NAME

APSEND - send arbitrary network packets to hosts


SYNOPSIS

apsend -x / -destination <dest ip> [options] / <attacks>


DESCRIPTION

APSEND is a packet sender with which you can build and send arbitrary network packets. It supports the following protocols: TCP/UDP/IP/ICMP and ethernet frames, but you can (theoretically) build every possible packet (based on IP) using the --generic option. APSEND is based on the excellent Net::RawIP module from Sergey Kolychev <ksv@al.lg.ua>.


OPTIONS

APSEND has got alot of options to build network packets. It may be invoked with the following command-line options:

-d <destination IP>

--dest=IP

--destination=IP This sets the destination IP address to <destination IP>. You can use numeric IP addresses like 192.168.1.1 or hostnames like www.foobar.de. You need this option almost every time you use apsend. You won't need it if you just want to see the help (using the -?, -h or --help option), the ICMP types/code (using the --show option) or the available network devices (using the -x option).

-s <source IP>

--source=IP This option specifies the source IP address (numerical or host name). If use use 0 as your source IP, then APSEND will use a random IP address for each packet it sends (default source IP=``127.0.0.1'').

-v <IP version>

--version=IP version This option specifies the IP version (default=4).

-o <type of service>

--tos=type of service Use this option to specify the type of service (ToS) in the IP header (default=0).

--tot=total length This option specifies the total length of the IP header (IP header+data=total length). The total length will be calculated, if you don't specify it.

--id=identification IP identification field (default=0).

-fo <fragmentation offset>

--frag-off=fragmentation offset

--frag This options specifies the fragmentation offset as described in RFC791 (internet protocol specifications). The default value for the fragmentation offset is 0x4000.

-ttl <time to live> Use this option to specify the time to live value in the IP header (default=64).

--protocol This option specifies the protocol number for the protocols based on IP. These are for example ICMP(1), TCP(6) and UDP(17). Have a look at the /etc/protocols for other protocol numbers. The default protocol number is TCP(6).

--ipcheck You can use this option to set the IP checksum. You can also specify wrong IP checksums to test firewalls or other network applications for example. APSEND will calculate the right IP checksum as default, if you do not specify your own one.

--ihl This option sets the internet header length (IHL) (default=5). The IHL is needed, because of the variable lenght of the option field in the IP header.

-b <source port>

--source-port=source port

--sp=source port This option sets the source port for the TCP/UDP protocol. The default value for TCP and UDP is to set a random port. Have a look at the /etc/services for other ports/services.

-p <destination port>

--dest-port=destination port

--dp This option sets the destination port for the TCP/UDP protocol. The default value for TCP is port 80 (http) and for UDP it is port 7 (echo). Have a look at the /etc/services for other ports/services.

-rs This option sets a random value for the TCP/UDP source port (set the $field constant in APSEND to specify the random port range).

-rd Like the -rs option, except that this option specifies the destination port.

-n <sequence number>

--seq-num=sequence number

--seq=sequence number This option specifies the TCP/ICMP sequence number (default=0).

-a <ack number>

--ack-num This option specifies the acknowledgement number (default=0).

-u <urgent pointer>

--urg-ptr=urgent pointer This option specifies the urgent pointer in the TCP header (default=0).

-do <data offset>

--data-off=data offset

--doff=data offset This option specifies the TCP data offset (default=5).

-res1 This option sets the reserved bit 1 in the TCP header.

-res2 This option sets the reserved bit 2 in the TCP header.

-w <window size>

--window=window size This option specifies the TCP window size (default=0xffff).

-tcheck This option sets the TCP checksum. It will be calculated by default, if you don't set your own value.

Here are the different flags in the TCP header:

-ACK Set the ACK flag in the TCP header.

-RST Set the RST flag in the TCP header.

-URG Set the URG flag in the TCP header.

-PSH Set the PSH flag in the TCP header.

-SYN Set the SYN flag in the TCP header.

-FIN Set the FIN flag in the TCP header.

-len <header/data lenght> This option sets the header+data length of the UDP header (default=will be calculated).

-ucheck <UDP checksum> This option sets the UDP checksum (default=0, no calculation).

-g <ICMP gateway>

--gateway=ICMP gateway This option sets the internet control message protocol (ICMP) gateway (default=0, no gateway).

-iid <ICMP id>

--icmp-id=ICMP id Specify the ICMP identification (ICMP id).

-icheck Set the ICMP checksum (default=will be calculated).

-mtu <ICMP mtu> This options specifies the ICMP maximal transfer unit (ICMP mtu).

-i <ICMP type>

--icmp-type=ICMP type This option specifies the ICMP type. You can show all possible ICMP types using the -show option (see also --icmp-code).

-c <ICMP code>

--icmp-code This options specifies the ICMP code. You can show all possible ICMP codes using the -show option (see also --icmp-type).

-show Show all ICMP codes/types and exit.

--eth-device <device> Specify ethernet device.

-ems <MAC source address>

--eth-mac-source=MAC source address Set the ethernet MAC source address (default=00:00:00:00:00:00).

-emd <MAC destination address>

--eth-mac-source=MAC destination address Set the ethernet MAC destination address (default=00:00:00:00:00:00).

-rems Use a random source MAC address.

-remd Use a random destination MAC address.

--generic <header/data> This is a very powerfull option, as you can use this option, to build every possible packet based on IP. The only problem is, that you have to calculate all of the checksums/whatever yourself. I'll write more (examples and other things) to this option, in the next version of APSEND.

--li <port>

--listen=port If you use this option, then APSEND will listen on the port <port> and wait for incoming connections. If someone connects to this port (via TCP or UDP), then APSEND will print all data it gets to STDOUT.

--co <port>

--connect=port Use this option, if you want to connect to a remote host (via TCP or UDP). If you use this option, then APSEND will make a REAL connection (three way handshake) to the remote host. If you want to send data to the remote host, just type it in (STDIN).

--regex=Regular expression If APSEND runs in listening mode (using the --li <port> option, then you can use this regex to print only the data the regex matches.

--nregex=Regular expression Like --regex, but print only the data NOT being matched by this regex.

-sop <protocol number>

--socket-protocol=protocol number Use this protocol for the --listen or --connect mode of APSEND (currently are only TCP and UDP supported).

-f <script file> (not implemented)

--file=script file (not implemented) This option specifies the scripting file of APSEND. But it's not yet implemented, but it'll be available in one of the next versions of APSEND. Sorry.

-m <number of packets to send>

--number=number of packets to send This option specifies the number of packets to send. Use 0 if you want to send unlimited numbers of packets (default=1).

-q

--quiet Don't display anything while sending the packets (quiet mode).

-y <data>

--data=data This option specifies the data to send with the TCP/UDP packets (default='').

-x Show network devices and exit.


ATTACKS

APSEND includes a few DoS attacks like the land attack and others. Please use this attacks only against your OWN machines. They're only for educational purposes, so if you do anything illegal with this attacks, then it's not my fault.

-sf

--syn-flood

--flood This is a SYN flood attack (I think everyone knows how it works).

--land Land attack against WIN95/98 and possibly NT (I didn't test this). Please notify: The source port has to be the same as the destination port. If not, then APSEND will autoset it.

--stream Stream attack (default src/dest port=22).

--bd

--bed

--be-dos DoS attack against BeOS.

-td

--tcp-dos

--tcpd DoS attack against tcpdump 3.4a (we all love this program :)). We just need to send an IP packet with protocol=4 and IHL=0 to crash tcpdump 3.4a (from BLADI bladi@EUSKALNET.NET).

-uf

--udp-flood Just a simple UDP flood. This can crash an ascend router for example (use destination port 7 (echo) to do this).

-pf

--ping-flood A simple ping flood :)


SEE ALSO

RFC791, RFC792, RFC768, RFC793, perl(1), Net::RawIP(1), the perl cookbook, TCP/IP illustrated (Volume 3) [Stevens, 1996], UNIX Network programming (Volume 1: Sockets and XTI) [Stevens] and TCP/IP - Internet Protokolle im professionellen Einsatz [Mathias Hein].


AUTHORS

Anarchy <anarchy@elxsi.de>


BUGS

I think there are still alot of bugs in APSEND.


BUG REPORTS

If you find any bugs in APSEND please report it to B<anarchy@elxsi.de>> and if you want me to implement any other options/whatever in APSEND then you can also drop me a line. Thanks!