nemesis-dns —
DNS Protocol (The Nemesis Project)
nemesis-dns |
[ FlkvZ? ]
[-a
NUM
]
[-A
NUM
]
[-b
NUM
]
[-d
IFNAME
]
[-D
ADDr
]
[-f
FLAGS
]
[-F
OPT
]
[-g
FLAGS
]
[-H
MAC
]
[-i
ID
]
[-I
ID
]
[-M
MAC
]
[-o
FILE
]
[-O
FILE
]
[-P
FILE
]
[-q
NUM
]
[-r
NUM
]
[-s
NUM
]
[-S
ADDR
]
[-t
TOS
]
[-T
TTL
]
[-u
OFFSET
]
[-w
SIZE
]
[-x
PORT
]
[-y
PORT
] |
nemesis is designed to be a command
line-based, portable human IP stack for UNIX-like and Windows systems. The
suite is broken down by protocol, and should allow for useful scripting of
injected packets from simple shell scripts.
nemesis-dns provides an interface to craft
and inject DNS packets allowing the user to specify any portion of a DNS
packet as well as lower-level IP and TCP/UDP packet information.
-A
NUM- Specify the number of authoritative resource records in the DNS
header.
-b
NUM- Specify the number of answer resource records in the DNS header.
-g
FLAGS- Specify the DNS flags in the DNS header.
-i
ID- Specify the DNS ID in the DNS header.
-k- Use TCP instead of UDP when injecting DNS packets.
-P
FILE- This will cause
nemesis-dns to use the
specified FILE as the payload when
injecting DNS packets. For packets injected using the raw interface (where
-d is not used), the maximum payload
size is 65443 bytes for DNS packets injected using TCP, and 65455 for DNS
packets injected using UDP. For packets injected using the link layer
interface (where -d
IS used), the maximum payload size is 1368
bytes for TCP DNS packets, and 1420 bytes for UDP DNS packets. Payloads
can also be read from stdin by specifying
-P- instead.
Windows systems are limited to a maximum payload size of 1368 bytes for TCP
DNS packets and 1420 bytes for UDP DNS packets.
The payload file can consist of any arbitrary data though it will be most
useful to create a payload resembling the structure of the DNS packet
specified using the command-line options. In order to send real DNS
packets, a payload containing the appropriate record data (as specified in
the DNS header) must be created manually.
-q
NUM- Specify the number of questions in the DNS header.
-r
NUM- Specify the number of additional resource records in the DNS header.
-v- Display the injected packet in human readable form. Use twice to see a
hexdump of the injected packet with printable ASCII characters on the
right. Use three times for a hexdump without decoded ASCII.
-NUM- Specify the acknowledgement number (ACK number) in the TCP header.
-f
FLAGS- Specify the TCP flags in the TCP header.
Flags can be combined in the form
-fPA.
-o
FILE- This will cause
nemesis-dns to use the
specified FILE as the options when
building the TCP header for the injected packet. TCP options can be up to
40 bytes in length. The TCP options file must be created manually based
upon the desired options. TCP options can also be read from stdin by
specifying -o- instead.
-s
NUM- Specify the sequence number in the TCP header.
-u
OFFSET- Specify the urgent pointer offset in the TCP header.
-w
SIZE- Specify the window size (bytes) in the TCP header.
-x
PORT- Specify the TCP source port in the TCP header.
-y
PORT- Specify the TCP destination port in the TCP header.
-x
PORT- Source Port of injected packet.
-y
PORT- Target Port of injected packet.
-D
ADDR- Specify the destination IP address in the IP header.
-F
OPT- Specify the fragmentation options in the IP header:
-FD- don't fragment
-FM- more fragments
-FR- reserved flag
-F
offset-
IP fragmentation options can be specified individually or combined into a
single argument to the -F command line
switch by separating the options with commas (eg.
-FD,M) or spaces (eg.
-FM
223). The IP fragmentation offset is a
13-bit field with valid values from 0 to 8189. Don't fragment (DF), more
fragments (MF) and the reserved flag (RESERVED or RB) are 1-bit fields.
NOTE: Under normal conditions, the reserved
flag is unset.
-ID- Specify the IP ID in the IP header.
-O
FILE- This will cause
nemesis-dns to use the
specified FILE as the options when
building the IP header for the injected packet. IP options can be up to 40
bytes in length. The IP options file must be created manually based upon
the desired options. IP options can also be read from stdin by specifying
-O- instead.
-S
-ADDR- Specify the source IP address in the IP header.
-t
-TOS- Specify the IP type-of-service (TOS) in the IP header. Valid type of
service values:
- 2
- Minimize monetary cost
- 4
- Maximize reliability
- 8
- Maximize throughput
- 24
- Minimize delay
NOTE: Under normal conditions, only one type of
service is set within a packet. To specify multiple types, specify the sum
of the desired values as the type of service.
-T
TTL- Specify the IP time-to-live (TTL) in the IP header.
-d
IFNAME- Specify the name (for UNIX-like systems) or the number (for Windows
systems) of the IFNAME to use (eg. fxp0,
eth0, hme0, 1).
-H
MAC- Specify the source MAC address,
(XX:XX:XX:XX:XX:XX).
-M
MAC- Specify the destination MAC address,
(XX:XX:XX:XX:XX:XX).
-Z- Lists the available network interfaces by number for use in link-layer
injection.
NOTE: This feature is only relevant to Windows
systems.
Nemesis-dns returns 0 on a successful exit, 1 if it exits on an error.
nemesis-arp(1),
nemesis-dhcp(1),
nemesis-ethernet(1),
nemesis-icmp(1),
nemesis-igmp(1),
nemesis-ip(1),
nemesis-ospf(1),
nemesis-rip(1),
nemesis-tcp(1),
nemesis-udp(1).
Mark Grimes
<
mark@stateful.net>
and
Jeff Nathan
<
jeff@snort.org>
An interface for users to create DNS packet payloads should be created.
Please report bugs at
https://github.com/libnet/nemesis/issues