icmp
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 127
ICMP-Chat 0.6
ICMP-Chat is a simple console-based chat that uses ICMP packets for communication. more>>
ICMP-Chat is a simple console-based chat that uses ICMP packets for communication. All the data is encrypted with Rijndael-256 algorithm.
Installation:
Type: make && make install
For solaris type: make solaris && make install
Usage:
Usage: icmpchat [OPTIONS] < host > < nick >
< host > = Host to chat with
< nick > = Your nickname
OPTIONS:
-t < type > = specify icmp type (default ECHO_REPLY)
Example: icmpchat 192.168.1.2 foo
ICMP codes:
[0] Echo Reply
[5] Redirect
[8] Echo Request
[9] Router advertisement
[10] Router solicitation
[13] Timestamp request
[14] Timestamp reply
[15] Information request
[16] Information reply
[17] Adressmask request
[18] Adressmask reply
Enhancements:
- Rewrote from scratch
- Implemented optimized rijndael algorithm
- Implemented sha256 for password hashing
- Implemented ncurses frontend (again)
- Fixed getuid problem so that setting suid flag works now (thanks John)
<<lessInstallation:
Type: make && make install
For solaris type: make solaris && make install
Usage:
Usage: icmpchat [OPTIONS] < host > < nick >
< host > = Host to chat with
< nick > = Your nickname
OPTIONS:
-t < type > = specify icmp type (default ECHO_REPLY)
Example: icmpchat 192.168.1.2 foo
ICMP codes:
[0] Echo Reply
[5] Redirect
[8] Echo Request
[9] Router advertisement
[10] Router solicitation
[13] Timestamp request
[14] Timestamp reply
[15] Information request
[16] Information reply
[17] Adressmask request
[18] Adressmask reply
Enhancements:
- Rewrote from scratch
- Implemented optimized rijndael algorithm
- Implemented sha256 for password hashing
- Implemented ncurses frontend (again)
- Fixed getuid problem so that setting suid flag works now (thanks John)
Download (0.037MB)
Added: 2006-06-16 License: GPL (GNU General Public License) Price:
1229 downloads
ICMPInfo 0.2
ICMPInfo is a tool that uses ICMP type 13 and 17 to retrieve the current time of a remote host and its netmask. more>>
ICMPInfo is a tool that uses ICMP type 13 and 17 to retrieve the current time of a remote host and its netmask.
<<less Download (0.017MB)
Added: 2006-04-18 License: GPL (GNU General Public License) Price:
1284 downloads
Icmpenum 1.0
Icmpenum sends ICMP traffic for host enumeration. more>>
Host enumeration is the act of determining the IP address of potential targets on a network. This can be done in both layer 2 and layer 3. Icmpenum project can send ICMP traffic for such enumeration.
The ICMP packets supported are: Echo, Timestamp, Information and Netmask. Furthermore, it supports spoofing and promiscuous listening for reply packets. Icmpenum is great for enumerating networks which allow ICMP traffic.
<<lessThe ICMP packets supported are: Echo, Timestamp, Information and Netmask. Furthermore, it supports spoofing and promiscuous listening for reply packets. Icmpenum is great for enumerating networks which allow ICMP traffic.
Download (0.58MB)
Added: 2007-05-08 License: GPL (GNU General Public License) Price:
548 downloads
ICMPScan 1.1
ICMPScan scans the specified address, or addresses, for ICMP responses. more>>
ICMPScan scans the specified address, or addresses, for ICMP responses.
Usage:
icmpscan [ -EPTSNMAIRcvbn ] [ -A address ] [ -f filename ] [ -i interface ] [ -r retries ] [ -t timeout ] target [...]
Options:
-i, --interface
Listen on the specified interface. If unspecified, icmpscan will examine the routing table and select the most appropriate interface for each target address.
-c, --promisc
Put in interface into promiscuous mode. As this option increases the load on the system in general, it should only be used if spoofing of source packets address is enabled with the "-A" option.
-A, --address
Specify the source IP address of generated packets.
-t, --timeout
Specify the timeout, in milli-seconds, before retrying.
-r, --retries
Specify the number of attempts to elicit a particular ICMP response.
-f, --file
Read target list from the specified file.
-E, -P, --echo, --ping
Check of ICMP Echo responses.
-T, -S, --timestamp
Check for ICMP Timestamp responses.
-N, -M, --netmask
Check for ICMP Netmask responses.
-I, --info
Check for ICMP Info responses.
-R, --router
Check for ICMP Router Solicitation responses.
-v, --verbose
Increase the output verbosity.
-B, --debug
Target Specification
The simplest case is listing single hostnames or IP addresses on the command line. If you want to scan a subnet of IP addresses, you can append /mask to the hostname or IP address. mask must be between 0 (scan the whole Internet) and 32 (scan the single host specified). Use /24 to scan a class "C" address and /16 for a class "B". There is also a more powerful notation which lets you specify an IP address using lists/ranges for each element. Thus you can scan the whole class "B" network 192.168.*.* by specifying "192.168.*.*" or "192.168.0-255.0-255" or even "192.168.1-50,51-255.1,2,3,4,5-255". And of course you can use the mask notation: "192.168.0.0/16". These are all equivalent. If you use asterisks ("*"), remember that most shells require you to escape them with back slashes or protect them with quotes.
Examples:
The following example checks the first 16 addresses in the 192.168.1.0/24 netblock for all ICMP responses. The scan speed is increased by lowering the timeout value and setting the number of retries to 1:
> icmpscan -t 500 -r 1 192.168.1.0-16
192.168.1.0: Echo (From 192.168.1.17!)
192.168.1.0: Address Mask [255.255.255.0] (From 192.168.1.17!)
192.168.1.7: Echo
192.168.1.7: Timestamp [0x03ab2db0, 0x02d4c507, 0x02d4c507]
192.168.1.7: Address Mask [255.255.255.0]
192.168.1.8: Echo
192.168.1.8: Address Mask [255.255.255.0]
To display failed probes, increase the output verbosity:
> icmpscan -v 192.168.1.1
192.168.1.1: -- No response to Echo request --
192.168.1.1: -- No response to Timestamp request --
192.168.1.1: -- No response to Netmask request --
192.168.1.1: -- No response to Info request --
192.168.1.1: -- No response to Router Solicitation request --
Individual ICMP types can be checked for by listing their corresponding flags on the command line:
> icmpscan -v --echo --netmask 192.168.1.7
192.168.1.7: Echo
192.168.1.7: Address Mask [255.255.255.0]
<<lessUsage:
icmpscan [ -EPTSNMAIRcvbn ] [ -A address ] [ -f filename ] [ -i interface ] [ -r retries ] [ -t timeout ] target [...]
Options:
-i, --interface
Listen on the specified interface. If unspecified, icmpscan will examine the routing table and select the most appropriate interface for each target address.
-c, --promisc
Put in interface into promiscuous mode. As this option increases the load on the system in general, it should only be used if spoofing of source packets address is enabled with the "-A" option.
-A, --address
Specify the source IP address of generated packets.
-t, --timeout
Specify the timeout, in milli-seconds, before retrying.
-r, --retries
Specify the number of attempts to elicit a particular ICMP response.
-f, --file
Read target list from the specified file.
-E, -P, --echo, --ping
Check of ICMP Echo responses.
-T, -S, --timestamp
Check for ICMP Timestamp responses.
-N, -M, --netmask
Check for ICMP Netmask responses.
-I, --info
Check for ICMP Info responses.
-R, --router
Check for ICMP Router Solicitation responses.
-v, --verbose
Increase the output verbosity.
-B, --debug
Target Specification
The simplest case is listing single hostnames or IP addresses on the command line. If you want to scan a subnet of IP addresses, you can append /mask to the hostname or IP address. mask must be between 0 (scan the whole Internet) and 32 (scan the single host specified). Use /24 to scan a class "C" address and /16 for a class "B". There is also a more powerful notation which lets you specify an IP address using lists/ranges for each element. Thus you can scan the whole class "B" network 192.168.*.* by specifying "192.168.*.*" or "192.168.0-255.0-255" or even "192.168.1-50,51-255.1,2,3,4,5-255". And of course you can use the mask notation: "192.168.0.0/16". These are all equivalent. If you use asterisks ("*"), remember that most shells require you to escape them with back slashes or protect them with quotes.
Examples:
The following example checks the first 16 addresses in the 192.168.1.0/24 netblock for all ICMP responses. The scan speed is increased by lowering the timeout value and setting the number of retries to 1:
> icmpscan -t 500 -r 1 192.168.1.0-16
192.168.1.0: Echo (From 192.168.1.17!)
192.168.1.0: Address Mask [255.255.255.0] (From 192.168.1.17!)
192.168.1.7: Echo
192.168.1.7: Timestamp [0x03ab2db0, 0x02d4c507, 0x02d4c507]
192.168.1.7: Address Mask [255.255.255.0]
192.168.1.8: Echo
192.168.1.8: Address Mask [255.255.255.0]
To display failed probes, increase the output verbosity:
> icmpscan -v 192.168.1.1
192.168.1.1: -- No response to Echo request --
192.168.1.1: -- No response to Timestamp request --
192.168.1.1: -- No response to Netmask request --
192.168.1.1: -- No response to Info request --
192.168.1.1: -- No response to Router Solicitation request --
Individual ICMP types can be checked for by listing their corresponding flags on the command line:
> icmpscan -v --echo --netmask 192.168.1.7
192.168.1.7: Echo
192.168.1.7: Address Mask [255.255.255.0]
Download (0.044MB)
Added: 2007-08-22 License: GPL (GNU General Public License) Price:
794 downloads
Icmpenun 1.2
Icmpenum sends ICMP traffic to potential targets on a network. more>>
Icmpenum sends ICMP traffic to potential targets on a network.
Introduction:
Host enumeration is the act of determining the IP address of potential targets on a network. This can be done in both layer 2 and layer 3. Icmpenum sends ICMP traffic for such enumeration. The ICMP packets supported are: Echo, Timestamp, Information and Netmask. Furthermore, it supports spoofing and promiscuous listening for reply packets. Icmpenum is great for enumerating networks which allow ICMP traffic.
Installation:
1. Install the latest libpcap (libpcap 0.4, ftp://ftp.ee.lbl.gov/libpcap.tar.Z).
2. Install the latest Libnet (http://www.packetfactory.net/libnet/).
3. Compile icmpenum as follows:
gcc `libnet-config --defines` -o icmpenum icmpenum.c -lnet -lpcap
4. Copy icmpenum to your fave directory and (as root) start enumerating.
Usage:
Running icmpenum -h gives you the following screen:
# ./icmpenum -h
USAGE: ./icmpenum [opts] [-c class C] [-d dev] [-i 1-3] [-s src] [-t sec] hosts
opts are h n p r v
-h this help screen
-n no sending of packets
-p promiscuous receive mode
-r receiving packets only (no
-v verbose
-c class C in x.x.x.0 form
-i icmp type to send/receive, types include the following:
1 echo/echo reply (default)
2 timestamp request/reply
3 info request/reply
-d device to grab local IP or sniff from, default is eth0
-s spoofed source address
-t time in seconds to wait for all replies (default 5)
host(s) are target hosts (ignored if using -c)
Examples:
Here are some example uses of icmpenum to enumerate hosts.
Example 1:
[Host1]# icmpenum 192.168.1.1 192.168.1.2
This will use the default of Echo packets to try and determine if
192.168.1.1 and 192.168.1.2 are up and running.
Example 2:
[Host1]# icmpenum -i 2 -v 192.168.100.100 192.168.100.200
This will enumerate the two hosts using Timestamp packets in
verbose mode.
Example 3:
[Host1]# icmpenum -i 3 -s 10.10.10.10 -p -v 192.168.1.1 192.168.1.2
This will enumerate hosts 192.168.1.1 and 192.168.1.2 using
Information packets with a spoofed address of 10.10.10.10, since our real address is 10.10.10.11 we use the -p option to listen for the replies.
Here are some more advanced uses of icmpenum.
Example 4:
Assuming Host1 is 6.6.6.6 and Host2 is 7.7.7.7, and that the network 1.1.1.0 has potential hosts to enumerate, we use the following two entries to enumerate with Information packets:
[Host2]# icmpenum -r -t 30 -i 3 -c 1.1.1.0
[Host1]# icmpenum -s 7.7.7.7 -i 3 -c 1.1.1.0
Host2 starts first in receive mode with a timeout of 30 seconds and starts listening for Information packets from the 1.1.1.0 network. Then Host1 starts sending spoofed packets with Host2 as the source address, sending exactly what Host2 is listening for. It should be noted that this is hardly stealthy, as logs at 1.1.1s site could have 7.7.7.7s address all over them, but the -r function is good for testing.
Example 5:
Assuming Host1 is 6.6.6.6 and Host2 is 7.7.7.7, and that Host2 can sniff traffic between 1.1.1.0 and 2.2.2.0, we use the following entries to enumerate the 1.1.1.0 network:
[Host2]# icmpenum -t 20 -n -p -i 2 -c 1.1.1.0
[Host1]# icmpenum -s 2.2.2.2 -i 2 -c 1.1.1.0
Host2 starts first with a timeout of 20 seconds, makes sure not to send the packets with the -n option, listens promiscuously for Timestamp packets from the 1.1.1.0 network. Host1 sends the exact packets Host2 is listening for with a 2.2.2.2 spoofed source address. Yes, one could simply replace the -n option in Host2s command line with -s 2.2.2.2 and do the same thing from one workstation, but were demonstrating a distributed concept.
Enhancements:
- I have added ICMP MASK (type 17 and 18) requests and replys. Simply use the -i 4 option on the command line, such as; icmpenum -i 4 -c 1.2.3.1 (sends ICMP MASK requests to the Class C range 1.2.3.1/24 and reports any system as.
- Due to the use of some older versions of Libnet and Libpcap. I can see problems for some people compiling this and hence have placed two statically linked versions within the tarball
<<lessIntroduction:
Host enumeration is the act of determining the IP address of potential targets on a network. This can be done in both layer 2 and layer 3. Icmpenum sends ICMP traffic for such enumeration. The ICMP packets supported are: Echo, Timestamp, Information and Netmask. Furthermore, it supports spoofing and promiscuous listening for reply packets. Icmpenum is great for enumerating networks which allow ICMP traffic.
Installation:
1. Install the latest libpcap (libpcap 0.4, ftp://ftp.ee.lbl.gov/libpcap.tar.Z).
2. Install the latest Libnet (http://www.packetfactory.net/libnet/).
3. Compile icmpenum as follows:
gcc `libnet-config --defines` -o icmpenum icmpenum.c -lnet -lpcap
4. Copy icmpenum to your fave directory and (as root) start enumerating.
Usage:
Running icmpenum -h gives you the following screen:
# ./icmpenum -h
USAGE: ./icmpenum [opts] [-c class C] [-d dev] [-i 1-3] [-s src] [-t sec] hosts
opts are h n p r v
-h this help screen
-n no sending of packets
-p promiscuous receive mode
-r receiving packets only (no
-v verbose
-c class C in x.x.x.0 form
-i icmp type to send/receive, types include the following:
1 echo/echo reply (default)
2 timestamp request/reply
3 info request/reply
-d device to grab local IP or sniff from, default is eth0
-s spoofed source address
-t time in seconds to wait for all replies (default 5)
host(s) are target hosts (ignored if using -c)
Examples:
Here are some example uses of icmpenum to enumerate hosts.
Example 1:
[Host1]# icmpenum 192.168.1.1 192.168.1.2
This will use the default of Echo packets to try and determine if
192.168.1.1 and 192.168.1.2 are up and running.
Example 2:
[Host1]# icmpenum -i 2 -v 192.168.100.100 192.168.100.200
This will enumerate the two hosts using Timestamp packets in
verbose mode.
Example 3:
[Host1]# icmpenum -i 3 -s 10.10.10.10 -p -v 192.168.1.1 192.168.1.2
This will enumerate hosts 192.168.1.1 and 192.168.1.2 using
Information packets with a spoofed address of 10.10.10.10, since our real address is 10.10.10.11 we use the -p option to listen for the replies.
Here are some more advanced uses of icmpenum.
Example 4:
Assuming Host1 is 6.6.6.6 and Host2 is 7.7.7.7, and that the network 1.1.1.0 has potential hosts to enumerate, we use the following two entries to enumerate with Information packets:
[Host2]# icmpenum -r -t 30 -i 3 -c 1.1.1.0
[Host1]# icmpenum -s 7.7.7.7 -i 3 -c 1.1.1.0
Host2 starts first in receive mode with a timeout of 30 seconds and starts listening for Information packets from the 1.1.1.0 network. Then Host1 starts sending spoofed packets with Host2 as the source address, sending exactly what Host2 is listening for. It should be noted that this is hardly stealthy, as logs at 1.1.1s site could have 7.7.7.7s address all over them, but the -r function is good for testing.
Example 5:
Assuming Host1 is 6.6.6.6 and Host2 is 7.7.7.7, and that Host2 can sniff traffic between 1.1.1.0 and 2.2.2.0, we use the following entries to enumerate the 1.1.1.0 network:
[Host2]# icmpenum -t 20 -n -p -i 2 -c 1.1.1.0
[Host1]# icmpenum -s 2.2.2.2 -i 2 -c 1.1.1.0
Host2 starts first with a timeout of 20 seconds, makes sure not to send the packets with the -n option, listens promiscuously for Timestamp packets from the 1.1.1.0 network. Host1 sends the exact packets Host2 is listening for with a 2.2.2.2 spoofed source address. Yes, one could simply replace the -n option in Host2s command line with -s 2.2.2.2 and do the same thing from one workstation, but were demonstrating a distributed concept.
Enhancements:
- I have added ICMP MASK (type 17 and 18) requests and replys. Simply use the -i 4 option on the command line, such as; icmpenum -i 4 -c 1.2.3.1 (sends ICMP MASK requests to the Class C range 1.2.3.1/24 and reports any system as.
- Due to the use of some older versions of Libnet and Libpcap. I can see problems for some people compiling this and hence have placed two statically linked versions within the tarball
Download (0.58MB)
Added: 2007-04-05 License: GPL (GNU General Public License) Price:
556 downloads
NetPacket::ICMP 0.04
NetPacket::ICMP is a Perl module to assemble and disassemble ICMP (Internet Control Message Protocol) packets. more>>
NetPacket::ICMP is a Perl module to assemble and disassemble ICMP (Internet Control Message Protocol) packets.
SYNOPSIS
use NetPacket::ICMP;
$icmp_obj = NetPacket::ICMP->decode($raw_pkt);
$icmp_pkt = NetPacket::ICMP->encode();
$icmp_data = NetPacket::ICMP::strip($raw_pkt);
NetPacket::ICMP provides a set of routines for assembling and disassembling packets using ICMP (Internet Control Message Protocol).
Methods
NetPacket::ICMP->decode([RAW PACKET])
Decode the raw packet data given and return an object containing instance data. This method will quite happily decode garbage input. It is the responsibility of the programmer to ensure valid packet data is passed to this method.
NetPacket::ICMP->encode()
Return an ICMP packet encoded with the instance data specified.
<<lessSYNOPSIS
use NetPacket::ICMP;
$icmp_obj = NetPacket::ICMP->decode($raw_pkt);
$icmp_pkt = NetPacket::ICMP->encode();
$icmp_data = NetPacket::ICMP::strip($raw_pkt);
NetPacket::ICMP provides a set of routines for assembling and disassembling packets using ICMP (Internet Control Message Protocol).
Methods
NetPacket::ICMP->decode([RAW PACKET])
Decode the raw packet data given and return an object containing instance data. This method will quite happily decode garbage input. It is the responsibility of the programmer to ensure valid packet data is passed to this method.
NetPacket::ICMP->encode()
Return an ICMP packet encoded with the instance data specified.
Download (0.011MB)
Added: 2007-02-27 License: Perl Artistic License Price:
970 downloads
Shell over ICMP 0.5
Shell over ICMP project allows a user to connect to a remote shell daemon, by using ICMP protocol instead of classical TCP. more>>
Shell over ICMP consists of two free and open source applications: one server and one client. Shell over ICMP project allows a user to connect to a remote shell daemon, by using ICMP protocol instead of classical TCP.
Entirely written in Python, soicmp is a working proof-of-concept to demonstrate that data can be transmitted across a network by hiding it in traffic that normally does not contain payloads.
How does it work?
The soicmp server is a daemon that must be started on the remote server. When the server receives a request from the client it looks into the packets payload. The payload must respect certain protocol rules. In detail the client must specify:
command
communication mode (echo|echo/reply)
authentication (y|n)
This is an example of a correct payload string sent by client to server:
$CMD ls -a $MODE echo/reply $PWD root2005 $END
If the payload matches with the server protocol specification then it will pipe the command to "/bin/sh" or "cmd.exe" and execute it. The server then reads the result from the pipe and sends it back to the client that will print it to stdout.
Moreover every client will send ICMP packets having id equal to the clients current process ID and will accept only ICMP replies having the same id value. This prevents output to be printed by other client instances running on the same workstation (this argument is also treated in the FAQs section).
Main features:
- Platform independent.
- Possibility to run soicmp daemon on multiple ethernet interfaces simultaneously handling multiple client connections.
- Possibility to specify the buffer size of outgoing packets.
- Client side source IP address spoofing.
- Remote client case-sensitive (plain texted) authentication.
- Possibility to select two communication types:
- One based on encapsulating command output in unique "one way" ICMP_ECHOREPLY (type 0) packets sent by server to client (see fig. 1).
- Another one that guarantees the correct packets delivering by using the request/response nature of ECHO and ECHOREPLY ICMP packet types (see fig.2)
- No listening sockets are listed by netstat or similar programs.
<<lessEntirely written in Python, soicmp is a working proof-of-concept to demonstrate that data can be transmitted across a network by hiding it in traffic that normally does not contain payloads.
How does it work?
The soicmp server is a daemon that must be started on the remote server. When the server receives a request from the client it looks into the packets payload. The payload must respect certain protocol rules. In detail the client must specify:
command
communication mode (echo|echo/reply)
authentication (y|n)
This is an example of a correct payload string sent by client to server:
$CMD ls -a $MODE echo/reply $PWD root2005 $END
If the payload matches with the server protocol specification then it will pipe the command to "/bin/sh" or "cmd.exe" and execute it. The server then reads the result from the pipe and sends it back to the client that will print it to stdout.
Moreover every client will send ICMP packets having id equal to the clients current process ID and will accept only ICMP replies having the same id value. This prevents output to be printed by other client instances running on the same workstation (this argument is also treated in the FAQs section).
Main features:
- Platform independent.
- Possibility to run soicmp daemon on multiple ethernet interfaces simultaneously handling multiple client connections.
- Possibility to specify the buffer size of outgoing packets.
- Client side source IP address spoofing.
- Remote client case-sensitive (plain texted) authentication.
- Possibility to select two communication types:
- One based on encapsulating command output in unique "one way" ICMP_ECHOREPLY (type 0) packets sent by server to client (see fig. 1).
- Another one that guarantees the correct packets delivering by using the request/response nature of ECHO and ECHOREPLY ICMP packet types (see fig.2)
- No listening sockets are listed by netstat or similar programs.
Download (0.58MB)
Added: 2006-11-07 License: GPL (GNU General Public License) Price:
1081 downloads
ICMP Hostname Tools for Linux 0.3
The ICMP Hostname Tools for Linux include a responder daemon, a lookup tool, and a nameswitch module. more>>
The ICMP Hostname Tools for Linux include a responder daemon, a lookup tool, and a nameswitch module to handle ICMP host name functions.
The NSS module caches all requests (including failures) and honors the TTL value sent by the responding host. It uses a configuration file called /etc/nss-icmp.conf, which controls different aspects of its operation:
* timeout Sets the timeout in milliseconds for ICMP host name queries, by passing the -t option to idnlookup.
* nocache Disables the cache.
* ttlnotfound Sets the TTL for not-found cache entries is seconds. The default is 5 minutes.
Both icmpdnd and idnlookup need to run as root, due to the fact that they use ICMP. Thus, idnlookup needs be installed SUID root.
<<lessThe NSS module caches all requests (including failures) and honors the TTL value sent by the responding host. It uses a configuration file called /etc/nss-icmp.conf, which controls different aspects of its operation:
* timeout Sets the timeout in milliseconds for ICMP host name queries, by passing the -t option to idnlookup.
* nocache Disables the cache.
* ttlnotfound Sets the TTL for not-found cache entries is seconds. The default is 5 minutes.
Both icmpdnd and idnlookup need to run as root, due to the fact that they use ICMP. Thus, idnlookup needs be installed SUID root.
Download (0.026MB)
Added: 2005-06-28 License: GPL (GNU General Public License) Price:
1579 downloads
icpld 1.1.3
icpld is a tool to log the uptime of your network connection. more>>
ICPLD is a connection monitor which allows you to keep track of your network connection perfomance. It will log each occasion of broken networking.
icpld runs as a background process, and sends ICMP requests to an ip of your choice. When a reply isnt received within proper amount of time, it will consider the connection as unavailable and put a stamp in its log.
<<lessicpld runs as a background process, and sends ICMP requests to an ip of your choice. When a reply isnt received within proper amount of time, it will consider the connection as unavailable and put a stamp in its log.
Download (0.32MB)
Added: 2006-04-26 License: BSD License Price:
1276 downloads
ISIC 0.06
ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.). more>>
ISIC is a suite of utilities to exercise the stability of an IP Stack and its component stacks (TCP, UDP, ICMP et. al.). It generates piles of pseudo random packets of the target protocol.
The packets be given tendancies to conform to. Ie 50% of the packets generated can have IP Options. 25% of the packets can be IP fragments... But the percentages are arbitrary and most of the packet fields have a configurable tendancy.
The packets are then sent against the target machine to either penetrate its firewall rules or find bugs in the IP stack.
It also contains a utility generate raw ether frames to examine hardware implementations.
Other novel uses people have found for ISIC include IDS testing, stack fingerprinting, breaking sniffers and barraging the IRC kiddie.
<<lessThe packets be given tendancies to conform to. Ie 50% of the packets generated can have IP Options. 25% of the packets can be IP fragments... But the percentages are arbitrary and most of the packet fields have a configurable tendancy.
The packets are then sent against the target machine to either penetrate its firewall rules or find bugs in the IP stack.
It also contains a utility generate raw ether frames to examine hardware implementations.
Other novel uses people have found for ISIC include IDS testing, stack fingerprinting, breaking sniffers and barraging the IRC kiddie.
Download (0.027MB)
Added: 2006-03-09 License: GPL (GNU General Public License) Price:
1334 downloads
SendIP 2.5
SendIP is a commandline tool to send arbitrary packets. more>>
SendIP is a command-line tool to send arbitrary IP packets. It has a large number of options to specify the content of every header of a RIP, RIPng, BGP, TCP, UDP, ICMP, or raw IPv4/IPv6 packet.
It also allows any data to be added to the packet. Checksums can be calculated automatically, but if you wish to send out wrong checksums, that is supported too.
Here is a list of protocols that SendIP currently understands:
- IPv4 (but see below section 7)
- TCP
- BGP
- ICMP
- UDP
- RIP
- NTP
- IPv6 (except on solaris)
- ICMPv6
- TCP
- UDP
- RIPng
- NTP?
Other protocols will be added in future versions, as and when I have time to add them.
Of course, it is still possible to send packets using other protocols, but you have to construct the packet data and headers entirely by hand.
Installation
make ; make install should work.
You MUST use GNU make.
On Solaris you need to use gcc-3.x or above, and GNU binutils.
On other platforms, you probably need gcc-2.x or above.
If you have install problems on Solaris, try:
make install INSTALL=/usr/ucb/install
If you cant persuade it to compile or install, mail me with details of what goes wrong, and what system you are trying to install it on.
By this I mean at least:
- output of make -k veryclean all install
- OS, including version
- version of make, gcc, etc
- version of sendip
- anything else you think might be relevant
You can change where it installs by changing BINDIR and/or PREFIX at the top of the Makefile.
A .spec file is included to build RPMS, and source and binary RPMS are also available from the web page. Debian packages are also available, and sendip is included in the FreeBSD ports collection.
Usage
SendIP can take a huge number of commandline parameters. For this reason, future versions may have some sort of user interface...
Please read the man page or sendip -h for details. They are not documented here because they change often between versions and I cant be bothered to keep this up to date.
<<lessIt also allows any data to be added to the packet. Checksums can be calculated automatically, but if you wish to send out wrong checksums, that is supported too.
Here is a list of protocols that SendIP currently understands:
- IPv4 (but see below section 7)
- TCP
- BGP
- ICMP
- UDP
- RIP
- NTP
- IPv6 (except on solaris)
- ICMPv6
- TCP
- UDP
- RIPng
- NTP?
Other protocols will be added in future versions, as and when I have time to add them.
Of course, it is still possible to send packets using other protocols, but you have to construct the packet data and headers entirely by hand.
Installation
make ; make install should work.
You MUST use GNU make.
On Solaris you need to use gcc-3.x or above, and GNU binutils.
On other platforms, you probably need gcc-2.x or above.
If you have install problems on Solaris, try:
make install INSTALL=/usr/ucb/install
If you cant persuade it to compile or install, mail me with details of what goes wrong, and what system you are trying to install it on.
By this I mean at least:
- output of make -k veryclean all install
- OS, including version
- version of make, gcc, etc
- version of sendip
- anything else you think might be relevant
You can change where it installs by changing BINDIR and/or PREFIX at the top of the Makefile.
A .spec file is included to build RPMS, and source and binary RPMS are also available from the web page. Debian packages are also available, and sendip is included in the FreeBSD ports collection.
Usage
SendIP can take a huge number of commandline parameters. For this reason, future versions may have some sort of user interface...
Please read the man page or sendip -h for details. They are not documented here because they change often between versions and I cant be bothered to keep this up to date.
Download (0.052MB)
Added: 2005-04-26 License: GPL (GNU General Public License) Price:
1643 downloads
iplog 2.2.3
iplog is a TCP/IP traffic logger. more>>
iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports posix threads and on which libpcap will function.
Some people have reported that iplog doesnt log anything for them. To those people:
Can you try commenting out line 41 of iplog.c and seeing if that makes iplog produce logs. If it does, what percentage of CPU time does ps or top show iplog consuming? If deleting that line helps you at all, Id be interested in hearing about it. Could you send me email with your operating system and OS version and details about what happened when you removed that line.
Enhancements:
- Released as version 2.2.3.
<<lessSome people have reported that iplog doesnt log anything for them. To those people:
Can you try commenting out line 41 of iplog.c and seeing if that makes iplog produce logs. If it does, what percentage of CPU time does ps or top show iplog consuming? If deleting that line helps you at all, Id be interested in hearing about it. Could you send me email with your operating system and OS version and details about what happened when you removed that line.
Enhancements:
- Released as version 2.2.3.
Download (0.13MB)
Added: 2006-06-28 License: GPL (GNU General Public License) Price:
1218 downloads
IPChains 0.5
IPChains is a Perl module to create and manipulate ipchains via Perl. more>>
IPChains is a Perl module to create and manipulate ipchains via Perl.
SYNOPSIS
use IPChains;
$fw = IPChains->new(-option => value, ... ); $fw->append(chain);
This module acts as an interface to the ipchains(8) userspace utility by Paul "Rusty" Russell (http://www.rustcorp.com/linux/ipchains/). It attempts to include all the functionality of the original code with a simplified user interface via Perl. In addition, plans for log parsing facilities, an integrated interface to ipmasqadm, and possibly traffic shaping are slated for up and coming versions.
The new() and attribute() methods support the following options:
Source
Specifies origination address of packet. Appending hostmask to this address using a / is OK, as well as specifying it separately (see SourceMask).
SourceMask
Hostmask for origination address. Can either be in 24 or 255.255.255.0 style.
SourcePort
Specific port or port range (use xxx:xxx to denote range), requires specific protocol specification.
Dest
Specifies destination address of packet. Appending hostmask to this address using a / is OK, as well as specifying it separately (see DestMask)
DestMask
Destination address, (see SourceMask).
DestPort
Destination Port, (see SourcePort).
Prot
Protocol. Can be tcp, udp, icmp, or all. Required for specifying specific port(s).
ICMP
ICMP Name/Code (in place of port when ICMP is specified as protocol).
Here is a small table of some of the most common ICMP packets:
Number Name Required by
0 echo-reply ping
3 destination-unreachable Any TCP/UDP traffic.
5 redirect routing if not running
routing daemon
8 echo-request ping
11 time-exceeded traceroute
Rule
Target. Can be ACCEPT, DENY, REJECT, MASQ, REDIRECT, RETURN, or a user-defined chain. Note: This is case sensitive.
Interface
Specify a specify interface as part of the criteria (ie, eth0, ppp0, etc.).
Fragment
Rule only refers to second and further fragments of fragmented packets (1 or 0).
Bidir
Makes criteria effective in both directions (1 or 0).
Verbose
Set verbose option for setting rules or list() (1 or 0).
Numeric
Show output from list() in numeric format. No DNS lookups, etc.. (1 or 0).
Log
Enable kernel logging (via syslog, kern.info) of matched packets (1 or 0).
Output
Copy matching packets to the userspace device (advanced).
Mark
Mark matching packets with specified number (advanced).
TOS
Used for modifying the TOS field in the IP header. Takes 2 args, AND and XOR masks, (ie, (TOS => ["0x01", "0x10"])). This feature is highly untested.
The first mask is ANDed with the packets current TOS, and the second mask is XORed with it. Use the following table for reference:
TOS Name Value Typical Uses
Minimum Delay 0x01 0x10 ftp, telnet
Maximum Throughput 0x01 0x08 ftp-data
Maximum Reliability 0x01 0x04 snmp
Minimum Cost 0x01 0x02 nntp
Exact
Display exact numbers in byte counters instead of numbers rounded in Ks, Ms, or Gs (1 or 0).
SYN
Only match TCP packets with the SYN bit set and the ACK and FIN bits cleared (1 or 0).
<<lessSYNOPSIS
use IPChains;
$fw = IPChains->new(-option => value, ... ); $fw->append(chain);
This module acts as an interface to the ipchains(8) userspace utility by Paul "Rusty" Russell (http://www.rustcorp.com/linux/ipchains/). It attempts to include all the functionality of the original code with a simplified user interface via Perl. In addition, plans for log parsing facilities, an integrated interface to ipmasqadm, and possibly traffic shaping are slated for up and coming versions.
The new() and attribute() methods support the following options:
Source
Specifies origination address of packet. Appending hostmask to this address using a / is OK, as well as specifying it separately (see SourceMask).
SourceMask
Hostmask for origination address. Can either be in 24 or 255.255.255.0 style.
SourcePort
Specific port or port range (use xxx:xxx to denote range), requires specific protocol specification.
Dest
Specifies destination address of packet. Appending hostmask to this address using a / is OK, as well as specifying it separately (see DestMask)
DestMask
Destination address, (see SourceMask).
DestPort
Destination Port, (see SourcePort).
Prot
Protocol. Can be tcp, udp, icmp, or all. Required for specifying specific port(s).
ICMP
ICMP Name/Code (in place of port when ICMP is specified as protocol).
Here is a small table of some of the most common ICMP packets:
Number Name Required by
0 echo-reply ping
3 destination-unreachable Any TCP/UDP traffic.
5 redirect routing if not running
routing daemon
8 echo-request ping
11 time-exceeded traceroute
Rule
Target. Can be ACCEPT, DENY, REJECT, MASQ, REDIRECT, RETURN, or a user-defined chain. Note: This is case sensitive.
Interface
Specify a specify interface as part of the criteria (ie, eth0, ppp0, etc.).
Fragment
Rule only refers to second and further fragments of fragmented packets (1 or 0).
Bidir
Makes criteria effective in both directions (1 or 0).
Verbose
Set verbose option for setting rules or list() (1 or 0).
Numeric
Show output from list() in numeric format. No DNS lookups, etc.. (1 or 0).
Log
Enable kernel logging (via syslog, kern.info) of matched packets (1 or 0).
Output
Copy matching packets to the userspace device (advanced).
Mark
Mark matching packets with specified number (advanced).
TOS
Used for modifying the TOS field in the IP header. Takes 2 args, AND and XOR masks, (ie, (TOS => ["0x01", "0x10"])). This feature is highly untested.
The first mask is ANDed with the packets current TOS, and the second mask is XORed with it. Use the following table for reference:
TOS Name Value Typical Uses
Minimum Delay 0x01 0x10 ftp, telnet
Maximum Throughput 0x01 0x08 ftp-data
Maximum Reliability 0x01 0x04 snmp
Minimum Cost 0x01 0x02 nntp
Exact
Display exact numbers in byte counters instead of numbers rounded in Ks, Ms, or Gs (1 or 0).
SYN
Only match TCP packets with the SYN bit set and the ACK and FIN bits cleared (1 or 0).
Download (0.050MB)
Added: 2007-05-10 License: Perl Artistic License Price:
897 downloads
UTIN Firewall script
UTIN Firewall script project is a script for Linux 2.4.x and iptables. more>>
UTIN Firewall script project is a script for Linux 2.4.x and iptables.
###########
# Configuration options, these will speed you up getting this script to
# work with your own setup.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#
# INET_IP is used by me to allow myself to do anything to myself, might
# be a security risc but sometimes I want this. If you dont have a static
# IP, I suggest not using this option at all for now but its still
# enabled per default and will add some really nifty security bugs for all
# those who skips reading the documentation=)
LAN_IP="192.168.0.2"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
LO_IFACE="lo"
LO_IP="127.0.0.1"
INET_IP="194.236.50.155"
INET_IFACE="eth0"
IPTABLES="/usr/local/sbin/iptables"
#########
# Load all required IPTables modules
#
#
# Needed to initially load modules
#
/sbin/depmod -a
#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
#
# Support for owner matching
#
#/sbin/modprobe ipt_owner
#
# Support for connection tracking of FTP and IRC.
#
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
#
# Enable ip_forward, this is critical since it is turned off as defaul in
# Linux.
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# Dynamic IP users:
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#
# Enable simple IP Forwarding and Network Address Translation
#
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
#
# Set default policies for the INPUT, FORWARD and OUTPUT chains
#
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
#
# bad_tcp_packets chain
#
# Take care of bad TCP packets that we dont want.
#
$IPTABLES -N bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG
--log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
#
# Do some checks for obviously spoofed IPs
#
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 192.168.0.0/16 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 10.0.0.0/8 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 172.16.0.0/12 -j DROP
$IPTABLES -A bad_tcp_packets -i $LAN_IFACE ! -s 192.168.0.0/16 -j DROP
#
# Bad TCP packets we dont want
#
$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
#
# Accept the packets we actually want to forward between interfaces.
#
$IPTABLES -A FORWARD -p tcp --dport 21 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 80 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 110 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG
--log-level DEBUG --log-prefix "IPT FORWARD packet died: "
#
# Create separate chains for ICMP, TCP and UDP to traverse
#
$IPTABLES -N icmp_packets
$IPTABLES -N tcp_packets
$IPTABLES -N udpincoming_packets
#
# The allowed chain for TCP connections
#
$IPTABLES -N allowed
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP
#
# ICMP rules
#
# Changed rules totally
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
#
# TCP rules
#
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed
#
# UDP ports
#
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 123 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 2074 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 4000 -j ACCEPT
#
# INPUT chain
#
# Bad TCP packets we dont want
#
$IPTABLES -A INPUT -p tcp -j bad_tcp_packets
#
# Rules for incoming packets from anywhere
#
$IPTABLES -A INPUT -p ICMP -j icmp_packets
$IPTABLES -A INPUT -p TCP -j tcp_packets
$IPTABLES -A INPUT -p UDP -j udpincoming_packets
#
# Rules for special networks not part of the Internet
#
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT INPUT packet died: "
#
# OUTPUT chain
#
#
# Bad TCP packets we dont want
#
$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT OUTPUT packet died: "
<<less###########
# Configuration options, these will speed you up getting this script to
# work with your own setup.
#
# your LANs IP range and localhost IP. /24 means to only use the first 24
# bits of the 32 bit IP adress. the same as netmask 255.255.255.0
#
# INET_IP is used by me to allow myself to do anything to myself, might
# be a security risc but sometimes I want this. If you dont have a static
# IP, I suggest not using this option at all for now but its still
# enabled per default and will add some really nifty security bugs for all
# those who skips reading the documentation=)
LAN_IP="192.168.0.2"
LAN_BCAST_ADRESS="192.168.0.255"
LAN_IFACE="eth1"
LO_IFACE="lo"
LO_IP="127.0.0.1"
INET_IP="194.236.50.155"
INET_IFACE="eth0"
IPTABLES="/usr/local/sbin/iptables"
#########
# Load all required IPTables modules
#
#
# Needed to initially load modules
#
/sbin/depmod -a
#
# Adds some iptables targets like LOG, REJECT and MASQUARADE.
#
/sbin/modprobe ipt_LOG
#/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
#
# Support for owner matching
#
#/sbin/modprobe ipt_owner
#
# Support for connection tracking of FTP and IRC.
#
#/sbin/modprobe ip_conntrack_ftp
#/sbin/modprobe ip_conntrack_irc
#
# Enable ip_forward, this is critical since it is turned off as defaul in
# Linux.
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# Dynamic IP users:
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#
# Enable simple IP Forwarding and Network Address Translation
#
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
#
# Set default policies for the INPUT, FORWARD and OUTPUT chains
#
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
#
# bad_tcp_packets chain
#
# Take care of bad TCP packets that we dont want.
#
$IPTABLES -N bad_tcp_packets
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j LOG
--log-prefix "New not syn:"
$IPTABLES -A bad_tcp_packets -p tcp ! --syn -m state --state NEW -j DROP
#
# Do some checks for obviously spoofed IPs
#
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 192.168.0.0/16 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 10.0.0.0/8 -j DROP
$IPTABLES -A bad_tcp_packets -i $INET_IFACE -s 172.16.0.0/12 -j DROP
$IPTABLES -A bad_tcp_packets -i $LAN_IFACE ! -s 192.168.0.0/16 -j DROP
#
# Bad TCP packets we dont want
#
$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets
#
# Accept the packets we actually want to forward between interfaces.
#
$IPTABLES -A FORWARD -p tcp --dport 21 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 80 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -p tcp --dport 110 -i $LAN_IFACE -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG
--log-level DEBUG --log-prefix "IPT FORWARD packet died: "
#
# Create separate chains for ICMP, TCP and UDP to traverse
#
$IPTABLES -N icmp_packets
$IPTABLES -N tcp_packets
$IPTABLES -N udpincoming_packets
#
# The allowed chain for TCP connections
#
$IPTABLES -N allowed
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP
#
# ICMP rules
#
# Changed rules totally
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
#
# TCP rules
#
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 22 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 80 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 113 -j allowed
#
# UDP ports
#
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 123 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 2074 -j ACCEPT
$IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 4000 -j ACCEPT
#
# INPUT chain
#
# Bad TCP packets we dont want
#
$IPTABLES -A INPUT -p tcp -j bad_tcp_packets
#
# Rules for incoming packets from anywhere
#
$IPTABLES -A INPUT -p ICMP -j icmp_packets
$IPTABLES -A INPUT -p TCP -j tcp_packets
$IPTABLES -A INPUT -p UDP -j udpincoming_packets
#
# Rules for special networks not part of the Internet
#
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $INET_IP -m state --state ESTABLISHED,RELATED
-j ACCEPT
$IPTABLES -A INPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT INPUT packet died: "
#
# OUTPUT chain
#
#
# Bad TCP packets we dont want
#
$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets
$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $INET_IP -j ACCEPT
$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3
-j LOG --log-level DEBUG --log-prefix "IPT OUTPUT packet died: "
Download (MB)
Added: 2007-02-13 License: GPL (GNU General Public License) Price:
985 downloads
libpal 0.1.4a
libpal allows you to create your own forged IP, TCP, and ICMP packets. more>>
libpal allows you to create your own forged IP, TCP, and ICMP packets. libpal project is straightforward to use and is a powerful tool for building artificial TCP/IP packets.
At the time of this writing the only supported platform is LiNUX/i386, but things will develop, so give us some time and check back or - even better.
Main features:
- ethernet header, type and payload (CVS only)
- (R)ARP packets (CVS only)
- IP header, options and payload
- ICMP messages
- TCP header, options and payload
- UDP header and payload
<<lessAt the time of this writing the only supported platform is LiNUX/i386, but things will develop, so give us some time and check back or - even better.
Main features:
- ethernet header, type and payload (CVS only)
- (R)ARP packets (CVS only)
- IP header, options and payload
- ICMP messages
- TCP header, options and payload
- UDP header and payload
Download (0.086MB)
Added: 2006-03-22 License: LGPL (GNU Lesser General Public License) Price:
1313 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above icmp search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
