Free fix packet loss software for linux

RADIUS::Packet is an object-oriented Perl interface to RADIUS packets.

SYNOPSIS

use RADIUS::Packet;
use RADIUS::Dictionary;

my $d = new RADIUS::Dictionary "/etc/radius/dictionary";

my $p = new RADIUS::Packet $d, $data;
$p->dump;

if ($p->attr(User-Name eq "lwall") {
my $resp = new RADIUS::Packet $d;
$resp->set_code(Access-Accept);
$resp->set_identifier($p->identifier);
$resp->set_authenticator($p->authenticator);
$resp->set_attr(Reply-Message) = "Welcome, Larry!rn";
my $respdat = auth_resp($resp->pack, "mysecret");
...

RADIUS (RFC2138) specifies a binary packet format which contains various values and attributes. RADIUS::Packet provides an interface to turn RADIUS packets into Perl data structures and vice-versa.

RADIUS::Packet does not provide functions for obtaining RADIUS packets from the network. A simple network RADIUS server is provided as an example at the end of this document. Also, a RADIUS::Server module is under development which will simplify the interface.

Packit (Packet toolkit) is a network auditing tool. Its value is derived from its ability to customize, inject, monitor, and manipulate IP traffic.
By allowing you to define (spoof) nearly all TCP, ICMP, IP, ARP, UDP, RARP, and Ethernet header options, Packit can be useful in testing firewalls, intrusion detection/prevention systems, port scanning, simulating network traffic, and general TCP/IP auditing. Packit is also an excellent tool for learning TCP/IP.
Packit 1.0 requires libnet 1.1.2 or greater as well as libpcap. It has been successfully compiled and tested to run on FreeBSD, NetBSD, OpenBSD, MacOS X and Linux.
Due to shifting priorities, this project is now in maintenance mode. If you find a bug, either submit a patch or email me the details. Ill do my best to put out fix in a reasonable amount of time.
Enhancements:
Injection:
- Bugfix NULL bytes in the payload (patch contributed by: Jason Copenhaver)
General:
- Updates to several build routines to support libnet 1.1.2+

Packet filtering setup script by Anthony C. Zboralski. Adapted by Didi Damian for iptables version 1.0.0

Sample:

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# Set up variables
EXT_IF="eth0"
INT_IF="eth1"
EXT_IP=24.x.x.x/32
INT_IP=192.168.0.1/32
EXT_NET=24.x.x.0/24
INT_NET=192.168.0.0/24
MASQ_NETS="192.168.0.0/24"
LOCAL_ADDRS="127.0.0.0/8 192.168.0.1/32 24.x.x.x/32"
MAIL_RELAY=24.x.x.x/32
SMB_ACCESS="192.168.0.2/32"
SMB_BCAST="192.168.0.255/32"

# Turn on IP forwarding
echo Turning on IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward

# Load the ip_tables module
echo Loading ip_tables module.
/sbin/modprobe ip_tables || exit 1
# I let the kernel dynamically load the other modules

echo Flush standard tables.
iptables --flush INPUT
iptables --flush OUTPUT
iptables --flush FORWARD
echo Deny everything until firewall setup is completed.
iptables --policy INPUT DROP
iptables --policy OUTPUT DROP
iptables --policy FORWARD DROP

CHAINS=`iptables -n -L |perl -n -e /Chains+(S+)/ && !($1 =~ /^(INPUT|FORWARD|OUTPUT)$/) && print "$1 "`
echo Remove remaining chains:
echo $CHAINS
for chain in $CHAINS; do
iptables --flush $chain
done
# 2nd step cause of dependencies
for chain in $CHAINS; do
iptables --delete-chain $chain
done

for net in $MASQ_NETS; do
# I delete all the rules so you can rerun the scripts without bloating
# your nat entries.
iptables -D POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE 2>/dev/null
iptables -A POSTROUTING -t nat -s $MASQ_NETS -j MASQUERADE || exit 1
done
iptables --policy FORWARD ACCEPT

# Create a target for logging and dropping packets
iptables --new LDROP 2>/dev/null
iptables -A LDROP --proto tcp -j LOG --log-level info
--log-prefix "TCP Drop "
iptables -A LDROP --proto udp -j LOG --log-level info
--log-prefix "UDP Drop "
iptables -A LDROP --proto icmp -j LOG --log-level info
--log-prefix "ICMP Drop "
iptables -A LDROP --proto gre -j LOG --log-level info
--log-prefix "GRE Drop "

iptables -A LDROP -f -j LOG --log-level emerg
--log-prefix "FRAG Drop "
iptables -A LDROP -j DROP

# Create a table for watching some accepting rules
iptables --new WATCH 2>/dev/null
iptables -A WATCH -m limit -j LOG --log-level warn --log-prefix "ACCEPT "
iptables -A WATCH -j ACCEPT


echo Special target for local addresses:
iptables --new LOCAL 2>/dev/null
echo $LOCAL_ADDRS
for ip in $LOCAL_ADDRS; do
iptables -A INPUT --dst $ip -j LOCAL
# iptables -A INPUT --src $ip -i ! lo -j LDROP # lame spoof protect
done
echo Authorize mail from mail relay.
iptables -A LOCAL --proto tcp --syn --src $MAIL_RELAY --dst $EXT_IP --dport 25 -j ACCEPT


echo Authorizing samba access to:
echo $SMB_ACCESS
iptables --new SMB 2>/dev/null
for ip in $SMB_ACCESS; do
iptables -A SMB -s $ip -j ACCEPT
done
iptables -A LOCAL --proto udp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 135:139 -j SMB
iptables -A LOCAL --proto tcp -i ! $EXT_IF --dport 445 -j SMB
iptables -A INPUT -i ! $EXT_IF --dst $SMB_BCAST -j ACCEPT #lame samba broadcast

echo Drop and log every other incoming tcp connection attempts.
iptables -A LOCAL -i ! lo --proto tcp --syn --j LDROP

echo Authorize dns access for local nets.
for net in $MASQ_NETS 127.0.0.0/8; do
iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done


echo Enforcing up ICMP policies, use iptables -L ICMP to check.
# If you deny all ICMP messages you head for trouble since it would
# break lots of tcp/ip algorythm (acz)
iptables --new ICMP 2>/dev/null
iptables -A INPUT --proto icmp -j ICMP
iptables -A ICMP -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A ICMP -p icmp --icmp-type destination-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type protocol-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type port-unreachable -j ACCEPT
iptables -A ICMP -p icmp --icmp-type fragmentation-needed -j LDROP
iptables -A ICMP -p icmp --icmp-type source-route-failed -j WATCH
iptables -A ICMP -p icmp --icmp-type network-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type host-unknown -j WATCH
iptables -A ICMP -p icmp --icmp-type network-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-network-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type TOS-host-unreachable -j WATCH
iptables -A ICMP -p icmp --icmp-type communication-prohibited -j WATCH
iptables -A ICMP -p icmp --icmp-type host-precedence-violation -j LDROP
iptables -A ICMP -p icmp --icmp-type precedence-cutoff -j LDROP
iptables -A ICMP -p icmp --icmp-type source-quench -j LDROP
iptables -A ICMP -p icmp --icmp-type redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-network-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type TOS-host-redirect -j LDROP
iptables -A ICMP -p icmp --icmp-type echo-request -j WATCH
iptables -A ICMP -p icmp --icmp-type router-advertisement -j LDROP
iptables -A ICMP -p icmp --icmp-type router-solicitation -j LDROP
iptables -A ICMP -p icmp --icmp-type time-exceeded -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-transit -j WATCH
iptables -A ICMP -p icmp --icmp-type ttl-zero-during-reassembly -j WATCH
iptables -A ICMP -p icmp --icmp-type parameter-problem -j WATCH
iptables -A ICMP -p icmp --icmp-type ip-header-bad -j WATCH
iptables -A ICMP -p icmp --icmp-type required-option-missing -j WATCH
iptables -A ICMP -p icmp --icmp-type timestamp-request -j LDROP
iptables -A ICMP -p icmp --icmp-type timestamp-reply -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-request -j LDROP
iptables -A ICMP -p icmp --icmp-type address-mask-reply -j LDROP
iptables -A ICMP -p icmp -j LDROP

echo Authorize tcp traffic.
iptables -A INPUT --proto tcp -j ACCEPT

echo Authorize packet output.
iptables --policy OUTPUT ACCEPT

#echo reject ident if you drop em you gotta wait for timeout
#iptables -I LOCAL --proto tcp --syn --dst $EXT_IP --dport 113 -j REJECT

echo Drop and log all udp below 1024.
iptables -A INPUT -i ! lo --proto udp --dport :1023 -j LDROP

echo Drop rpc dynamic udp port:
RPC_UDP=`rpcinfo -p localhost|perl -n -e /.*udps+(d+)s+/ && print $1,"n"|sort -u`
echo $RPC_UDP
for port in $RPC_UDP; do
iptables -A LOCAL -i ! lo --proto udp --dport $port -j LDROP
done

echo Authorize udp above 1024.
iptables -A INPUT --proto udp --dport 1024: -j ACCEPT

Packet Excalibur is a multi-platform graphical and scriptable network packet engine with extensible text-based protocol descriptions. It is a network tool designed to build and receive custom packets from network.

Pen testing firewalls, routers, or any network enable equipment. Validating your custom built protocols without the burden of writting lines of code. Teaching yourself how protocols works and articulates around each other.

Download the install package (PacketExcalibur_*.*_linux_tgz)

Unzip and untar the archive, run "make" in the "PacketExcalibur_*/main" directory,
- binaries are installed in /usr/sbin
- support packages are installed in /var/cache/excalibur
- preference file is created in the user home directory

SYNOPSIS

use NetPacket::IP;

$ip_obj = NetPacket::IP->decode($raw_pkt);
$ip_pkt = NetPacket::IP->encode($ip_obj);
$ip_data = NetPacket::IP::strip($raw_pkt);

NetPacket::IP provides a set of routines for assembling and disassembling packets using IP (Internet Protocol).

Methods

NetPacket::IP->decode([RAW PACKET])

Decode the raw packet data given and return an object containing instance data. This method will quite happily decode garbage input. It is the responsibility of the programmer to ensure valid packet data is passed to this method.

NetPacket::IP->encode()

Return an IP packet encoded with the instance data specified. This will infer the total length of the packet automatically from the payload lenth and also adjust the checksum.

Functions

NetPacket::IP::strip([RAW PACKET])

Return the encapsulated data (or payload) contained in the IP packet. This data is suitable to be used as input for other NetPacket::* modules.

This function is equivalent to creating an object using the decode() constructor and returning the data field of that object.

Instance data

The instance data for the NetPacket::IP object consists of the following fields.

ver

The IP version number of this packet.

hlen

The IP header length of this packet.

flags

The IP header flags for this packet.

foffset

The IP fragment offset for this packet.

tos

The type-of-service for this IP packet.

len

The length (including length of header) in bytes for this packet.

id

The identification (sequence) number for this IP packet.

ttl

The time-to-live value for this packet.

proto

The IP protocol number for this packet.

cksum

The IP checksum value for this packet.

src_ip

The source IP address for this packet in dotted-quad notation.

dest_ip

The destination IP address for this packet in dotted-quad notation.

options

Any IP options for this packet.

data

The encapsulated data (payload) for this IP packet.

Packet Garden is a project that allows you to grow a world from network traffic.

Packet Garden captures information about how you use the internet and uses this stored information to grow a private world you can later explore.

To do this, Packet Garden takes note of all the servers you visit, their geographical location and the kinds of data you access.

Uploads make hills and downloads valleys, their location determined by numbers taken from internet address itself.

The size of each hill or valley is based on how much data is sent or received.

Plants are also grown for each protocol detected by the software; if you visit a website, an HTTP plant is grown. If you share some files via eMule, a Peer to Peer plant is grown, and so on.

Wolfpack project is a server-side Ultima Online MMORPG software.
Wolfpack is software for an Ultima Online MMORPG server. Gameplay is scripted using Python and XML. You need EAs Ultima Online to play on Wolfpack servers.
The Wolfpack project is an effort to develop and maintain an open-source Ultima Online server that is secure, stable and extensible, providing users with the ability to create their own unique shards.
Enhancements:
- ixed meditation skillcheck in mana regeneration code.
- Changed GM talk color.
- Implemented the onCheckVictim event.
- Implemented the onDoDamage event.
- Stablemasters now remove the stabled pets from the follower list.
- Corpses now decay in multis too.
- Implemented a walktest command for testing walking.
- Fixed several other walking bugs.
- Implemented onRemoteUse for checking if an object that is in the belonging
- of another char may be used. First called for the using char, then for the
- owner of the object.
- Implemented onSnooping that is called for the owner and for the player trying to
- open a container.
- Fixed shop restock.
- Fixed bug #0000364. (Vendors not selling items they bought)
- Rewrote the vendor buy handler code.
- Improved the configure script:
- Translations are disabled by default now.
- Cleaner output.
- Fixed a bug with MySQL library reporting.
- The SectorMaps singleton has been renamed to MapObjects.
- The deprecated RegionIterators have been removed.
- The SectorIterators have also been replaced with a much faster iterator.
- The new iterators dont allocate/copy memory anymore.
- The "range" lookup now looks for items within a real circle.
- Multis now have their own structure, and are now separate from items.
- Region calls now list online and offline chars in sperate lists.
- Implemented player collision stamina loss in Felucca.
- Fixed lightlevel calculation.
- Fixed the pythonscript* integer conversion warnings by using size_t instead.
- Fixed adding items to the MapObjects.
- Fixed a bug in the new ContainerCopyIterator.
- Fixed movement not correctly being sent to other characters.
- Fixed Multi Update range.
- Added .reload muls and added a broadcast message to the reload commands.
- Fixed handling of a fixed z value for spawnregions.
- Fixed an exploit (dropping without dragging first)
- Changed the semantics of onLogin/onLogout (character entering/leaving the world).
- Added onConnect/onDisconnect (socket attaching/detaching to/from a player).
- Its no longer possible to login with a char if another char in
- the same account is still online.
- Fixed a bug that would cause onLogout not to be called.
- A skill of 100% or more in Spirit Speaking now allows you to talk
- freely as a ghost and hear everything dead players have to say.
- All geometrical bodies for spawnregions now support the except="true"
- tag that makes the rectangle, circle or point not be included in finding
- a random position within the region.
- Fix with spawnregion data. UShort != UInt
- Added socket.denymove to send packets to deny movement
- Fixed a crashbug with invalid function names passed to .addtimer()
- Added the ability to make yourself visible to other players.
- Guildbutton now triggers onGuildButton(player) python event.
- Fixed bug #0000376. (Stablemasters dont take money from the bank)
- Added "Refresh Characters Maximum Values" setting. Setting this to "false"
- will disable the automatic recalculation of Maxhitpoints/Maxmana/Maxstamina.
- Added a warning in the console if translation file could not be found.
- Fixed monsters not attacking players pets.
- Fixed bug #0000363. (Pets dont attack a target if its already fighting)
- More tag documentation in the code.
- Definition Tag Cleanups.
- Using skills no longer unhides by default, unhide moved to python.
- Fixed a nasty bug in the map sector code which caused objects not
- to be in the map objects when moved between maps.
- Fixed a walking bug that caused monsters to walk trough certain objects.
- type="3" in bodyinfo.xml is now correctly interpreted by the core.
- Exploit bugfix for locked containers.
- The status only shows the gold directly in your backpack now. (performance issues)
- Added bladespirit and energyvortex ai.
- Fixed a vision range bug with walking.
- Fixed many compiler warnings for GCC 3.4 versions, and general warnings.
- Updated SQLite to 2.8.15 and defaulted SQLite to encode data with UTF-8.
- Added a new feature to random:
- This will select a random value from a random list.
- Added new features to container items (made list work as well):
-
- Disabled verdata.mul support as this is no longer included in the latest
- releases of Ultima Online. Note: Commented out the source code only.
- Implemented an onSelectAbility event for the weapon special moves.
- Corrected the NINJITSU and BUSHIDO skill ids.
- Small cleanup to wolfpack.xml: Database options follow the same option
- names are are given in account options.
- Implemented a "karmalock" property to player objects. If its True, the player will not
- gain any positive karma anymore.
- Added Commoner AI.
- Fixed mul path detection on windows in release builds.
- * Definition Changes:
- Added the mage AI to most creatures.
- Adjusted carving sheep.
- Fixed leatherworkers and tanners not buying leather and hides.
- Male NPCs now have a 75% chance of getting a beard when created.
- Made shrink potions craftable.
- Changed the color of shrink potions.
- Added Tokuno includes for regions and spawnregions.
- Removed the "Pink Spawn" from decoration.
- Fixed skeletal steeds stats and skills.
- Added stackable burned food that is used when cooking fails.
- Added ranged weapons + ammo to orc scout, ratmen archer, meer captain and juka lord.
- Added colored samurai armor.
- Reorganized base armor categories.
- New folder for defines: definitions/defines/
- Applied the index.xml branches to colored armor.
- Added lightsources to fire elementals, wisps and horde minions.
- Added bones to bone_magi and body parts to horde minions, zombies and others.
- Added colored weapons. Note: Only the metallic weapons.
- Sorted out the samurai weapons by type and fixed properties.
- Ranged weapons set to 10 instead of 12.
- Price fixes for arrows/bolts.
- Fixed potion kegs.
- Gave guards colored hair.
- NPC skill defines are now: value
- Gold now has weight.
- Corrected the bushido and ninjitsu skill ids.
- All mounts now have the event npc.mount
- * Python Script Changes:
- Fixed bug #0000369. (Equip possible although item.movable = 3)
- Fixed bug #0000361. (Pets dont follow trough gate)
- Added xoffset, yoffset and zoffset to socket.attachmultitarget. (housing.deed)
- Fixed a runebook bug. (Refuses to work when full)
- Rewrote parts of the runebook.
- Added support for creature based poison immunity.
- Added support for hit based poisoning.
- Fixed several bugs in lumberjacking.
- Chars will now get revealed when using training dummy or archery butte.
- Fixed blood created at carving not decaying for a long time.
- Fixed fishing pole not wearing out.
- Fixed gainfactor for skills always beeing 1.0
- Fixed a skill check bug with lumberjacking.
- Implemented shrink potions.
- Fixed the tooltip of alchemy tools not being resend.
- Fixed the input system trying to call not existent scripts.
- Fixed the color of shrunken pets.
- Implemented shrink command.
- Implemented telem command.
- Added onConnect to system.players
- Fixes for moongate.py
- Guild button now opens guildstone menu by default.
- Fixed resistances for dragon scale armors.
- Fixed the open door macro.
- Fixed bug #0000310. (Invis spell duration too brief, Players will now be able to use stealth
- if they are hidden by the invisibility spell, even if they dont have 80.0 Hiding )
- Fixed bug #0000321. (Info Gump not setting boolean values to True if input is 1)
- Poisoning now accepts stacked potions.
- Reorganized the potion scripts.
- Added possibility to cut bone parts into usable bones using scissors.
- Fixed potion kegs.
- Added tilecolorz command. Same as tilecolor, but limited to one z coordinate.
- Added nukez command. Same as nuke, but limited to one z coordinate.
- Added tilemove command.
- Increased energyvortex and bladespirit casting time.
- Implemented the bleeding wound system.
- Implemented the weapon special moves.
- Implemented the SelfRepair item property.
- Implemented the Enhance Potions item property.
- Implemented the Splash Damage item properties.
- Implemented the On Hit spell effect item properties.
- Implemented support for dispel difficulty/dispel focus (see playguide).
- Enabled tithing of gold, resurrection and karma locking at ankhs.
- * Misc. Changes:
- FAQ Updates.
- Now compiling with the KDE Cygwin QT version on Windows. (http://kde-cygwin.sf.net)
- Updated the gm tool a little. It now has support for the samurai empire maps.
- In addition to fixing some bugs, it also has an experimental region rectangle generator
- on the settings tab.
- * Known Issues, Bugs, and Missing Features:
- Some skills are still incomplete.
- Spawn regions are incomplete.
- We welcome donated OSI-like spawn scripts!
- Town/World regions are incomplete.
- We welcome donated OSI-like region scripts!
- Possible that a few monsters are missing and/or incomplete.
- Multis (Houses/Boats) are not currently supported.

DNS Blacklist Packet Filter project is a Linux netfilter client that decides whether to accept or drop packets based on the results of a DNS blacklist query (such as MAPS, SORBS, or SPEWS, to name a few).

One use is to filter all incoming SMTP SYN packets for spam filtering.