NetInjector (neti) is a fast and highly configurable UDP/TCP/ICMP packet generator engine. It also incorporates a simple sniffer to view responses coming from the targets. Neti can be used to simulate a variety of probing tools (ping, traceroute, tcp-ping...) as well as testing firewall rules (TCP/UDP portscan, firewalking when playing with TTL,...).
The tool can also be used as a Denial of Service test attack generator. It's posible to generate a single packet corresponding to a known flooding attack, to see if it pass through the filtering (by sniffing on the target). It's a safe way to test a firewall that is suposed to block these kind of packets (I mean fragmented, syn only, all-flag ones, ...). Of course there's a real flooding mode, dangerous but usefull to test a new install that's not yet in production.
A collection of shell-scripts is packed with the engine as exemples of use.
All types of packets have not been tested yet. So if something doesn't work let me know and I will do my best to patch it ASAP !
Features :
- Builds many of the most used IP/ICMP header fields
- Builds many of the most used TCP/UDP header fields
- Flood mode
- Simple sniffer
Possible uses :
- any kinds of ICMP probing
- any kinds UDP probing
- any kinds TCP probing
- firewalking, tracaroute
- any kinds of port-scanning (with the possibility to change the signature by modifying randomly flags in TCP/IP header)
- spoofing testing
- flooding testing
- denial of service testing
USAGE
Usage : neti [options] [dest IP] [dest port]
Synopsis :
neti -m TCP -F S -t 5 -f TIA -p 80 -q D targetIP targetPORT neti -C neti.conf neti -m ICMP -c 8 -y 0 -t 5 -f TIA target IP neti -m UDP ...
GLOBAL options :
[-C config file] use a config file for parameters
[-m MODE] set the protocol : UDP, TCP, ICMP, or protocol number
[-h] help
[-a IP] source IP adress
[-i if name] output interface to use
[-p port] source port
[-d filename] file to read data from
[-T TTL] set the IP time to live
[-o offset] set the IP offset
[-q TOS] set the TOS options
"TOS" is a chain set from :
[C] : Minimum Cost (nntp)
[R] : Maximum Reliability (snmp)
[T] : Maximum Throughput (data transfert)
[D] : Minimum Delay (telnet)
[-O] flOOd mode
[-n] numeric mode, no lookup before sending
SNIFFER options :
[-b] blind mode, don't listen, just send
[-r] try a reverse lookup before printing
[-l] listen mode, don't stop sniffing
[-t TIMEOUT] timeout to wait for response in seconds
[-s] set the promiscuous mode
[-f FILTERS] filter incoming packets
"FILTERS" is a chain set from :
[U] : UDP protocol
[T] : TCP protocol
[I] : ICMP protocol
[A] : IP Address of target
TCP options :
[-F FLAGS] set the TCP flags and options
"FLAGS" option is a chain set from :
[S] the SYN flag
[A] the ACK flag
[P] the PUSH flag
[R] the RST flag
[F] the FIN flag
[U] the URG flag
[T] set the TCP_TIMESTAMP option
[-W WINDOW] set the TCP window
ICMP options :
[-y ICMP type] set the ICMP type
[-c ICMP code] set the ICMP code
[-g ICMP redirect gateway] set the IP of the gw
[-e ICMP echo ID] set the ICMP echo ID
[-H] show ICMP supported types and codes
Example :
To send a TCP packet :
to destination port 139 from source port 80 with SYN flag only to host 192.168.1.100 with TTL = 5 with timeout = 10 printing only ICMP and TCP responses from the target
Command line should be :
neti -m TCP -p 80 -F S -T 5 -t 10 -f TAI 192.168.1.100 139
Giving the result that port is opened (we get a SYN-ACK flag in response) as shown below :
Sending -SYN-WIN(65535)-192.168.1.200[80]-TTL(5) -> 192.168.1.100[139] Received -[len 56]-SYN-ACK-WIN(61690)-192.168.1.100[139]-TTL(128) -> 192.168.1.200[80]