Free tcp connections xp software for linux

Net::Connection::Sniffer can gather stats on network connections.

SYNOPSIS

use Net::Connection::Sniffer;
gather($config)
__top

Net::Connection::Sniffer is a perl module to gather connection statistics by listening to ethernet traffic. Traffic is filtered using standard BPF notation as described in the tcpdump documentation and implemented using the standard pcap library to sniff packets on host network interfaces.

TCP Knocking provides a port knocking implementation.
Often a secure system needs a port open so that only authorized persons can access a particular service and also the service should not exposed to attackers and worms that may use vulnerabilities that exist in the listening server. Port knocking is designed to be used as a complementary service to the existing authentication mechanism. But one of the biggest problems with port knocking is manipulating the firewall with timeouts.
When the correct knock sequence is sent, the firewall is modified for couple of seconds. Having the firewall open automatically for a time period will make any system administrator uncomfortable. TCP knocking attempts to solve the problem by incorporating the knock into the TCP handshake. Tcp knocking is similar to port knocking, but instead sending UDP packets with secret ports, the TCP handshake packets must include secrete codes. It is at least as secure as port knocking and it can be made secure with more hardening.
Modified TCP handshake:
In normal TCP handshake, the client sends the syn packet and chooses a random initial sequence number. The server responds with a packet that has both syn and ack flags set, choosing a random
The modified TCP handshake uses the empty fields in the header. The server does not respond to connection requests without a special code generated along with the syn packet. The server also encrypts the ISN in the ack packet (2) and the final packet of the three-way handshake must have the correct acknowledgment for the servers ISN. The system is further protected from brute-force attacks by closing the connection if the first attempt for the third packet does not have the expected acknowledgment sequence.
Also, rather than use conventional encryption techniques like HMAC for verification, this system uses a file with random numbers as the key. This is because of the limited unused space available in the TCP/IP header which makes HMAC very weak. By using a shared file, the length of the key can be much greater than traditional systems and even though some parts of the key can be revealed by attacks, the server can protect itself from replay attacks.
The handshake:
1) Syn
The syn packet does not use the 32 bit acknowledgment field in the TCP header as it the the first packet to initiate the connection. Further the 16 bit IPID can be used to transmit information. In the current implementation only the 32 bit acknowledgment field is used. Currently the 32 bit ack is derived from a 64 KB file which contains random numbers. The ISN and the source IP address along with the random numbers are used to generate this value.
2) Syn/Ack
The ISN is encrypted using the random numbers from the 64 KB file using the destination IP address as well as a 16 bit random number used as IPID. I do not have code for this part yet.
3) Ack
The client decrypts the syn number from the encrypted syn, the key file, the 16 bit IPID and its own IP address and sends the ack packet. The server closes all connections from the client for couple of minutes if it sends a wrong ack value. Part of the security relies on the fact that the ISN generated by Linux 2.6 is fairly random.
Implementation:
I have implemented only the first part, which is the server expecting secret code along with the first syn packet from the client. Hence it is very possible to brute-force the server. Also the system is designed with the second phase in mind, which is the encrypted Initial Sequence Number in the ack packet and closing the connection if the correct ack is not sent on the first try. I do not have an implementation for that yet. The security will be increased greatly when the second phase is incorporated. Also the ability to detect brute-force attacks can be added to this system.
But the current system can be used for protecting the server from worms and random scanning. The use-case is similar to port knocking but it does not use the ugly system of opening the firewall for a couple of seconds. Vanilla port knocking is susceptible to brute-force attacks as well. Besides, inserting a kernel module to just ssh into your server will increase your mad sysadmin points.
Enhancements:
- TCP knocking with Phase 1 of the protocol was implemented.

TCP port scanner is a network scanner for Linux.

Installation:

1. Install - become root and gunzip/tar tcpscan-X-Y-Z.tar.gz.
2. Type ./confugure , make
3. Type install
4. Enjoy and try type tcpscan localhost
5. To get help - run tcpscan without parametres.

Usage:

tcpscan [-f] [hostname || IP_address]
tcpscan [-f] [first_IP_address] [last_IP_address]

TCPreen is a simple tool to monitor and analyze data transmitted between clients and servers through connection-oriented streams data such as a TCP sessions; it supports TCP over either IPv4 or IPv6. This tool focuses on the data stream (software/socket layer), not on the lower level transmission protocol as packet sniffers do.

TCPreen listens on a TCP port and wait for incoming connections to come in. Then, it forwards data sent by the connecting client to another server port (possibly on another computer) and forwards server responses back to the client.

TCPreen can display data on your console in real-time and/or save it to log files for later reference. Various display formats are available.

While it was originally meant to help developers reverse-engineer TCP-based protocols, it can also be very useful to debug network server or client software or for a system administrator to monitor a TCP service.

TinyMUSH 3 project is a descendant of the TinyMUD server, and thus supports multi-user communication in a text-based "virtual world" format, via TCP/IP connections (presumably, but not necessarily, Internet connections).
The end result looks much like text adventures games of the mid-1980s. Though its simplest application is as a chat server, TinyMUSH 3 is intended to have the flexibility and power to support highly complex roleplaying environments.
TinyMUSH 3 is a derivative of TinyMUSH 2.0, originally created through the fusion of the TinyMUSH 2.2 and TinyMUX 1.6 code branches. The server is under active development and support.
Enhancements:
- Fixed Always clear @prog data on logout
- Fixed tools (src/tools). Add an install tag to the tools makefile.
- Update LibTools to version 1.5.22.
- Update AutoConf to version 2.59.
- Fixed function logf() in udb_* conflict with build-in function logf(), rename the function to warning().
- Remove unused port-concentrator code.
- Automated build of TinyGDBM within ./configure.
- Updated the build process a bit to keep in line with autoconf standards.

Network Communicator is a simple script for sending and receiving data over TCP/UDP connections.
It can be useful for testing firewall configurations, routing tables, and similar things.
I had originally written two scripts for testing TCP only: a talker and a listener. Upon failure to properly modify them to support UDP only, I made Netcom. It allows the sending and receiving of TCP or UDP data to arbitrary IPs/Ports and optional from/to files.
Im sure there are already tools like this out there like netcat, but wasnt able to get netcat working properly for UDP also. Either way, here you go and enjoy!
Launch Netcom with no options to view the usage.
Enhancements:
- A complete re-write to support arbitrary source/destination and port forwarding (not tunneling).

Ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. At first glance, this might seem like a rather useless thing to do, but it can actually come in your help in some cases.
Setting: Youre on the go, and stumble across an open wireless network. The network gives you an IP address, but wont let you send TCP or UDP packets out to the rest of the internet, for instance to check your mail. What to do? By chance, you discover that the network will allow you to ping any computer on the rest of the internet. With ptunnel, you can utilize this feature to check your mail, or do other things that require TCP.
Main features:
- Tunnel TCP using ICMP echo request and reply packets
- Connections are reliable (lost packets are resent as necessary)
- Handles multiple connections
- Acceptable bandwidth (150 kb/s downstream and about 50 kb/s upstream are the currently measured maximas for one tunnel, but with tweaking this can be improved further)
- Authentication, to prevent just anyone from using your proxy

Configuration with no services supported script is for a single host firewall configuration with no services supported by the firewall machine itself.

Sample:

# USER CONFIGURABLE SECTION

# The name and location of the ipchains utility.
IPTABLES=iptables

# The path to the ipchains executable.
PATH="/usr/local/sbin"

# Our internal network address space and its supporting network device.
OURNET="10.5.0.0/24"
OURBCAST="10.5.0.255"
OURDEV="eth0"

# The outside address and the network device that supports it.
ANYADDR="0/0"
ANYDEV="ppp0"

# The TCP services we wish to allow to pass - "" empty means all ports
# note: comma separated
TCPIN="ssh,ftp,ftp-data"
TCPOUT="smtp,www,ssh,telnet,ftp,ftp-data,irc,http"

# The UDP services we wish to allow to pass - "" empty means all ports
# note: comma separated
UDPIN="domain"
UDPOUT="domain"

# The ICMP services we wish to allow to pass - "" empty means all types
# ref: /usr/include/netinet/ip_icmp.h for type numbers
# note: comma separated
ICMPIN="0,3,11"
ICMPOUT="8,3,11"

# Logging; uncomment the following line to enable logging of datagrams
# that are blocked by the firewall.
# LOGGING=1

# END USER CONFIGURABLE SECTION
####################################
# Flush the Input table rules
echo -n Flushing forward... && {
$IPTABLES -F FORWARD
} && echo done

# We want to deny incoming access by default.
# echo -n Denying incoming access... && {
# $IPTABLES -P FORWARD drop
# } && echo done

# Drop all datagrams destined for this host received from outside.
echo -n Dropping incoming datagrams... && {
$IPTABLES -A INPUT -i $ANYDEV -j DROP
} && echo done

# SPOOFING
# We should not accept any datagrams with a source address matching ours
# from the outside, so we deny them.
echo -n Preventing spoofing... && {
$IPTABLES -A FORWARD -s $OURNET -i $ANYDEV -j DROP
} && echo done

# SMURF
# Disallow ICMP to our broadcast address to prevent "Smurf" style attack.
echo -n Preventing SMURFs... && {
$IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET -j DROP
} && echo done

# We should accept fragments, in iptables we must do this explicitly.
echo -n Accepting fragments... && {
$IPTABLES -A FORWARD -f -j ACCEPT
} && echo done

# TCP
# We will accept all TCP datagrams belonging to an existing connection
# (i.e. having the ACK bit set) for the TCP ports were allowing through.
# This should catch more than 95 % of all valid TCP packets.
echo -n Accepting valid incoming tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -d $OURNET --dports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done
echo -n Accepting valid outgoing tcp datagrams on existing connections... && {
$IPTABLES -A FORWARD -m multiport -p tcp -s $OURNET --sports $TCPIN ! --tcp-flags SYN,ACK ACK -j ACCEPT
} && echo done

# TCP - INCOMING CONNECTIONS
# We will accept connection requests from the outside only on the
# allowed TCP ports.
echo -n Accepting incoming tcp connections on allowed ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $ANYDEV -d $OURNET --dports $TCPIN --syn -j ACCEPT
} && echo done

# TCP - OUTGOING CONNECTIONS
# We will accept all outgoing tcp connection requests on the allowed TCP ports.
echo -n Accepting outgoing traffic on allowed tcp ports... && {
$IPTABLES -A FORWARD -m multiport -p tcp -i $OURDEV -d $ANYADDR --dports $TCPOUT --syn -j ACCEPT
} && echo done

# UDP - INCOMING
# allow UDP datagrams in on the allowed ports and back.
echo -n Allowing UDP datagrams in on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -d $OURNET --dports $UDPIN -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $ANYDEV -s $OURNET --sports $UDPIN -j ACCEPT
} && echo done

# UDP - OUTGOING
# We will allow UDP datagrams out to the allowed ports and back.
echo -n Allowing UDP datagrams out on the allowed ports and back... && {
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -d $ANYADDR --dports $UDPOUT -j ACCEPT
$IPTABLES -A FORWARD -m multiport -p udp -i $OURDEV -s $ANYADDR --sports $UDPOUT -j ACCEPT
} && echo done

# ICMP - INCOMING
# We will allow ICMP datagrams in of the allowed types.
# echo -n Allowing ICMP datagrams in of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $ANYDEV -d $OURNET --icmp-type $ICMPIN -j ACCEPT
# } && echo done

# ICMP - OUTGOING
# We will allow ICMP datagrams out of the allowed types.
# echo -n Allowing ICMP datagrams out of the allowed types... && {
# $IPTABLES -A FORWARD -p icmp -i $OURDEV -d $ANYADDR --icmp-type $ICMPOUT -j ACCEPT
# } && echo done

# DEFAULT and LOGGING
# All remaining datagrams fall through to the default
# rule and are dropped. They will be logged if youve
# configured the LOGGING variable above.
#

# DoS
# enabling Syn-flood protection
echo -n Enabling Syn-flood protection... && {
iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling Furtive port scanner protection
echo -n Enabling Furtive port scanner protection... && {
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
} && echo done
# Enabling ping of death protection
echo -n Enabling ping of death protection... && {
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
} && echo done


if [ "$LOGGING" ]
then
# Log barred TCP
$IPTABLES -A FORWARD -m tcp -p tcp -j LOG
# Log barred UDP
$IPTABLES -A FORWARD -m udp -p udp -j LOG
# Log barred ICMP
$IPTABLES -A FORWARD -m udp -p icmp -j LOG
fi
#
# end.