred-gateway ] [-H source-MAC-address ] [-i ICMP-type ] [-I IP-ID ] [-j original-IP-TOS ] [-J original-IP-TTL ] [-l original-IP-options-file ] [-m ICMP-mask ] [-M destination-MAC-address ] [-o ICMP-timestamp-request-transmit-time ] [-O IP-options-file ] [-p original-IP-protocol ] [-P payload-file ] [-q ICMP-injection-mode ] [-r ICMP-timestamp-request-reply-received-time ] [-S source-IP-address ] [-t IP-TOS ] [-T IP-TTL ]


The Nemesis Project is designed to be a command line-based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts.

nemesis-icmp provides an interface to craft and inject ICMP packets allowing the user to specify any portion of an ICMP packet as well as lower-level IP packet information.

ICMP Options

-c ICMP-type Specify the ICMP-code within the ICMP header.
-e ICMP-ID Specify the ICMP-ID within the ICMP header.
-G preferred-gateway Specify the preferred-gateway-IP-address for ICMP redirect injection.
-i ICMP-type Specify the ICMP-type within the ICMP header.
-m address-mask Specify the IP-address-mask for ICMP address mask packets.
-P payload-file This will case nemesis-icmp to use the specified payload-file as the payload when injecting ICMP packets. For packets injected using the raw interface (where -d is not used), the maximum payload size is 65387 bytes. For packets injected using the link layer interface (where -d IS used), the maximum payload size is 1352 bytes. Payloads can also be read from stdin by specifying ’-P -’ instead of a payload file.

Windows systems are limited to a maximum payload size of 1352 bytes for ICMP packets.

-q ICMP-injection-mode Specify the ICMP-injection-mode to use when injecting. Valid modes are:

-qE (ICMP echo) 

-qM (ICMP address mask) 

-qU (ICMP unreachable) 

-qX (ICMP time exceeded) 

-qR (ICMP redirect) 

-qT (ICMP timestamp) 

Only one mode may be specified at a time.

-s ICMP-sequence-number Specify the ICMP-sequence-number within the ICMP header.
-v verbose-mode Display the injected packet in human readable form. Use twice to see a hexdump of the injected packet with printable ASCII characters on the right. Use three times for a hexdump without decoded ASCII.


-a ICMP-timestamp-request-reply-transmit-time Specify the ICMP-timestamp-request-reply-transmit-time (the time a reply to an ICMP timestamp request was transmitted) within the ICMP timestamp header.
-o ICMP-timestamp-request-transmit-time Specify the ICMP-timestamp-request-transmit-time (the time an ICMP timestamp request was transmitted) within the ICMP timestamp header.
-r ICMP-timestamp-request-reply-received-time Specify the ICMP-timestamp-request-reply-received-time (the time a reply to an ICMP timestamp request was received) within the ICMP timestamp header.


-b original-destination-IP-address Specify the original-destination-IP-address within an ICMP unreachable, redirect or time exceeded packet.
-B original-source-IP-address Specify the original-source-IP-address within an ICMP unreachable, redirect or time exceeded packet.
-f original-fragmentation-options Specify the original-IP-fragmentation-options within an ICMP unreachable, redirect or time exceeded packet. For more information reference the ’-F’ command line switch.
-j original-IP-TOS Specify the original-IP-type-of-service (TOS) within an ICMP unreachable, redirect or time exceeded packet.
-J original-IP-TTL Specify the original-IP-time-to-live (TTL) within an ICMP unreachable, redirect or time exceeded packet.
-l original-IP-options-file This will cause nemesis-icmp to use the specified original-IP-options-file as the options when building the original IP header for the injected ICMP unreachable, redirect or time exceeded packet. IP options can be up to 40 bytes in length. The IP options file must be created manually based upon the desired options. IP options can also be read from stdin by specifying ’-O -’ instead of an IP-options-file.
-p original-IP-protocol Specify the original-IP-protocol within an ICMP unrechable, redirect or time exceeded packet.


-D destination-IP-address Specify the destination-IP-address within the IP header.
-F fragmentation-options (-F[D],[M],[R],[offset]) Specify the fragmentation options:

-FD (don’t fragment) 

-FM (more fragments) 

-FR (reserved flag) 

-F <offset> 

within the IP header. IP fragmentation options can be specified individually or combined into a single argument to the -F command line switch by separating the options with commas (eg. ’-FD,M’) or spaces (eg. ’-FM 223’). The IP fragmentation offset is a 13-bit field with valid values from 0 to 8189. Don’t fragment (DF), more fragments (MF) and the reserved flag (RESERVED or RB) are 1-bit fields.

NOTE: Under normal conditions, the reserved flag is unset.

-I IP-ID Specify the IP-ID within the IP header.
-O IP-options-file This will cause nemesis-icmp to use the specified IP-options-file as the options when building the IP header for the injected packet. IP options can be up to 40 bytes in length. The IP options file must be created manually based upon the desired options. IP options can also be read from stdin by specifying ’-O -’ instead of an IP-options-file.
-S source-IP-address Specify the source-IP-address within the IP header.
-t IP-TOS Specify the IP-type-of-service (TOS) within the IP header. Valid type of service values:

2  (Minimize monetary cost)
4  (Maximize reliability)
8  (Maximize throughput)
24 (Minimize delay)

NOTE: Under normal conditions, only one type of service is set within a packet. To specify multiple types, specify the sum of the desired values as the type of service.

-T IP-TTL IP-time-to-live (TTL) within the IP header.


-d Ethernet-device Specify the name (for UNIX-like systems) or the number (for Windows systems) of the Ethernet-device to use (eg. fxp0, eth0, hme0, 1).
-H source-MAC-address Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).
-M destination-MAC-address Specify the destintion-MAC-address (XX:XX:XX:XX:XX:XX).
-Z list-network-interfaces Lists the available network interfaces by number for use in link-layer injection.

NOTE: This feature is only relevant to Windows systems.


Tools for creating TCP/IP packets

hping (http://www.hping.org/)

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features

Features include:
    * Firewall testing
    * Advanced port scanning
    * Network testing, using different protocols, TOS, fragmentation
    * Manual path MTU discovery
    * Advanced traceroute, under all the supported protocols
    * Remote OS fingerprinting
    * Remote uptime guessing
    * TCP/IP stacks auditing
    * hping can also be useful to students that are learning TCP/IP

Hping works on the following unix-like systems: Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MacOs X, Windows.

Nemesis (http://nemesis.sourceforge.net/)

Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.

Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.

Features include:
    * ARP/RARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP protocol support
    * Layer 2 or Layer 3 injection
    * Packet payload from file
    * IP and TCP options from file

Scapy (http://www.secdev.org/projects/scapy/)

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.

It can handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).

Features include:
    * Port Scanning
          o SYN Scan
          o Other TCP Scans
          o UDP Scans
          o IP Scan
    * Host Discovery
          o ARP Ping
          o ICMP Ping
          o TCP Ping
          o UDP Ping
    * OS Fingerprinting
          o ISN
          o nmap_fp
          o p0f
          o queso
    * Sniffer - includes powerful facilities for traffic capture and analysis
    * Wireless - can not only sniff and decode packets but also inject arbitrary packets
    * Traceroute - standard ICMP Traceroute can be emulated
    * Firewall/IDS Testing
          o TCP Timestamp Filtering
          o NAT Detection
          o Firewalking

Yersinia (http://www.yersinia.net)

Yersinia is a framework for performing layer 2 attacks.

It is designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

Features include:
    * Attacks for the following network protocols are supported
          o  Spanning Tree Protocol (STP)
          o Cisco Discovery Protocol (CDP)
          o Dynamic Trunking Protocol (DTP)
          o Dynamic Host Configuration Protocol (DHCP)
          o Hot Standby Router Protocol (HSRP)
          o 802.1q
          o 802.1x
          o Inter-Switch Link Protocol (ISL)
          o VLAN Trunking Protocol (VTP)

SendIP (http://www.earth.li/projectpurple/progs/sendip.html)

SendIP is a command-line tool to send arbitrary IP packets. It has a large number of options to specify the content of every header of a RIP, RIPng, BGP, TCP, UDP, ICMP, or raw IPv4/IPv6 packet. It also allows any data to be added to the packet. Checksums can be calculated automatically, but if you wish to send out wrong checksums, that is supported too.

packETH (http://packeth.sourceforge.net/)

packETH is a Linux GUI packet generator tool for ethernet. It allows you to create and send any possible packet or sequence of packets on the ethernet.

 * you can create and send any ethernet packet. Supported protocols:
      o ethernet II, ethernet 802.3, 802.1q, QinQ
      o ARP, IPv4, user defined network layer payload
      o UDP, TCP, ICMP, IGMP, user defined transport layer payload
      o RTP (payload with options to send sin wave of any frequency for G.711)
 * sending sequence of packets
      o delay between packets, number of packets to send
      o sending with max speed, approaching the teoretical boundary
      o change parameters while sending (change IP & mac address, UDP payload, 2 user defined bytes, etc.)
  * saving configuration to a file and load from it - pcap format supported

Mausezahn (http://www.perihel.at/sec/mz/)

Mausezahn is a fast traffic generator which allows you to send nearly every possible and impossible packet. Mausezahn can be used, for example, as a traffic generator to stress multicast networks, for penetration testing of firewalls and IDS, for simulating DoS attacks on networks, to find bugs in network software or appliances, for reconnaissance attacks using ping sweeps and port scans, or to test network behavior under strange circumstances. Mausezahn gives you full control over the network interface card and allows you to send any byte stream you want (even violating Ethernet rules).

Mausezahn can be used for example:
    * As traffic generator (e. g. to stress multicast networks)
    * To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
    * As didactical tool during a datacom lecture or for lab exercises
    * For penetration testing of firewalls and IDS
    * For DoS attacks on networks (for audit purposes of course)
    * To find bugs in network software or appliances
    * For reconnaissance attacks using ping sweeps and port scans
    * To test network behaviour under strange circumstances (stress test, malformed packets, ...)

...and more. Mausezahn is basically a versatile packet creation tool on the command line with a simple syntax and context help. It could also be used within (bash-) scripts to perform combination of tests. 

Trackback 5 Comment 0