'RIP'에 해당되는 글 2건

  1. 2009.12.01 PBR - 정책기반 라우팅 설정
  2. 2009.07.21 Nemesis - 패킷 생성 (arp,dns,ethernet,icmp,igmp,ip,ospf,rip,tcp,udp)
2009.12.01 09:22

PBR - 정책기반 라우팅 설정

PBR이란? Policy Based Routing
route-map을 이용하여 특정 조건에 해당하는 패킷을 라우팅 테이블과 상관없이 관리자가 원하는 곳으로 전송시키는 기능을 말한다. 
route-map에 해당되지 않는 패킷은 라우팅테이블에 따라 전송된다. PBR을 사용하면 패킷의 출발지 또는 목적지 주소에 따라 원하는 경로를 선택할 수 있기 때문에 경우에 따라 유용하다. 예를 들면 2개의 ISP를 신청중이라면 PBR사용해서 IP에 따라 ISP를 선택 사용할 수 있다.

1. PBR 설정
router(config)# access-list [엑세스리스트넘버] [permit | deny] [네트워크아이디] [외일드마스크]
 (PBR을 적용시킬 패킷을 엑세스리스트를 이용하여 지정)
router(config)# route-map [route-map이름] [permit | deny] [route-map 순서]
 (PBR에서 사용할 루트맵 생성)
router(config-route-map)# match ip address [엑세스리스트 넘버]
 (match 명령어를 사용하여 앞서 만든 엑세스리스트를 지정)
router(config-router-map)# set ip net-hop [route-list 정책이 맞을 경우 패킷을 전송할 아이피]
 (match명령어에 의해 지정된 패킷을 전송할 ip지정, 해당되는 패킷을 전송할 수도 드랍할 수도 있도록 설정 가능)
router(config-router-map)# exit
router(config)# interface [정책을 적용할 패킷이 들어오는 인터페이스]
 (패킷이 유입되는 인터페이스지정)
router(config-if)# ip policy route-map [route-map이름]
 (해당 인터페이스에 루트맵 설치) 

2. PBR 설정 실습
위 토폴로지는 eigrp로 구성되어 있다. 만약 PBR 정책을 적용하지 않는다면 R0에서 172.16.1.0을 패킷이 이동할 때,  R1을 지나 R3로 이동 할 것이다.
왜냐하면 eigrp는 기본적으로 비균등로드를 하지 않기 때문에 가장 빠른 경로를 선택하여 패킷을 전송한다.
        
그러나, route-map을 사용하여 PBR정책을 적용할 경우 라우팅테이블에 올라온 경로를 무시하고 정책대로 패킷의 경로를 지정 할 수 있는데 위 토폴로지에서는 192.168.1.0 /24 네트워크에서 유입되는 패킷을 R2를 경유해서 목적지 172.16.1.0 /24로 도착하게 정책을 설정 하였다.

1) PBR 정책 설정
R1(config)# access-list 1 permit 192.168.1.0 0.0.0.255
 (엑세스리스트를 사용하여 PBR에 적용시킬 리스트 1번을 만든다)
R1(config)# route-map psk permit 1   (첫번째 라우트맵을 psk란 이름으로 만듬)
R1(config-route-map)# match ip address 1    (엑세스리스트 1번이 유입될 경우.....
R1(config-route-map)# set ip next-hop 192.168.2.2                                           192.168.2.2 홉으로 보냄) 
R1(config-route-map)# exit
R1(config)# interface s1/0
R1(config-if)# ip policy route-map psk   (라우트맵 psk를 패킷이 유입되는 s1/0에 설치)

2) R1의 라우팅 테이블 

3) 192.168.1.0 /24 에서 172.16.1.0 /24로 패킷이 이동하는 결과
 
4) R1에서 debug ip policy 결과

3. PBR을 이용한 선택적인 메트릭 재분배
보통 다른 프로토콜사이에서 재분배를 하다보면 관리자가 직접 재분배로 인하여 외부도메인을 통해서 들어오는 패킷의 메트릭을 지정해야 한다.
그러나 관리자가직접 지정하는 메트릭은 실제로 서브넷마다 메트릭이 달라도 외부도메인에서 볼때 동일하게 적용되는 문제점을 가지고 있다.
그래서 PBR을 이용하여 조건을 지정해 서브넷 별로 메트릭을 다르게 설정할 수 있는데 방법은 다음과 같다.

(2. 번의) 일반적인 PBR설정에서는 유입되는 패킷(인터페이스에 적용설정)에 라우트맵을 적용하는 반면, 재분배에 적용시에는 라우터 설정모드에서 재분배 명령에 첨부하여 적용설정 한다.

    1) 정책설정 (인터페이스 주소 설정 제외)
      R2(config)# access-list 10 permit 199.172.0.0 0.0.2.255
      R2(config)# route-map ripospf permit 1
      R2(config-route-map)# match ip add 10
      R2(config-route-map)# set metric 100
      R2(config-route-map)# set metric-type type-1
      R2(config-route-map)# exit
      R2(config)# route-map ripospf permit 2
      R2(config)# router rip
      R2(config-route)# net 199.172.2.2
      R2(config-route)# net 199.172.1.2
      R2(config-route)# exit
      R2(config)# router ospf 1
      R2(config-route)# net 192.168.1.0 0.0.0.255 area 0
      R2(config-route)# re rip subnets route-map ripospf
      R2(config-route)# exit

      2) R3 (ospf라우터) 라우팅테이블 확인
      
      - R2 (재분배 라우터의 route-map 설정 확인)


1. R2에서 출발지 주소가 1.1.1.1 이고 목적지 주소가 1.1.4.4 인 패킷은 R2에서 S1/0.23 으로 전송하게 하자.
   (원래는 S1/0.32 로만 가게 되어있다. why? S1/0.32 가 bandwidth = 2Mbps 로 더 좋은 회선이기 때문에)

R2#debug ip policy
R2#conf t
R2(config)#ip access-list extended R1=>R4
R2(config-ext-nacl)#permit ip host 1.1.1.1 host 1.1.4.4
R2(config-ext-nacl)#exit
R2(config)#route-map P-R1=>R4
R2(config-route-map)#mat ip add R1=>R4
R2(config-route-map)#set ip next-hop 1.1.23.3
R2(config-route-map)#int s1/0.12
R2(config-subif)#ip policy route-map P-R1=>R4
R2(config-subif)#end
R2#
*Mar  1 00:11:53.759: PR-RP: Set Serial1/0.12 policy_routemap=P-R1=>R4; cached_map=P-R1=>R4
*Mar  1 00:11:53.767: PR-RP: Set Serial1/0.12 policy_routemap=P-R1=>R4; cached_map=P-R1=>R4
*Mar  1 00:12:07.983: IP: s=1.1.1.1 (Serial1/0.12), d=1.1.4.4, len 100, FIB policy match
*Mar  1 00:12:07.983: IP: s=1.1.1.1 (Serial1/0.12), d=1.1.4.4, g=1.1.23.3, len 100, FIB policy routed

2. 일반라우팅을 우선 하고 라우팅테이블 경로가 없을때 PBR 적용하게 하기

R2(config)#route-map P1-R1=>R4
R2(config-route-map)#mat ip add R1=>R4
R2(config-route-map)#set ip default next-hop 1.1.23.3

@@@ R1#ping 1.1.4.4 so 1.1.1.1 re 2 @@@

R2(config-subif)#
*Mar  1 00:21:30.919: IP: s=1.1.1.1 (Serial1/0.12), d=1.1.4.4, len 100, FIB policy match
*Mar  1 00:21:30.919: IP: s=1.1.1.1 (Serial1/0.12), d=1.1.4.4, len 100, FIB policy rejected(explicit route) - normal forwarding

R2(config)#ip prefix-list BAN-R4 deny 1.1.4.0/24
R2(config)#ip prefix-list BAN-R4 permit 0.0.0.0/0 le 32
R2(config)#
R2(config)#router ospf 1
R2(config-router)#distribute-list prefix BAN-R4 in s1/0.23
R2(config-router)#distribute-list prefix BAN-R4 in s1/0.32
R2(config-router)#do sh ip ro ospf
     1.0.0.0/24 is subnetted, 7 subnets
O       1.1.1.0 [110/65] via 1.1.12.1, 00:00:09, Serial1/0.12
O       1.1.3.0 [110/51] via 1.1.32.3, 00:00:09, Serial1/0.32
O       1.1.34.0 [110/114] via 1.1.32.3, 00:00:09, Serial1/0.32

@@@ R1#ping 1.1.4.4 so 1.1.1.1 re 2 @@@

R2(config-router)#
*Mar  1 00:23:21.759: IP: s=1.1.1.1 (Serial1/0.12), d=1.1.4.4, len 100, FIB policy match
*Mar  1 00:23:21.759: IP: s=1.1.1.1 (Serial1/0.12), d=1.1.4.4, g=1.1.23.3, len 100, FIB policy routed

3. PBR 부하분산

R4(config)#int lo 2
R4(config-if)#ip add 2.2.4.4 255.255.255.0
R4(config-if)#ip os ne point-to-p
R4(config-if)#router os 1
R4(config-router)#net 2.2.4.4 0.0.0.0 ar 0

R2(config)#ip access-list extended R1=>R4-2
R2(config-ext-nacl)#permit ip host 1.1.1.1 host 2.2.4.4
R2(config-ext-nacl)#exit
R2(config)#route-map P-LB
R2(config-route-map)#mat ip add R1=>R4
R2(config-route-map)#set ip next-hop 1.1.23.3
R2(config-route-map)#exit
R2(config)#route-map P-LB 20      
R2(config-route-map)#mat ip add R1=>R4-2    
R2(config-route-map)#set ip next-hop 1.1.32.3
R2(config-route-map)#exit
R2(config)#
R2(config)#int s1/0.12
R2(config-subif)#ip policy route-map P-LB

R1#p 1.1.4.4 so lo 0 re 1
*Mar  1 00:32:54.867: IP: s=1.1.1.1 (Serial1/0.12), d=1.1.4.4, len 100, FIB policy match
*Mar  1 00:32:54.867: IP: s=1.1.1.1 (Serial1/0.12), d=1.1.4.4, g=1.1.23.3, len 100, FIB policy routed

R1#p 2.2.4.4 so lo 0 re 1
*Mar  1 00:33:04.675: IP: s=1.1.1.1 (Serial1/0.12), d=2.2.4.4, len 100, FIB policy match
*Mar  1 00:33:04.675: IP: s=1.1.1.1 (Serial1/0.12), d=2.2.4.4, g=1.1.32.3, len 100, FIB policy


출처 : http://light99.egloos.com


Trackback 0 Comment 0
2009.07.21 11:58

Nemesis - 패킷 생성 (arp,dns,ethernet,icmp,igmp,ip,ospf,rip,tcp,udp)

Nemesis packet injection utility

"Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s), etc." - Curt Wilson in Global Incident Analysis Center Detects Report (SANS Institute - Nov 2000)

What is Nemesis?

Nemesis is a command-line network packet injection utility for UNIX-like and Windows systems. You might think of it as an EZ-bake packet oven or a manually controlled IP stack. With Nemesis, it is possible to generate and transmit packets from the command line or from within a shell script. Nemesis is developed and maintained by Jeff Nathan <jeff at snort dot org>.

News

[Jun 29 2003]
Nemesis 1.4beta3 Build 22 is the most functional version of Nemesis to date. Problems in the Windows version of Nemesis have been fixed by fixing
LibnetNT.

[Feb 17 2003]
New in Build 18 is the -Z command line switch for the Windows version of Nemesis. The -Z command line switch will list the available network interfaces for use in link-layer injection.

[Feb 12 2003]
A
Windows version of Nemesis is now available. Please test it out and see how well it compares to the version for UNIX-like systems.

[Feb 3 2003]
After a year and a half in hiatus, a new version of Nemesis is nearly complete. The current codebase has been almost entirely rewritten and all that remains before a full release of 1.4 is to complete the updates to the RIP protocol injector and to rewrite the OSPF injector. Rather than make users wait any longer, these beta versions available in the meantime.

Nemesis for UNIX-like systems

latest version: nemesis-1.4beta3.tar.gz Build 22 (ChangeLog) (CHECKSUM) [Jun 29 2003]
supported protocols: ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP
supported platforms: *BSD(i), Linux, [Trusted] Solaris, Mac OS X

Requirements

Nemesis for Windows systems

latest version: nemesis-1.4beta3.zip Build 22 (ChangeLog) (CHECKSUM) [Jun 29 2003]
supported protocols: ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP
supported platforms: Windows 9x, Windows NT, Windows 2000, Windows XP

Requirements

Screenshots

Examples

  • nemesis tcp -v -S 192.168.1.1 -D 192.168.2.2 -fSA -y 22 -P foo

    Send TCP packet (SYN/ACK) with payload from file 'foo' to target's ssh port from 192.168.1.1 to 192.168.2.2. (-v allows a stdout visual of current injected packet)

  • nemesis udp -v -S 10.11.12.13 -D 10.1.1.2 -x 11111 -y 53 -P bindpkt

    send UDP packet from 10.11.12.13:11111 to 10.1.1.2's name-service port with a payload read from a file 'bindpkt'. (again -v is used in order to see confirmation of our injected packet)

  • nemesis icmp -S 10.10.10.3 -D 10.10.10.1 -G 10.10.10.3 -qR

    send ICMP REDIRECT (network) packet from 10.10.10.3 to 10.10.10.1 with preferred gateway as source address. Here we want no output to go to stdout - which would be ideal as a component in a batch job via a shell script.

  • nemesis arp -v -d ne0 -H 0:1:2:3:4:5 -S 10.11.30.5 -D 10.10.15.1

    send ARP packet through device 'ne0' (eg. my OpenBSD pcmcia nic) from hardware source address 00:01:02:03:04:05 with IP source address 10.11.30.5 to destination IP address 10.10.15.1 with broadcast destination hardware address. In other words, who-has the mac address of 10.10.15.1, tell 10.11.30.5 - assuming 00:01:02:03:04:05 is the source mac address of our 'ne0' device.

http://www.packetfactory.net/projects/nemesis/

NAME

nemesis-icmp - ICMP Protocol (The Nemesis Project)

SYNOPSIS

nemesis-icmp [-vZ?] [-a ICMP-timestamp-request-reply-transmit-time ] [-b original-destination-IP-address ] [-B original-source-IP-address ] [-c ICMP-code ] [-d Ethernet-device ] [-D destination-IP-address ] [-e ICMP-ID ] [-f original-IP-fragmentation ] [-F fragmentation-options ] [-G preferred-gateway ] [-H source-MAC-address ] [-i ICMP-type ] [-I IP-ID ] [-j original-IP-TOS ] [-J original-IP-TTL ] [-l original-IP-options-file ] [-m ICMP-mask ] [-M destination-MAC-address ] [-o ICMP-timestamp-request-transmit-time ] [-O IP-options-file ] [-p original-IP-protocol ] [-P payload-file ] [-q ICMP-injection-mode ] [-r ICMP-timestamp-request-reply-received-time ] [-S source-IP-address ] [-t IP-TOS ] [-T IP-TTL ]

DESCRIPTION

The Nemesis Project is designed to be a command line-based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts.

nemesis-icmp provides an interface to craft and inject ICMP packets allowing the user to specify any portion of an ICMP packet as well as lower-level IP packet information.

ICMP Options

-c ICMP-type Specify the ICMP-code within the ICMP header.
-e ICMP-ID Specify the ICMP-ID within the ICMP header.
-G preferred-gateway Specify the preferred-gateway-IP-address for ICMP redirect injection.
-i ICMP-type Specify the ICMP-type within the ICMP header.
-m address-mask Specify the IP-address-mask for ICMP address mask packets.
-P payload-file This will case nemesis-icmp to use the specified payload-file as the payload when injecting ICMP packets. For packets injected using the raw interface (where -d is not used), the maximum payload size is 65387 bytes. For packets injected using the link layer interface (where -d IS used), the maximum payload size is 1352 bytes. Payloads can also be read from stdin by specifying ’-P -’ instead of a payload file.

Windows systems are limited to a maximum payload size of 1352 bytes for ICMP packets.

-q ICMP-injection-mode Specify the ICMP-injection-mode to use when injecting. Valid modes are:


-qE (ICMP echo) 

-qM (ICMP address mask) 

-qU (ICMP unreachable) 

-qX (ICMP time exceeded) 

-qR (ICMP redirect) 

-qT (ICMP timestamp) 

Only one mode may be specified at a time.

-s ICMP-sequence-number Specify the ICMP-sequence-number within the ICMP header.
-v verbose-mode Display the injected packet in human readable form. Use twice to see a hexdump of the injected packet with printable ASCII characters on the right. Use three times for a hexdump without decoded ASCII.

ICMP TIMESTAMP OPTIONS

-a ICMP-timestamp-request-reply-transmit-time Specify the ICMP-timestamp-request-reply-transmit-time (the time a reply to an ICMP timestamp request was transmitted) within the ICMP timestamp header.
-o ICMP-timestamp-request-transmit-time Specify the ICMP-timestamp-request-transmit-time (the time an ICMP timestamp request was transmitted) within the ICMP timestamp header.
-r ICMP-timestamp-request-reply-received-time Specify the ICMP-timestamp-request-reply-received-time (the time a reply to an ICMP timestamp request was received) within the ICMP timestamp header.

ICMP ORIGINAL DATAGRAM OPTIONS

-b original-destination-IP-address Specify the original-destination-IP-address within an ICMP unreachable, redirect or time exceeded packet.
-B original-source-IP-address Specify the original-source-IP-address within an ICMP unreachable, redirect or time exceeded packet.
-f original-fragmentation-options Specify the original-IP-fragmentation-options within an ICMP unreachable, redirect or time exceeded packet. For more information reference the ’-F’ command line switch.
-j original-IP-TOS Specify the original-IP-type-of-service (TOS) within an ICMP unreachable, redirect or time exceeded packet.
-J original-IP-TTL Specify the original-IP-time-to-live (TTL) within an ICMP unreachable, redirect or time exceeded packet.
-l original-IP-options-file This will cause nemesis-icmp to use the specified original-IP-options-file as the options when building the original IP header for the injected ICMP unreachable, redirect or time exceeded packet. IP options can be up to 40 bytes in length. The IP options file must be created manually based upon the desired options. IP options can also be read from stdin by specifying ’-O -’ instead of an IP-options-file.
-p original-IP-protocol Specify the original-IP-protocol within an ICMP unrechable, redirect or time exceeded packet.

IP OPTIONS

-D destination-IP-address Specify the destination-IP-address within the IP header.
-F fragmentation-options (-F[D],[M],[R],[offset]) Specify the fragmentation options:


-FD (don’t fragment) 

-FM (more fragments) 

-FR (reserved flag) 

-F <offset> 

within the IP header. IP fragmentation options can be specified individually or combined into a single argument to the -F command line switch by separating the options with commas (eg. ’-FD,M’) or spaces (eg. ’-FM 223’). The IP fragmentation offset is a 13-bit field with valid values from 0 to 8189. Don’t fragment (DF), more fragments (MF) and the reserved flag (RESERVED or RB) are 1-bit fields.

NOTE: Under normal conditions, the reserved flag is unset.

-I IP-ID Specify the IP-ID within the IP header.
-O IP-options-file This will cause nemesis-icmp to use the specified IP-options-file as the options when building the IP header for the injected packet. IP options can be up to 40 bytes in length. The IP options file must be created manually based upon the desired options. IP options can also be read from stdin by specifying ’-O -’ instead of an IP-options-file.
-S source-IP-address Specify the source-IP-address within the IP header.
-t IP-TOS Specify the IP-type-of-service (TOS) within the IP header. Valid type of service values:

2  (Minimize monetary cost)
4  (Maximize reliability)
8  (Maximize throughput)
24 (Minimize delay)

NOTE: Under normal conditions, only one type of service is set within a packet. To specify multiple types, specify the sum of the desired values as the type of service.

-T IP-TTL IP-time-to-live (TTL) within the IP header.

DATA LINK OPTIONS

-d Ethernet-device Specify the name (for UNIX-like systems) or the number (for Windows systems) of the Ethernet-device to use (eg. fxp0, eth0, hme0, 1).
-H source-MAC-address Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).
-M destination-MAC-address Specify the destintion-MAC-address (XX:XX:XX:XX:XX:XX).
-Z list-network-interfaces Lists the available network interfaces by number for use in link-layer injection.

NOTE: This feature is only relevant to Windows systems.

 


Tools for creating TCP/IP packets

hping (http://www.hping.org/)

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features

Features include:
    * Firewall testing
    * Advanced port scanning
    * Network testing, using different protocols, TOS, fragmentation
    * Manual path MTU discovery
    * Advanced traceroute, under all the supported protocols
    * Remote OS fingerprinting
    * Remote uptime guessing
    * TCP/IP stacks auditing
    * hping can also be useful to students that are learning TCP/IP

Hping works on the following unix-like systems: Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MacOs X, Windows.

Nemesis (http://nemesis.sourceforge.net/)

Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.

Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.

Features include:
    * ARP/RARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP protocol support
    * Layer 2 or Layer 3 injection
    * Packet payload from file
    * IP and TCP options from file

Scapy (http://www.secdev.org/projects/scapy/)

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more.

It can handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).

Features include:
    * Port Scanning
          o SYN Scan
          o Other TCP Scans
          o UDP Scans
          o IP Scan
    * Host Discovery
          o ARP Ping
          o ICMP Ping
          o TCP Ping
          o UDP Ping
    * OS Fingerprinting
          o ISN
          o nmap_fp
          o p0f
          o queso
    * Sniffer - includes powerful facilities for traffic capture and analysis
    * Wireless - can not only sniff and decode packets but also inject arbitrary packets
    * Traceroute - standard ICMP Traceroute can be emulated
    * Firewall/IDS Testing
          o TCP Timestamp Filtering
          o NAT Detection
          o Firewalking

Yersinia (http://www.yersinia.net)

Yersinia is a framework for performing layer 2 attacks.

It is designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

Features include:
    * Attacks for the following network protocols are supported
          o  Spanning Tree Protocol (STP)
          o Cisco Discovery Protocol (CDP)
          o Dynamic Trunking Protocol (DTP)
          o Dynamic Host Configuration Protocol (DHCP)
          o Hot Standby Router Protocol (HSRP)
          o 802.1q
          o 802.1x
          o Inter-Switch Link Protocol (ISL)
          o VLAN Trunking Protocol (VTP)

SendIP (http://www.earth.li/projectpurple/progs/sendip.html)

SendIP is a command-line tool to send arbitrary IP packets. It has a large number of options to specify the content of every header of a RIP, RIPng, BGP, TCP, UDP, ICMP, or raw IPv4/IPv6 packet. It also allows any data to be added to the packet. Checksums can be calculated automatically, but if you wish to send out wrong checksums, that is supported too.

packETH (http://packeth.sourceforge.net/)

packETH is a Linux GUI packet generator tool for ethernet. It allows you to create and send any possible packet or sequence of packets on the ethernet.

Features:
 * you can create and send any ethernet packet. Supported protocols:
      o ethernet II, ethernet 802.3, 802.1q, QinQ
      o ARP, IPv4, user defined network layer payload
      o UDP, TCP, ICMP, IGMP, user defined transport layer payload
      o RTP (payload with options to send sin wave of any frequency for G.711)
 * sending sequence of packets
      o delay between packets, number of packets to send
      o sending with max speed, approaching the teoretical boundary
      o change parameters while sending (change IP & mac address, UDP payload, 2 user defined bytes, etc.)
  * saving configuration to a file and load from it - pcap format supported

Mausezahn (http://www.perihel.at/sec/mz/)

Mausezahn is a fast traffic generator which allows you to send nearly every possible and impossible packet. Mausezahn can be used, for example, as a traffic generator to stress multicast networks, for penetration testing of firewalls and IDS, for simulating DoS attacks on networks, to find bugs in network software or appliances, for reconnaissance attacks using ping sweeps and port scans, or to test network behavior under strange circumstances. Mausezahn gives you full control over the network interface card and allows you to send any byte stream you want (even violating Ethernet rules).

Mausezahn can be used for example:
    * As traffic generator (e. g. to stress multicast networks)
    * To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
    * As didactical tool during a datacom lecture or for lab exercises
    * For penetration testing of firewalls and IDS
    * For DoS attacks on networks (for audit purposes of course)
    * To find bugs in network software or appliances
    * For reconnaissance attacks using ping sweeps and port scans
    * To test network behaviour under strange circumstances (stress test, malformed packets, ...)

...and more. Mausezahn is basically a versatile packet creation tool on the command line with a simple syntax and context help. It could also be used within (bash-) scripts to perform combination of tests. 


Trackback 5 Comment 0