Author:
obecian
obecian@celerity.bartoli.org
Graphic:
resonate
resonate@datasurge.net
Version:
1.0 [March 4, 2000]
Description:
The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux. The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts.
Protocols: TCP, UDP, ICMP, ARP, OSPF, DNS, RIP, IGMP

TCP Usage: 

TCP usage:
  nemesis-tcp [-v] [options]

TCP options: 
  [-x <Source Port>]
  [-y <Destination Port>]
  -f <TCP Flag Options>
     -fS SYN, -fA ACK, -fR RST, -fP PSH, -fF FIN, -fU URG
  -w <Window Size>
  -s <SEQ Number>
  -a <ACK Number>
  -u <TCP Urgent Pointer>
  -P <Payload File (Binary or ASCII)>
  -b (Enable Binary Payload)
  (-v VERBOSE - packet struct to stdout)

IP options: 
  -S <Source IP Address>
  -D <Destination IP Address>
  -I <IP ID>
  -T <IP TTL>
  -t <IP tos>
  -O <IP Options>

Data Link Options: 
  -d <Ethernet Device>
  -H <Source MAC Address>
  -M <Destination MAC Address>
UDP Usage: 

UDP usage:
  nemesis-udp [-v] [options]

UDP options: 
  [-x <Source Port>]
  [-y <Destination Port>]
  -P <Payload File (Binary or ASCII)>
  -b (Enable Binary Payload)
  (-v VERBOSE - packet struct to stdout)

IP options: 
  -S <Source IP Address>
  -D <Destination IP Address>
  -I <IP ID>
  -T <IP TTL>
  -t <IP tos>
  -o <IP Options>

Data Link Options:
  -d <Ethernet Device>
  -H <Source MAC Address>
  -M <Destination MAC Address>
ICMP Usage: 

ICMP Usage:
  nemesis-icmp [-v] [options]

ICMP options: 
  -i <ICMP Type>
  -c <ICMP Code>
  -S <Sequence Number>
  -m <ICMP Mask>
  -G <Preferred Gateway>
  -Co <Time of Originating request>
  -Cr <Time request was Received>
  -Ct <Time reply was Transmitted>
  -P <Payload File (Binary or ASCII)>
  -b (Enable Binary Payload)
  (-v VERBOSE - packet struct to stdout)

IP options: 
  -S <Source IP Address>
  -D <Destination IP Address>
  -I <IP ID>
  -T <IP TTL>
  -t <IP tos>
  -o <IP Options>

Data Link Options: 
  -d <Ethernet Device>
  -H <Source MAC Address>
  -M <Destination MAC Address>
ARP Usage: 

ARP Usage:
  nemesis-arp [-v] [optlist]

ARP Options: 
  -S <Source IP Address>
  -D <Destination IP Address>
  -P <Payload File (Binary or ASCII)>
  -b (Enable Binary Payload)
  (-v VERBOSE - packet struct to stdout)

Data Link Options: 
  -d <Ethernet Device>
  -H <Source MAC Address>
  -M <Destination MAC Address>
OSPF Usage: 

OSPF usage:
  nemesis-ospf [-v] [optlist]

OSPF Packet Types:
  -p <OSPF Protocol>
     -pH HELLO, -pD DBD, -pL LSR, -pU LSU, -pR LSA (router),
     -pN LSA (network), -pM LSA (summary), -pA LSA (AS)
OSPF HELLO options:
  -N <Neighbor Router Address>
  -i <Dead Router Interval>
  -l <OSPF Interval>
OSPF DBD options:
  -z <MAX DGRAM Length>
  -x <Exchange Type>
OSPF LSU options:
  -B <num of LSAs to bcast>
OSPF LSA related options:
  -L <router id>
  -G <LSA age>
OSPF LSA_RTR options:
  -u <LSA_RTR num>
  -y <LSA_RTR router type>
  -k <LSA_RTR router data>
OSPF LSA_AS_EXT options:
  -f <LSA_AS_EXT forward address>
  -g <LSA_AS_EXT tag>
OSPF options:
  -m <OSPF Metric>
  -s <Sequence Number>
  -r <Advertising Router Address>
  -n <OSPF Netmask>
  -O <OSPF Options>
  -R <OSPF Router id>
  -A <OSPF Area id>
  -P <Payload File (Binary or ASCII)>
  -b (Enable Binary Payload)
  (-v VERBOSE - packet struct to stdout)
IP Options
  -S <Source Address>
  -D <Destination Address>
  -I <IP ID>
  -T <IP TTL>
  -t <IP/OSPF tos>
  -F <IP frag>
  -o <IP Options>
Data Link Options:
  -d <Ethernet Device>
  -H <Source MAC Address>
  -M <Destination MAC Address>
DNS Usage: 

DNS usage:
  nemesis-dns [-v] [options]

DNS options:
  -q <# of Questions>
  -W <# of Answer RRs>
  -A <# of Authority RRs>
  -i <# of Additional RRs>
  -P <Payload File (Binary or ASCII)>
  -b (Enable Binary Payload)
  -k (Enable TCP transport)
  (-v VERBOSE - packet struct to stdout)

TCP options (-k):
  [-x <Source Port>]
  [-y <Destination Port>]
  -f <TCP Flag Options>
     -fS SYN, -fA ACK, -fR RST, -fP PSH, -fF FIN, -fU URG
  -w <Window Size>
  -s <SEQ Number>
  -a <ACK Number>
  -u <TCP Urgent Pointer>
UDP options (no -k):
  [-x <Source Port>]
  [-y <Destination Port>]

IP options:
  -S <Source IP Address>
  -D <Destination IP Address>
  -I <IP ID>
  -T <IP TTL>
  -t <IP tos>
  -o <IP Options>

Data Link Options:
  -d <Ethernet Device>
  -H <Source MAC Address>
  -M <Destination MAC Address>
RIP Usage: 

RIP usage:
  nemesis-rip [-v] [options]

RIP options:
  -c <RIP Command>
  -V <RIP Version>
  -r <RIP Route Domain>
  -a <RIP Address Family>
  -R <RIP Route Tag>
  -k <RIP Network Address Mask>
  -h <RIP Next Hop>
  -m <RIP metric>
  -P <Payload File (Binary or ASCII)>
  -b (Enable Binary Payload)
  (-v VERBOSE - packet struct to stdout)

UDP options:
  [-x <Source Port>]
  [-y <Destination Port>]

IP options:
  -S <Source IP Address>
  -D <Destination IP Address>
  -I <IP ID>
  -T <IP TTL>
  -t <IP tos>
  -o <IP Options>

Data Link Options:
  -d <Ethernet Device>
  -H <Source MAC Address>
  -M <Destination MAC Address>
IGMP Usage: 

IGMP usage:
  nemesis-igmp [-v] [options]

IGMP options:
  -p <IGMP Type>
  -c <IGMP Code>
  -i <IGMP Group Address>
  -P <Payload File (Binary or ASCII)>
  -b (Enable Binary Payload)
  (-v VERBOSE - packet struct to stdout)

IP options:
  -S <Source IP Address>
  -D <Destination IP Address>
  -I <IP ID>
  -T <IP TTL>
  -t <IP tos>
  -o <IP Options>

Data Link Options:
  -d <Ethernet Device>
  -H <Source MAC Address>
  -M <Destination MAC Address>
Examples: 
  • tcp -v -S 192.168.1.1 -D 192.168.2.2 -fS -fA -y 22 -P foo
    Send TCP packet (SYN/ACK) with payload from ascii file 'foo' to target's ssh port
    from 192.168.1.1 to 192.168.2.2. (-v allows a stdout visual of current injected packet) 
  • udp -v -S 10.11.12.13 -D 10.1.1.2 -x 11111 -y 53 -P bindpkt -b
    Send UDP packet from 10.11.12.13:11111 to 10.1.1.2's nameservice port with a payload read
    from a binary file 'bindpkt'. (again -v is used in order to see confirmation of our injected packet) 
  • icmp -S 10.10.10.3 -D 10.10.10.1 -G 10.10.10.3 -i 5
    Send ICMP REDIRECT FOR NETWORK packet from 10.10.10.3 to 10.10.10.1 with preferred
    gateway as source address. Here we want no output to go to stdout - which would be ideal as
    a component in a batch job via shell script. 
  • arp -v -d ne0 -H 0:1:2:3:4:5 -S 10.11.30.5 -D 10.10.15.1
    Send ARP packet through device 'ne0' (eg, my OpenBSD pcmcia nic) from Hardware Source
    Address 00:01:02:03:04:05 with IP Source Address of 10.11.30.5 to Destination IP address 10.10.15.1. 
  • ospf -v -pH -S 10.10.10.10 -D 10.9.9.4 -I 304 -i 60
    Send OSPF HELLO packet from 10.10.10.10 to 10.9.9.4 with IP ID 304 and a 60 second Dead Router Interval
    • What's New:
  • Functionality fixes in all protocols
    • Platforms:
    Please email the author a small note if you successfully compile Nemesis on any platform not listed below.

  • OpenBSD 2.5, 2.6 (Developed on Openbsd 2.6)
  • NetBSD 1.4.1
  • FreeBSD 3.x
  • Solaris 2.6, 2.7
  • Linux 2.0, 2.2
    • Downloads:
    Source
    Nemesis v1.0 [CHECKSUM] Packet Injection System
    libnet 1.0 [CHECKSUM] Packet Assembly System
    libpcap 0.4 [CHECKSUM] Packet Capture System

    $Id: nemesis.html,v 1.9 2000/03/04 10:53:50 obecian Exp $