构造各种ICMP包的工具-nemesis
nemesis几乎可以用来构造任何类型的数据包, 下载地址http://www.packetfactory.net/Projects/nemesis/
QUOTE:
The Nemesis Project is designed to be a command line-based, portable human IP stack for UNIX-like
and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of
injected packets from simple shell scripts.
nemesis provides an interface to craft and inject a variety of arbitary packet types. Nemesis Sup-
ports the following protocols:
arp
dns
ethernet
icmp
igmp
ip
ospf
rip
tcp
udp
A list of supported options for each protocol is displayed by supplying a protocol name on the com-
mand line followed by the option "help" (eg: nemesis ethernet help).
The manual for each protocol is dusplayed by supplying a protocol name on the command line followed
by the option "man" (eg: nemesis ethernet man).
下面是ICMP部分的用法
QUOTE:
NEMESIS-ICMP(1) NEMESIS-ICMP(1)
NAME
nemesis-icmp - ICMP Protocol (The Nemesis Project)
SYNOPSIS
nemesis-icmp [-vZ?] [-a ICMP-timestamp-request-reply-transmit-time ] [-b original-destination-IP-
address ] [-B original-source-IP-address ] [-c ICMP-code ] [-d Ethernet-device ] [-D destination-IP-
address ] [-e ICMP-ID ] [-f original-IP-fragmentation ] [-F fragmentation-options ] [-G preferred-
gateway ] [-H source-MAC-address ] [-i ICMP-type ] [-I IP-ID ] [-j original-IP-TOS ] [-J original-
IP-TTL ] [-l original-IP-options-file ] [-m ICMP-mask ] [-M destination-MAC-address ] [-o ICMP-
timestamp-request-transmit-time ] [-O IP-options-file ] [-p original-IP-protocol ] [-P payload-file
] [-q ICMP-injection-mode ] [-r ICMP-timestamp-request-reply-received-time ] [-S source-IP-address ]
[-t IP-TOS ] [-T IP-TTL ]
DESCRIPTION
The Nemesis Project is designed to be a command line-based, portable human IP stack for UNIX-like
and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of
injected packets from simple shell scripts.
nemesis-icmp provides an interface to craft and inject ICMP packets allowing the user to specify any
portion of an ICMP packet as well as lower-level IP packet information.
ICMP Options
-c ICMP-type
Specify the ICMP-code within the ICMP header.
-e ICMP-ID
Specify the ICMP-ID within the ICMP header.
-G preferred-gateway
Specify the preferred-gateway-IP-address for ICMP redirect injection.
-i ICMP-type
Specify the ICMP-type within the ICMP header.
-m address-mask
Specify the IP-address-mask for ICMP address mask packets.
-P payload-file
This will case nemesis-icmp to use the specified payload-file as the payload when injecting
ICMP packets. For packets injected using the raw interface (where -d is not used), the maxi-
mum payload size is 65387 bytes. For packets injected using the link layer interface (where
-d IS used), the maximum payload size is 1352 bytes. Payloads can also be read from stdin by
specifying '-P -' instead of a payload file.
Windows systems are limited to a maximum payload size of 1352 bytes for ICMP packets.
-q ICMP-injection-mode
Specify the ICMP-injection-mode to use when injecting. Valid modes are:
-qE (ICMP echo)
-qM (ICMP address mask)
-qU (ICMP unreachable)
-qX (ICMP time exceeded)
-qR (ICMP redirect)
-qT (ICMP timestamp)
Only one mode may be specified at a time.
-s ICMP-sequence-number
Specify the ICMP-sequence-number within the ICMP header.
-v verbose-mode
Display the injected packet in human readable form. Use twice to see a hexdump of the
injected packet.
ICMP TIMESTAMP OPTIONS
-a ICMP-timestamp-request-reply-transmit-time
Specify the ICMP-timestamp-request-reply-transmit-time (the time a reply to an ICMP timestamp
request was transmitted) within the ICMP timestamp header.
-o ICMP-timestamp-request-transmit-time
Specify the ICMP-timestamp-request-transmit-time (the time an ICMP timestamp request was
Specify the ICMP-timestamp-request-transmit-time (the time an ICMP timestamp request was
transmitted) within the ICMP timestamp header.
-r ICMP-timestamp-request-reply-received-time
Specify the ICMP-timestamp-request-reply-received-time (the time a reply to an ICMP timestamp
request was received) within the ICMP timestamp header.
ICMP ORIGINAL DATAGRAM OPTIONS
-b original-destination-IP-address
Specify the original-destination-IP-address within an ICMP unreachable, redirect or time
exceeded packet.
-B original-source-IP-address
Specify the original-source-IP-address within an ICMP unreachable, redirect or time exceeded
packet.
-f original-fragmentation-options
Specify the original-IP-fragmentation-options within an ICMP unreachable, redirect or time
exceeded packet. For more information reference the '-F' command line switch.
-j original-IP-TOS
Specify the original-IP-type-of-service (TOS) within an ICMP unreachable, redirect or time
exceeded packet.
-J original-IP-TTL
Specify the original-IP-time-to-live (TTL) within an ICMP unreachable, redirect or time
exceeded packet.
-l original-IP-options-file
This will cause nemesis-icmp to use the specified original-IP-options-file as the options
when building the original IP header for the injected ICMP unreachable, redirect or time
exceeded packet. IP options can be up to 40 bytes in length. The IP options file must be
created manually based upon the desired options. IP options can also be read from stdin by
specifying '-O -' instead of an IP-options-file.
-p original-IP-protocol
Specify the original-IP-protocol within an ICMP unrechable, redirect or time exceeded packet.
IP OPTIONS
-D destination-IP-address
Specify the destination-IP-address within the IP header.
-F fragmentation-options (-F[D],[M],[R],[offset])
Specify the fragmentation options:
-FD (don't fragment)
-FM (more fragments)
-FR (reserved flag)
-F <offset>
within the IP header. IP fragmentation options can be specified individually or combined
into a single argument to the -F command line switch by separating the options with commas
(eg. '-FD,M') or spaces (eg. '-FM 223'). The IP fragmentation offset is a 13-bit field with
valid values from 0 to 8189. Don't fragment (DF), more fragments (MF) and the reserved flag
(RESERVED or RB) are 1-bit fields.
NOTE: Under normal conditions, the reserved flag is unset.
-I IP-ID
Specify the IP-ID within the IP header.
-O IP-options-file
This will cause nemesis-icmp to use the specified IP-options-file as the options when build-
ing the IP header for the injected packet. IP options can be up to 40 bytes in length. The
IP options file must be created manually based upon the desired options. IP options can also
be read from stdin by specifying '-O -' instead of an IP-options-file.
-S source-IP-address
Specify the source-IP-address within the IP header.
-t IP-TOS
Specify the IP-type-of-service (TOS) within the IP header. Valid type of service values:
2 (Minimize monetary cost)
4 (Maximize reliability)
8 (Maximize throughput)
24 (Minimize delay)
NOTE: Under normal conditions, only one type of service is set within a packet. To specify
multiple types, specify the sum of the desired values as the type of service.
-T IP-TTL
IP-time-to-live (TTL) within the IP header.
DATA LINK OPTIONS
-d Ethernet-device
Specify the name (for UNIX-like systems) or the number (for Windows systems) of the Ethernet-
device to use (eg. fxp0, eth0, hme0, 1).
-H source-MAC-address
Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).
-M destination-MAC-address
Specify the destintion-MAC-address (XX:XX:XX:XX:XX:XX).
-Z list-network-interfaces
Lists the available network interfaces by number for use in link-layer injection.
NOTE: This feature is only relevant to Windows systems.
DIAGNOSTICS
Nemesis-icmp returns 0 on a successful exit, 1 if it exits on an error.
BUGS
Send concise and clearly written bug reports to jeff@snort.org
AUTHOR
Jeff Nathan <jeff@snort.org>
Originally developed by Mark Grimes <mark@stateful.net>
SEE ALSO
nemesis-arp(1), nemesis-dns(1), nemesis-ethernet(1), nemesis-igmp(1), nemesis-ip(1), nemesis-
ospf(1), nemesis-rip(1), nemesis-tcp(1), nemesis-udp(1)
16 May 2003 NEMESIS-ICMP(1)