nemesis-ip(1) (usm)
nemesis-ip(1) General Commands Manual (usm) nemesis-ip(1)

NAME

nemesis-ipIP Protocol (The Nemesis Project)

SYNOPSIS

nemesis-ip [-vZ?] [-c COUNT] [-d IFNAME] [-D ADDR] [-F OPT] [-H MAC] [-I ID] [-i INTERVAL] [-M MAC] [-O FILE] [-p PROTO] [-P FILE] [-S ADDR] [-t TOS] [-T TTL]

DESCRIPTION

nemesis is designed to be a command line-based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts.
nemesis-ip provides an interface to craft and inject IP packets allowing the user to inject an entirely arbitrary IP packet.

GENERAL OPTIONS

-c COUNT
Number of packets to send, default: 1.
-i INTERVAL
Seconds between repeatedly sent packets, only available if -c is given.
-v
Display the injected packet in human readable form. Use twice to see a hexdump of the injected packet with printable ASCII characters on the right. Use three times for a hexdump without decoded ASCII.

IP OPTIONS

-D ADDR
Specify the destination IP address within the IP header.
-F OPT
Specify the fragmentation options in the IP header:
-FD
don't fragment
-FM
more fragments
-FR
reserved flag
-F offset
 
IP fragmentation options can be specified individually or combined into a single argument to the -F command line switch by separating the options with commas (eg. -FD,M) or spaces (eg. -FM 223). The IP fragmentation offset is a 13-bit field with valid values from 0 to 8189. Don't fragment (DF), more fragments (MF) and the reserved flag (RESERVED or RB) are 1-bit fields.
NOTE: Under normal conditions, the reserved flag is unset.
-I ID
Specify the IP ID within the IP header.
-O FILE
This will cause nemesis-ip to use the specified IP options file as the options when building the IP header for the injected packet. IP options can be up to 40 bytes in length. The IP options file must be created manually based upon the desired options. IP options can also be read from stdin by specifying -O- instead.
-p -PROTO
Specify the IP protocol number as an integer within the IP header. Valid IP protocol numbers include:
Code Name Description
0 IP pseudo protocol number
1 ICMP internet control message protocol
2 IGMP Internet Group Management
3 GGP gateway-gateway protocol
4 IP-ENCAP IP encapsulated in IP (officially “IP”)
5 ST ST datagram mode
6 TCP transmission control protocol
7 UCL UCL
8 EGP exterior gateway protocol
9 IGP any private interior gateway
10 BBN-RCC-MON BBN RCC Monitoring
11 NVP-II Network Voice Protocol
12 PUP PARC universal packet protocol
13 ARGUS ARGUS
14 EMCON EMCON
15 XNET Cross Net Debugger
16 CHAOS Chaos
17 UDP user datagram protocol
18 MUX Multiplexing
19 DCN-MEAS DCN Measurement Subsystems
20 HMP host monitoring protocol
21 PRM Packet Radio Measurement
22 XNS-IDP Xerox NS IDP
23 TRUNK-1 Trunk-1
24 TRUNK-2 Trunk-2
25 LEAF-1 Leaf-1
26 LEAF-2 Leaf-2
27 RDP reliable datagram protocol
28 IRTP Internet Reliable Transaction
29 ISO-TP4 ISO Transport Protocol class 4
30 NETBLT Bulk Data Transfer Protocol
31 MFE-NSP MFE Network Services Protocol
32 MERIT-INP MERIT Internodal Protocol
33 SEP Sequential Exchange Protocol
34 3PC Third Party Connect Protocol
35 IDPR Inter-Domain Policy Routing Protocol
36 XTP Xpress Transfer Protocol
37 DDP Datagram Delivery Protocol
38 IDPR-CMTP IDPR Control Message Transport Protocol
39 IDPR-CMTP IDPR Control Message Transport
40 IL IL Transport Protocol
41 IPv6 Internet Protocol version 6
42 SDRP Source Demand Routing Protocol
43 SIP-SR SIP Source Route
44 SIP-FRAG SIP Fragment
45 IDRP Inter-Domain Routing Protocol
46 RSVP Reservation Protocol
47 GRE General Routing Encapsulation
48 MHRP Mobile Host Routing Protocol
49 BNA BNA
50 IPSEC-ESP Encap Security Payload
51 IPSEC-AH Authentication Header
52 I-NLSP Integrated Net Layer Security TUBA
53 SWIPE IP with Encryption
54 NHRP NBMA Next Hop Resolution Protocol
55 MOBILEIP MobileIP encapsulation
57 SKIP SKIP
58 IPv6-ICMP ICMP for IPv6
59 IPv6-NoNxt Next Header for IPv6
60 IPv6-Opts Destination Options for IPv6
61 any host internal protocol
62 CFTP CFTP
63 any local network
64 SAT-EXPAK SATNET and Backroom EXPAK
65 KRYPTOLAN Kryptolan
66 RVD MIT Remote Virtual Disk Protocol
67 IPPC Internet Pluribus Packet Core
68 any distributed file system
69 SAT-MON SATNET Monitoring
70 VISA VISA Protocol
71 IPCV Internet Packet Core Utility
72 CPNX Computer Protocol Network Executive
73 CPHB Computer Protocol Heart Beat
74 WSN Wang Span Network
75 PVP Packet Video Protocol
76 BR-SAT-MON Backroom SATNET Monitoring
77 SUN-ND SUN ND PROTOCOL-Temporary
78 WB-MON WIDEBAND Monitoring
79 WB-EXPAK WIDEBAND EXPAK
80 ISO-IP ISO Internet Protocol
81 VMTP Versatile Message Transport
82 SECURE-VMTP SECURE-VMTP
83 VINES VINES
84 TTP TTP
85 NSFNET-IGP NSFNET-IGP
86 DGP Dissimilar Gateway Protocol
87 TCF TCF
88 IGRP IGRP
89 OSPFIGP Open Shortest Path First IGP
90 Sprite-RPC Sprite RPC Protocol
91 LARP Locus Address Resolution Protocol
92 MTP Multicast Transport Protocol
93 AX.25 AX.25 Frames
94 IPIP Yet Another IP encapsulation
95 MICP Mobile Internetworking Control Protocol
96 SCC-SP Semaphore Communications Sec. Protocol
97 ETHERIP Ethernet-within-IP Encapsulation
98 ENCAP Yet Another IP encapsulation
99 any private encryption scheme
100 GMTP GMTP
103 PIM Protocol Independent Multicast
108 IPComp IP Payload Compression Protocol
112 VRRP Virtual Router Redundancy Protocol
255 Reserved Reserved
-P FILE
This will cause nemesis-ip to use the specified payload file as the payload when injecting IP packets. For packets injected using the raw interface (where -d is not used) the maximum payload size is 65475 bytes. For packets injected using the link layer interface (where -d IS used), the maximum payload size is 1440 bytes. Payloads can also be read from stdin by specifying -P- instead.
Windows systems are limited to a maximum payload size of 1440 bytes for IP packets.
The payload file can consist of any arbitrary data though it will be most useful to create a payload resembling the structure of a packet type not supported by nemesis. Used in this manner, virtually any IP packet can be injected.
-S ADDR
Specify the source IP address within the IP header.
-t TOS
Specify the IP type of service (TOS) within the IP header. Valid type of service values:
2
Minimize monetary cost
4
Maximize reliability
8
Maximize throughput
24
Minimize delay
NOTE: Under normal conditions, only one type of service is set within a packet. To specify multiple types, specify the sum of the desired values as the type of service.
-T TTL
Specify the IP time-to-live (TTL) in the IP header.

DATA LINK OPTIONS

-d IFNAME
Specify the name (for UNIX-like systems) or the number (for Windows systems) of the IFNAME to use (eg. fxp0, eth0, hme0, 1).
-H MAC
Specify the source MAC address, (XX:XX:XX:XX:XX:XX).
-M MAC
Specify the destination MAC address, (XX:XX:XX:XX:XX:XX).
-Z
Lists the available network interfaces by number for use in link-layer injection.
NOTE: This feature is only relevant to Windows systems.

DIAGNOSTICS

nemesis-ip returns 0 on a successful exit, 1 if it exits on an error.

SEE ALSO

nemesis-arp(1), nemesis-dhcp(1), nemesis-dns(1), nemesis-ethernet(1), nemesis-icmp(1), nemesis-igmp(1), nemesis-ospf(1), nemesis-rip(1), nemesis-tcp(1), nemesis-udp(1).

AUTHORS

Jeff Nathan <jeff@snort.org>

BUGS

Please report at https://github.com/troglobit/nemesis/issues
December 12, 2019