table of contents
nemesis-ip(1) | General Commands Manual (usm) | nemesis-ip(1) |
NAME¶
nemesis-ip
— IP
Protocol (The Nemesis Project)
SYNOPSIS¶
nemesis-ip |
[-vZ? ] [-c
COUNT] [-d
IFNAME] [-D
ADDR] [-F
OPT] [-H
MAC] [-I
ID] [-i
INTERVAL] [-M
MAC] [-O
FILE] [-p
PROTO] [-P
FILE] [-S
ADDR] [-t
TOS] [-T
TTL] |
DESCRIPTION¶
nemesis
is designed to be a command
line-based, portable human IP stack for UNIX-like and Windows systems. The
suite is broken down by protocol, and should allow for useful scripting of
injected packets from simple shell scripts.
nemesis-ip
provides an interface to craft
and inject IP packets allowing the user to inject an entirely arbitrary IP
packet.
GENERAL OPTIONS¶
-c
COUNT- Number of packets to send, default: 1.
-i
INTERVAL- Seconds between repeatedly sent packets, only available if
-c
is given. -v
- Display the injected packet in human readable form. Use twice to see a hexdump of the injected packet with printable ASCII characters on the right. Use three times for a hexdump without decoded ASCII.
IP OPTIONS¶
-D
ADDR- Specify the destination IP address within the IP header.
-F
OPT- Specify the fragmentation options in the IP header:
IP fragmentation options can be specified individually or combined into a single argument to the
-F
command line switch by separating the options with commas (eg.-FD,M
) or spaces (eg.-FM
223). The IP fragmentation offset is a 13-bit field with valid values from 0 to 8189. Don't fragment (DF), more fragments (MF) and the reserved flag (RESERVED or RB) are 1-bit fields.NOTE: Under normal conditions, the reserved flag is unset.
-I
ID- Specify the IP ID within the IP header.
-O
FILE- This will cause
nemesis-ip
to use the specified IP options file as the options when building the IP header for the injected packet. IP options can be up to 40 bytes in length. The IP options file must be created manually based upon the desired options. IP options can also be read from stdin by specifying-O-
instead. -p
-PROTO
- Specify the IP protocol number as an integer within the IP header. Valid
IP protocol numbers include:
Code Name Description 0 IP pseudo protocol number 1 ICMP internet control message protocol 2 IGMP Internet Group Management 3 GGP gateway-gateway protocol 4 IP-ENCAP IP encapsulated in IP (officially "IP") 5 ST ST datagram mode 6 TCP transmission control protocol 7 UCL UCL 8 EGP exterior gateway protocol 9 IGP any private interior gateway 10 BBN-RCC-MON BBN RCC Monitoring 11 NVP-II Network Voice Protocol 12 PUP PARC universal packet protocol 13 ARGUS ARGUS 14 EMCON EMCON 15 XNET Cross Net Debugger 16 CHAOS Chaos 17 UDP user datagram protocol 18 MUX Multiplexing 19 DCN-MEAS DCN Measurement Subsystems 20 HMP host monitoring protocol 21 PRM Packet Radio Measurement 22 XNS-IDP Xerox NS IDP 23 TRUNK-1 Trunk-1 24 TRUNK-2 Trunk-2 25 LEAF-1 Leaf-1 26 LEAF-2 Leaf-2 27 RDP reliable datagram protocol 28 IRTP Internet Reliable Transaction 29 ISO-TP4 ISO Transport Protocol class 4 30 NETBLT Bulk Data Transfer Protocol 31 MFE-NSP MFE Network Services Protocol 32 MERIT-INP MERIT Internodal Protocol 33 SEP Sequential Exchange Protocol 34 3PC Third Party Connect Protocol 35 IDPR Inter-Domain Policy Routing Protocol 36 XTP Xpress Transfer Protocol 37 DDP Datagram Delivery Protocol 38 IDPR-CMTP IDPR Control Message Transport Protocol 39 IDPR-CMTP IDPR Control Message Transport 40 IL IL Transport Protocol 41 IPv6 Internet Protocol version 6 42 SDRP Source Demand Routing Protocol 43 SIP-SR SIP Source Route 44 SIP-FRAG SIP Fragment 45 IDRP Inter-Domain Routing Protocol 46 RSVP Reservation Protocol 47 GRE General Routing Encapsulation 48 MHRP Mobile Host Routing Protocol 49 BNA BNA 50 IPSEC-ESP Encap Security Payload 51 IPSEC-AH Authentication Header 52 I-NLSP Integrated Net Layer Security TUBA 53 SWIPE IP with Encryption 54 NHRP NBMA Next Hop Resolution Protocol 55 MOBILEIP MobileIP encapsulation 57 SKIP SKIP 58 IPv6-ICMP ICMP for IPv6 59 IPv6-NoNxt Next Header for IPv6 60 IPv6-Opts Destination Options for IPv6 61 any host internal protocol 62 CFTP CFTP 63 any local network 64 SAT-EXPAK SATNET and Backroom EXPAK 65 KRYPTOLAN Kryptolan 66 RVD MIT Remote Virtual Disk Protocol 67 IPPC Internet Pluribus Packet Core 68 any distributed file system 69 SAT-MON SATNET Monitoring 70 VISA VISA Protocol 71 IPCV Internet Packet Core Utility 72 CPNX Computer Protocol Network Executive 73 CPHB Computer Protocol Heart Beat 74 WSN Wang Span Network 75 PVP Packet Video Protocol 76 BR-SAT-MON Backroom SATNET Monitoring 77 SUN-ND SUN ND PROTOCOL-Temporary 78 WB-MON WIDEBAND Monitoring 79 WB-EXPAK WIDEBAND EXPAK 80 ISO-IP ISO Internet Protocol 81 VMTP Versatile Message Transport 82 SECURE-VMTP SECURE-VMTP 83 VINES VINES 84 TTP TTP 85 NSFNET-IGP NSFNET-IGP 86 DGP Dissimilar Gateway Protocol 87 TCF TCF 88 IGRP IGRP 89 OSPFIGP Open Shortest Path First IGP 90 Sprite-RPC Sprite RPC Protocol 91 LARP Locus Address Resolution Protocol 92 MTP Multicast Transport Protocol 93 AX.25 AX.25 Frames 94 IPIP Yet Another IP encapsulation 95 MICP Mobile Internetworking Control Protocol 96 SCC-SP Semaphore Communications Sec. Protocol 97 ETHERIP Ethernet-within-IP Encapsulation 98 ENCAP Yet Another IP encapsulation 99 any private encryption scheme 100 GMTP GMTP 103 PIM Protocol Independent Multicast 108 IPComp IP Payload Compression Protocol 112 VRRP Virtual Router Redundancy Protocol 255 Reserved Reserved -P
FILE- This will cause nemesis-ip to use the specified payload file as the
payload when injecting IP packets. For packets injected using the raw
interface (where -d is not used) the maximum payload size is 65475 bytes.
For packets injected using the link layer interface (where
-d
IS used), the maximum payload size is 1440 bytes. Payloads can also be read from stdin by specifying-P-
instead.Windows systems are limited to a maximum payload size of 1440 bytes for IP packets.
The payload file can consist of any arbitrary data though it will be most useful to create a payload resembling the structure of a packet type not supported by nemesis. Used in this manner, virtually any IP packet can be injected.
-S
ADDR- Specify the source IP address within the IP header.
-t
TOS- Specify the IP type of service (TOS) within the IP header. Valid type of
service values:
- 2
- Minimize monetary cost
- 4
- Maximize reliability
- 8
- Maximize throughput
- 24
- Minimize delay
NOTE: Under normal conditions, only one type of service is set within a packet. To specify multiple types, specify the sum of the desired values as the type of service.
-T
TTL- Specify the IP time-to-live (TTL) in the IP header.
DATA LINK OPTIONS¶
-d
IFNAME- Specify the name (for UNIX-like systems) or the number (for Windows systems) of the IFNAME to use (eg. fxp0, eth0, hme0, 1).
-H
MAC- Specify the source MAC address, (XX:XX:XX:XX:XX:XX).
-M
MAC- Specify the destination MAC address, (XX:XX:XX:XX:XX:XX).
-Z
- Lists the available network interfaces by number for use in link-layer
injection.
NOTE: This feature is only relevant to Windows systems.
DIAGNOSTICS¶
nemesis-ip
returns 0 on a successful exit,
1 if it exits on an error.
SEE ALSO¶
nemesis-arp(1), nemesis-dhcp(1), nemesis-dns(1), nemesis-ethernet(1), nemesis-icmp(1), nemesis-igmp(1), nemesis-ospf(1), nemesis-rip(1), nemesis-tcp(1), nemesis-udp(1).
AUTHORS¶
Jeff Nathan <jeff@snort.org>
BUGS¶
Please report at https://github.com/libnet/nemesis/issues
December 12, 2019 |