Free packets software for linux

This utility is meant to ease the configuration of yavipin on both clients and servers. It foll.ows the same configuration scheme as vtun, so people migrating from vtun will not find any difficulties writing up yavipin confs.

Yavipind is a secure tunnel aka 2 peers securely forwarding packets toward each other. It forwards any kind of packet (IPv4, IPv6 or other) sent over the virtual point-to-point device (e.g. tun0). It fully runs in linux userspace.

Aimwatch is a packet sniffer designed to reconstruct AOL Instant Messenger and ICQ information by passively collecting packets from the network.
Main features:
- Messages and Chats
- Buddylists
- AIM Client details
- Login information
- Multiple connections sorted by IP or screenname
- Full interpretted packet dissections of protocol data
- Raw hex views of packets
Packets can be read live from the network or from a file saved in libpcap/tcpdump format. To be able to collect packets from connections between remote machines, you either have to be on a hub (non-switched) network, physically located between the IM client and server, or use other tools to redirect packets through your machine.
Currently this project requires a Linux operating system (or compatible), with the libpcap, libxml2 and GTK+ 2 libraries installed. Ill try to make a binary available with the next version. A text-only interface will be created in the future. A Windows port may also be made, but not this month.
The new design uses an XML file to describe the protocol. The file is read when the program is started and packets are dissected with a dynamic tree created in memory. This allows new packet dissection information to be added to the program without having to recompile or understand the source code.

Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk project works by sending out UDP or TCP packets with a TTL one greater than the targeted gateway.

If the gateway allows the traffic, it will forward the packets to the next hop where they will expire and elicit an ICMP_TIME_EXCEEDED message. If the gateway hostdoes not allow the traffic, it will likely drop the packets on the floor and we will see no response.

To get the correct IP TTL that will result in expired packets one beyond the gateway we need to ramp up hop-counts. We do this in the same manner that traceroute works. Once we have the gateway hopcount (at that point the scan is said to be `bound`) we can begin our scan.

It is significant to note the fact that the ultimate destination host does not have to be reached. It just needs to be somewhere downstream, on the other side of the gateway, from the scanning host.

APSR is a network testing tool, designed to send and receive arbitrary network packets. APSR can be used to test firewalls, routing, security and many other things.
The project is splitted in two main programs, apsend to create packets and aprecv to sniff packets. The main goal of the APSR project is to develop a high quality network testing tool.
Main features:
- Sending and receiving of packets
- Ouput and documentation in different languages
- Easy installation (autoconf/automake support) and binary packages
- Configuration files
- Logfiles and filters in a variety of formats (text, xml, sql, gdbm, csv, ...)
- Syslog and database (sql) interfaces
- Daemon mode
- Thread support
- IPv4/v6 and MAC resolving
- Broadcast / Multicast support
- Special "packet-sets" (wake-on-lan for example)
- Client/Server system
- HTML based management system
- Graphical user interfaces/front ends (GUIs/FEs): GTK/QT/ncurses
- Module support using a simple packet construction language (PCL)
- Plugin support (perl/python or perl/ruby)
Which protocols will be supported by APSR final 1.0 ?
Who knows, currently(0.17-12) we can read more then 110 different protocol headers and create packets for about 30 different protocols.
And whats with the application layer?
Application layer protocols will be implemented through a simple module API. The modules can be written in C or (theoretically) in any other language. They will be loaded dynamically.
Enhancements:
- A lot of compilation problems have been fixed and the code has been cleaned.
- Some (Free)BSD-specific bugs have been fixed.
- No new features have been added.
- Users are advised to upgrade to this release.

The fairly fast packet filter (FFPF) is an approach to network packet processing that adds many new features to existing filtering solutions like BPF.
fairly fast packet filter is designed for high speed by pushing computationally intensive tasks to the kernel or even network processors and by minimising packet copying.
By providing both access to richer programming languages and explicit extensibility, it is also considerably more flexible than existing approaches.
FFPF provides a complete solution for network monitoring that caters to all applications available today. Exploiting its extensibility, the language can even be used as a meta-filter to `script together filters from other approaches, such as BPF.
Main features:
- fast: processes significantly more packets per second than LSF (reference)
- scalable: transparently supports hardware assist, like that given by the Intel IXP2x00 network processors
- backward compatible: supports all existing libpcap based applications
- extensible: separates functionality from the framework. FFPF currently ships with implementations of BPF, Aho Corasick, Boyer Moore Horspool, and many more
- modular: new functions can be written in as little as 3 lines of code
- secure: relies on Keynote for authentication and resource control
- open and standard adherent: licensed under the GNU General Public License (GPL). It implements the Monitoring API (MAPI) draft as designed by the EU-SCAMPI consortium
Enhancements:
- enabled kernelspace processing
- enabled all 5 buffer implementations (Continuous, Fixed-size slot, Variable sized slot, Double ring and Index)
- added TCP stream reassembly and early implementation of zero-copy reassembly
- added PCAP input and output support, for userspace testing and offline use
- added additional minor functions: TCP Synprotect, output to files, ...
- added support for UDEV
- extended controlplane: flowspaces can now be queried for live state
- fixed up many bugs, hacks and irregularities.

Libnet is a high-level API (toolkit) allowing the application programmer to construct and inject network packets. It provides a portable and simplified interface for low-level network packet shaping, handling and injection.

Libnet hides much of the tedium of packet creation from the application programmer such as multiplexing, buffer management, arcane packet header information, byte-ordering, OS-dependent issues, and much more.

Libnet features portable packet creation interfaces at both the IP-layer and link-layer, as well as a host of supplementary and complementary functionality. Using libnet, quick and simple packet assembly applications can be whipped up with little effort.

With a bit more time, more complex programs can be written (Traceroute and Ping were easily rewritten using libnet and libpcap).

Libnet was designed and is primarily maintained by Mike D. Schiffman (mike at infonexus dot com) and a host of other people (please see the libnet documentation for the complete list of contributers).

This is an open-source project. Donations are welcomed.

countertrace project is a userland, iptables QUEUE target handler for Linux 2.4 kernels running Netfilter, which attempts to give the illusion that there are multiple, imaginary IP hops between itself and the rest of the world.

The imaginary hops that countertrace projects also have the ability to introduce accumulative, imaginary latency.

How it works:

Netfilter provides a mechanism for passing packets for processing to a userland program, which can examine the packet and determine if it should be permitted through or dropped on the floor. countertrace utilizes this mechanism to drop received packets which have a TTL less than the number of hops its attempting to project, and then generates ICMP time-exceeded messages for those dropped packets with the source address of the bogus hop. If latency is also being simulated, the generated time-exceeded messages are queued for the specified period of time before being sent.

Requirements:

countertrace requires the NetPacket, Time::HiRes, and IPTables::IPv4::IPQueue perl modules, available from CPAN, the Net::RawSock and a Linux 2.4 kernel with iptables (CONFIG_IP_NF_IPTABLES) and QUEUE target (CONFIG_IP_NF_QUEUE) support. If latency is not being simulated, iptables TTL match support (CONFIG_IP_NF_MATCH_TTL) may also be useful.

Configuration:

The countertrace program takes only one command line argument, the name of its configuration file. To get started, the only configuration file command you need to know about is the "hop" command, which takes the form of "hop < address > [latency]". Hops must be added in the order in which they are to be simulated. Latency is accumulative -- at run time, the latency for each hop is determined by calculating the sum of all previously specified latency values. Additional configuration commands are available for specifying how much information is logged for each received packet; see the example-hops-configuration file for more information.

In addition to configuring countertrace itself, iptables must also be configured to pass packets to countertrace for processing using the iptables QUEUE target. If latency is not being simulated, the iptables TTL match support can be used to only pass packets to countertrace which have a TTL less than or equal to the number of hops being simulated. Otherwise, more than likely youll want all received packets to pass through countertrace, so that the latency will appear to be uniform when tracerouting, in addition to when transferring data. However, the danger is that if the countertrace program dies for any reason, iptables will drop any packets which would have been queued for userland processing, rendering the box unreachable to the outside world. To avoid the problem, it may be wise to specify at least one "backdoor" address from which packets will be accepted without passing through countertrace.

For an example startup script, see the example-startup-script.sh file.

libpal allows you to create your own forged IP, TCP, and ICMP packets. libpal project is straightforward to use and is a powerful tool for building artificial TCP/IP packets.
At the time of this writing the only supported platform is LiNUX/i386, but things will develop, so give us some time and check back or - even better.
Main features:
- ethernet header, type and payload (CVS only)
- (R)ARP packets (CVS only)
- IP header, options and payload
- ICMP messages
- TCP header, options and payload
- UDP header and payload