NAME

nemesis-rip —

SYNOPSIS

nemesis-rip

[ -vZ? ] [ -a AF ] [ -c CMD ] [ -d IFNAME ] [ -D ADDR ] [ -F OPT ] [ -h ADDR ] [ -H MAC ] [ -i ADDR ] [ -I ID ] [ -k MASK ] [ -m METRIC ] [ -M MAC ] [ -O FILE ] [ -P FILE ] [ -r DOMAIN ] [ -R TAG ] [ -S ADDR ] [ -t TOS ] [ -T TTL ] [ -V VER ] [ -x PORT ] [ -y PORT ]

DESCRIPTION

nemesis is designed to be a command line-based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts. nemesis-rip provides an interface to craft and inject RIP packets allowing the user to specify any portion of a RIP packet as well as lower-level IP packet information.

RIP Options

-a AF

Specify the RIP address family within the RIP header.

NOTE: Under normal conditions, the address-family value is ‘2’, indicating IP.

-c CMD

Specify the RIP command within the RIP header. Valid RIP commands are:

1

Request

2

Reply

3

Trace on - obsolete

4

Trace off - obsolete

5

Poll

6

Poll entry

7

Max

NOTE Under normal conditions, only commands 1 (Request) and 2 (Reply) are valid.

-h ADDR

Specify the RIP next-hop address within the RIP header. The next hop address value is 0 for RIP version 1. For RIP version 2 the next hop address specifies the IP address of the next route in the path to the destination host or network. Also for RIP version 2, if this value is 0, the next hop address is the IP address of the router originating the RIP update.

-i ADDR

Specify the RIP route address within the RIP header. This value species the destination network, subnet or host of route in the form of an IP address.

-k MASK

Specify the RIP network address mask within the RIP header. The network address mask value is 0 for RIP version 1. For RIP version 2 the network address mask specifies the mask associated with the route.

-m METRIC

Specify the RIP metric within the RIP header. Valid RIP-metric values range from 1 to 16. A RIP-metric value of 16 (infinity) is used to invalidate a route.

-P FILE

This will cause nemesis-rip to use the specified payload file as the payload when injecting RIP packets. For packets injected using the raw interface (where -d is not used), the maximum payload size is 65393 bytes. For packets injected using the link layer interface (where -d IS used), the maximum payload size is 1358 bytes. Payloads can also be read from stdin by specifying ‘-P-’ instead.

Windows systems are limited to a maximum payload size of 1358 bytes for RIP packets.

-r DOMAIN

Specify the RIP routing domain within the RIP header. A routing domain value of 0 is used for RIP version 1. For RIP version 2 the routing domain field is used to identify a unique RIP process on the host or router.

-R TAG

Specify the RIP route tag within the RIP header. The RIP route tag value is used to support exterior gatetway protocols. A route tag value of 0 is used for RIP version 1. For RIP version 2 the route tag field will contain the autonomous system (AS) number for exterior gateway protocol (EGP) and border gateway protocol (BGP). RIP version 2 preserves this value when a route is re-advertised.

-V VER

Specify the RIP version within the RIP header. NOTE: Under normal conditions only versions 1 and 2 are valid.

-v

Display the injected packet in human readable form. Use twice to see a hexdump of the injected packet with printable ASCII characters on the right. Use three times for a hexdump without decoded ASCII.

UDP OPTIONS

-x PORT

Specify the source port within the UDP header.

-y PORT

Specify the destintion port within the UDP header.

IP OPTIONS

-D ADDR

Specify the destination IP address within the IP header.

-F OPT

Specify the fragmentation options in the IP header:

-FD

don't fragment

-FM

more fragments

-FR

reserved flag

-F offset

 

IP fragmentation options can be specified individually or combined into a single argument to the -F command line switch by separating the options with commas (eg. -FD,M) or spaces (eg. -FM 223). The IP fragmentation offset is a 13-bit field with valid values from 0 to 8189. Don't fragment (DF), more fragments (MF) and the reserved flag (RESERVED or RB) are 1-bit fields.

NOTE: Under normal conditions, the reserved flag is unset.

-I ID

Specify the IP ID within the IP header.

-O FILE

This will cause nemesis-rip to use the specified IP options file as the options when building the IP header for the injected packet. IP options can be up to 40 bytes in length. The IP options file must be created manually based upon the desired options. IP options can also be read from stdin by specifying -O- instead.

-S ADDR

Specify the source IP address within the IP header.

-t TOS

Specify the IP type of service (TOS) within the IP header. Valid type of service values:

2

Minimize monetary cost

4

Maximize reliability

8

Maximize throughput

24

Minimize delay

NOTE: Under normal conditions, only one type of service is set within a packet. To specify multiple types, specify the sum of the desired values as the type of service.

-T TTL

Specify the IP time-to-live (TTL) in the IP header.

DATA LINK OPTIONS

-d IFNAME

Specify the name (for UNIX-like systems) or the number (for Windows systems) of the IFNAME to use (eg. fxp0, eth0, hme0, 1).

-H MAC

Specify the source MAC address, (XX:XX:XX:XX:XX:XX).

-M MAC

Specify the destination MAC address, (XX:XX:XX:XX:XX:XX).

-Z

Lists the available network interfaces by number for use in link-layer injection.

NOTE: This feature is only relevant to Windows systems.

DIAGNOSTICS

nemesis-rip returns 0 on a successful exit, 1 if it exits on an error.

SEE ALSO

nemesis-arp(1), nemesis-dhcp(1), nemesis-dns(1), nemesis-ethernet(1), nemesis-icmp(1), nemesis-igmp(1), nemesis-ip(1), nemesis-ospf(1), nemesis-tcp(1). nemesis-udp(1),

AUTHORS

Mark Grimes <mark@stateful.net> and
Jeff Nathan <jeff@snort.org>

BUGS

Please report at https://github.com/libnet/nemesis/issues