Packit - network packet generator and capture tool

       This section documents the ARP/RARP header command-line options. These options have the ability to do the
       most damage with the least effort, especially on large cable and DSL networks. Use with caution.

       Packit only supports ARP/RARP protocol addresses in IPv4 format

       -Aoperationtype
              Define the ARP / RARP / IRARP operation type. The valid options are as follows:

              •  1 : ARP Request (Default for ARP packages)

              •  2 : ARP Reply

              •  3 : Reverse ARP Request (Default for RARP packages)

              •  4 : Reverse ARP Reply

              •  5 : Inverse ARP Request

              •  6 : Inverse ARP Reply

       -ytargetIPaddress
              The IP address of the target host.

       -yR    Use a random target host IP address.

       -Ytargetethernetaddress
              The Ethernet (hardware) address of the target host.

       -YR    Usage a random target host Ethernet address.

       -xsenderIPaddress
              The IP address of the sender host.

       -xR    Use a random sender host IP address.

       -Xsenderethernetaddress
              The Ethernet (hardware) address of the sender host.

       -XR    Usage a random sender host Ethernet address.

       The original author of packit is Darren Bounds. Currently, this project is maintained by volunteers.

       The latest version of Packit can be found at https://github.com/resurrecting-open-source-projects/packit

packit-1.8                                         04 Nov 2021                                         packit(8)

       •  Due to limitations in some versions of *BSD, specifying arbitrary Ethernet and/or ARP header data  may
          not be supported.

       •  ARP capture data is incomplete.

       •  Please    send    bug    reports,    questions,    requests,    fixes    and    pull    requests    to
          https://github.com/resurrecting-open-source-projects/packit/issues

-tprotocol
              Specify the type of packet to inject. Supported values are: ARP, RARP, TCP,  UDP  and  ICMP.  This
              option defaults to TCP in inject mode and to ICMP in trace mode.

       Packit  is a network auditing tool. It's value is derived from its ability to customize, inject, monitor,
       and manipulate IP traffic. By allowing you to define (spoof) all  TCP,  UDP,  ICMP,  IP,  ARP,  RARP  and
       Ethernet  header  options,  Packit  can  be  useful  to test firewalls, intrusion detection systems, port
       scanning, simulating network traffic and general TCP/IP auditing. Packit is also an  excellent  tool  for
       learning TCP/IP.

       This section documents the Ethernet header command-line options.

       -esrcethernetaddress
              The Ethernet (hardware) address the packet will appear to come from.  If not defined, the original
              Ethernet address will be used.

       -eR    Use a random source Ethernet address. If you define this, you will most likely need to define  the
              destination  Ethernet  header  value  as  well.  When using either -e or -E, you enable link level
              packet injection and the destination cannot be auto-defined while injecting in this manner.

       -Edstethernetaddress
              The Ethernet (hardware) of the next routeable interface which the packet will cross  while  making
              it's way to the destination.

       -ER    Use  a  random  destination  Ethernet  address.  The following two rules should be followed if you
              actually want the destination to receive the packets you're sending:

              1.  If the destination exists beyond  your  default  route  (gateway),  the  destination  Ethernet
                  address  should  be set to the default routes Ethernet address. This can typically be found by
                  using the arp(8) command.

              2.  If the destination exists on your subnet, the destination Ethernet address should  be  set  to
                  its Ethernet address. This can typically be found by using the arp(8) command.

       This section documents the ICMP header command-line options.

       -Ktype
              Specify the ICMP type. See docs/ICMP.txt for details on types. On Debian systems this file can  be
              found at /usr/share/doc/packit/ICMP.txt.

       -Ccode
              Specify  the ICMP code. See docs/ICMP.txt for details on codes. On Debian systems this file can be
              found at /usr/share/doc/packit/ICMP.txt.

       ICMP ECHO REQUEST AND ECHO REPLY OPTIONS

              -Nidnumber
                     Define the 16-bit ICMP identification number. This value is random by default.

              -Qsequencenumber
                     Define the 16-bit ICMP sequence number. This value is random by default.

       ICMP UNREACHABLE OR REDIRECT OR TIME EXCEEDED OPTIONS

              -ggateway
                     Define the gateway in which to redirect traffic to. This  option  is  only  used  for  ICMP
                     redirects (type 5).

              -jaddress
                     Define the source address of the original packet.

              -Jsrcport
                     Define the source port of the original packet.

              -laddress
                     Define the destination address of the original packet.

              -Ldstport
                     Define the destination port of the original packet.

              -mtimetolive
                     Define the Time To Live of the original packet. This option defaults to 128.

              -Mid  Define the IP ID of the original packet. This option defaults to random.

              -Otypeofservice
                     Define  the  Type  of  Service  of  the original packet. See the -o option for the possible
                     values.

              -Pprotocol
                     Define the protocol of the original packet. This option defaults to UDP.

       MASK REQUEST AND MASK REPLY OPTIONS

              -Nidnumber
                     Define the 16-bit ICMP identification number. This value is random by default.

              -Qsequencenumber
                     Define the 16-bit ICMP sequence number. This value is random by default.

              -Gaddressmask
                     Define the address network mask. The default value for this option is 255.255.255.0.

       TIMESTAMP REQUEST AND TIMESTAMP REPLY OPTIONS

              -Nidnumber
                     Define the 16-bit ICMP identification number. This value is random by default.

              -Qsequencenumber
                     Define the 16-bit ICMP sequence number. This value is random by default.

              -Uoriginaltimestamp
                     Define the 32-bit original timestamp. This value is 0 by default.

              -kreceivedtimestamp
                     Define the 32-bit received timestamp. This value is 0 by default.

              -ztransmittimestamp
                     Define the 32-bit transmit timestamp. This value is 0 by default.

       This section documents the IP header command-line options.

       -ssrcaddress
              The IP address the packet will appear to come from. If unspecified, packit will default to the  IP
              address of the lowest numbered device in the 'up' state, excluding loopback.

       -sR    Use a random source IP address.

       -ddstaddress
              The IP address of the machine you would like to contact.

       -dR    Use a random destination IP address.

       -otypeofservice
              TOS  values  are  typically  in  hexadecimal  format,  however,  packit only accepts TOS values as
              integers. Below are the 4 valid TOS bit values:

              •  Minimize delay: 16 (0x10)

              •  Maximize throughput: 8 (0x08)

              •  Maximize reliability: 4 (0x04)

              •  Minimize monetary cost: 2 (0x02)

       -nIDnumber
              The ID number is used to identify each datagram sent by a host. It  generally  increments  by  one
              with each datagram sent. This value is random by default.

       -TTTL The TTL value defines the upper limit on the number of devices through which the datagram may pass
              to reach it's destination. The default value is 128.

       -VIPprotocolnumber
              Specify the IP protocol associated with this packet (RAWIP only).  The default value is 255.

Packit - network packet generator and capture tool

       Print all TCP communications that doesn't revolve around SSH (port 22):

           # packit -m cap 'tcp and not port 22'

       Print  the  start and end packets (the SYN and FIN packets) of each TCP conversation that involves a non-
       local host, don't resolve addresses and display hex/ascii dump of the packet:

           # packit -m cap -nX 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net localnet'

       Write the first 10 ICMP packets captured to a file:

           # packit -m cap -c 10 -w /tmp/mylog 'icmp'

Packetcapture options are as follows:

       -ccount
              Specify the number of packets to capture.

       -e     Display link-layer header data.

       -G     Display the timestamp in GMT rather than localtime.

       -iinterface
              Listen on interface. If unspecified, packit will use the lowest numbered device in the 'up'  state
              (excluding loopback).

       -n     Do not resolve host addresses to names but resolve ports numbers.  Disables DNS lookups.

       -nn    Do not resolve ports numbers to their protocol names but resolve host addresses.

       -nnn   Do not resolve host addresses or port numbers.

       -rfile
              Read packet data from tcpdump formatted binary log file. Example: a file created with -w option.

       -ssnaplen
              Read snaplen bytes of data from each packet rather than the default of 68.

       -v     Enables verbose packet capture.

       -wfile
              Write the raw packets to file rather than displaying time to stderr.

       -X     Display hexadecimal & ascii dump of each packet up to snap length bytes.

       expression
              Selects  which  packets should be displayed. If no expression is given, all packets are displayed.
              This option  is  based  in  pcap  library.  See  the  pcap-filter(7)  manpage  for  more  detailed
              information.

Packet  injection  is used to define and inject a network traffic onto your network. You have the ability
       to define essentially any ARP, IP, TCP, UDP, ICMP and Ethernet header value. This can be  valuable  in  a
       number  of  ways,  including  testing firewalls, intrusion detection systems, simulating traffic flow and
       general TCP/IP auditing.

       This section documents the operational command-line options.

       -ccount
              The  value  of  count  is  the total number of packets we would like to inject (a count value of 0
              means forever).

       -bburstrate
              Specifies the number of packets to inject every interval (defined by -w). A burst rate of  0  will
              send packets as quickly as possible.

       -h     Host  response mode. Enabling this option will print any packet you inject and then wait to see if
              the remote host responds. See -H option for timeout.

       -Htimeout
              Specify the timeout value (in seconds) to use with '-h'. This value defaults to '1' second.

       -iinterface
              Specify the interface to transmit from, if the machine has multiple interfaces.

       -Itci Specify 802.1Q TCI (VLAN ID/CFI/priority combination). This feature is EXPERIMENTAL.

       -v     Verbose injection mode. Displays each packet you inject. It also has the same effect as in capture
              mode while used with the '-h' option.

       -ppayload
              This option defines the payload portion of the header. Hex payload should be  prefixed  with  '0x'
              with  each value separated by a whitespace. An ASCII example: -p 'hello, this is my packet'. A Hex
              example: -p '0x 70 61 63 6B 69 74'.

       -winterval
              Specify the number of seconds to wait between packet bursts. This value defaults to '1' second.

       -Zlength
              Specify the size of the packet(s) to inject. The maximum value is 65535.

       Inject 10 ICMP type 8 (echo request) packets from host '3.1.33.7' to host '192.168.0.1' and watch  for  a
       response:

           # packit -t icmp -s 3.1.33.7 -d 192.168.0.1 -c 10 -h

       Inject an ICMP type 18 (mask reply) packet with an ICMP id of 211 and an address mask of 255.255.255.0:

           # packit -t icmp -K 18 -d 127.0.0.1 -N 211 -G 255.255.255.0

       Inject  5 TCP packets from random hosts to 'www.example.com' with the SYN flag set, a window size of 666,
       a random source Ethernet address, a destination Ethernet address of 00:53:00:0f:00:0d, with a payload  of
       "HI JOHN", displaying each packet injected.

           # packit -sR -d www.example.com -F S -c 5 -W 666 -eR -E 00:53:00:0f:00:0d -p 'HI JOHN' -v

       or simplifying the MAC address:

           # packit -sR -d www.example.com -F S -c 5 -W 666 -eR -E 0:53:0:f:00:d -p 'HI JOHN' -v

       Inject  a  total  of  1000  TCP  packets  in  20 packet per second bursts from 192.168.0.1 on port 403 to
       192.168.0.20 on port 80 with the SYN and RST flags set, a sequence number of  12345678910  and  a  source
       Ethernet address of 0:0:0:0:0:0:

           # packit -s 192.168.0.1 -d 192.168.0.20 -S 403 -D 80 -F SR -q 12345678910 -c 1000 -b 20 -e 0:0:0:0:0:0

       Inject a TCP packets from 10.22.41.6 to 172.16.1.3 on ports ranging from 1-1024 with the SYN flag set and
       display each packet we send:

           # packit -s 10.22.41.6 -d 172.16.1.3 -D 1-1024 -F S -v

       Inject  a  broadcast  ARP  reply  stating  that  4.3.2.1 is at 00:53:00:01:02:03.  Also, spoof the source
       Ethernet address for a little more authenticity and supply the payload in hex:

           # packit -t arp -A 2 -x 4.3.2.1 -X 5:4:3:2:1:0 -e 00:53:00:01:02:03 -p '0x 70 61 63 6B 69 74'

-mmode
              Select  a  runtime mode. Currently supported modes are capture, inject and trace. The default mode
              is inject.

arp(8), pcap(3), pcap-filter(7), tcpdump(1)

Packet capture:

         packit-mcapture [-cGHnvsX] [-iinterface] [-r|-wfile] expressionPacket injection:

         packit-minject [-tprotocol] [-aAbcCdDeFgGhHIjJkKlLmMnNoOpPqQrRsSTuUvwWxXyYzZ] [-iinterface]

       This section documents the TCP header command-line options.

       -Ssrcport
              The port from which our source address is communicating from. This value is random by default.

       -Ddstport
              The  port  on  the  destination we would like to communicate on. In inject mode this value is 0 by
              default while in trace mode this value is random by default. You  may  also  specify  a  range  of
              addresses in the format: -D 1:1024.

       -f     Do not fragment this packet.

       -Ftcpflags
              There  are  6  TCP  header  flag  bits.  They  can be used in combination with one another and are
              specified using the following identifiers:

              •  S : SYN (Synchronization sequence number)

              •  F : FIN (Sender is finished)

              •  A : ACK (Acknowledgement number is valid)

              •  P : PSH (Receiver should push this data to the remote host)

              •  U : URG (The urgent pointer is valid)

              •  R : RST (Reset this connection)

              As an example, to set the SYN and FIN bits use the following: -F SF

       -qsequencenumber
              The sequence number is a 32-bit unsigned (positive) number used to identify the byte in  a  stream
              of data from the sending TCP to the receiving TCP that the first byte of data represents.

       -aacknumber
              The  acknowledgement  (ack)  number  defines  the  next sequence number that the sender of the ack
              expects to see. It is typically the sequence number + 1 during valid TCP communication.  It  is  a
              32-bit unsigned (positive) number.

       -Wwindowsize
              The  window  size  provides  flow  control.  It is a 16-bit number that defines how many bytes the
              receiver is willing to accept. The default value is 1500.

       -uurgentpointer
              In valid TCP communication, the urgent pointer is only useful if the URG flag is  set.  Used  with
              the sequence number, it points to the last byte of urgent data.

       Appear as a DNS response by using a UDP source port of 53 (DNS):

           # packit -m trace -t UDP -d 192.168.2.35 -S 53

       Appear as HTTP traffic by using TCP port 80:

           # packit -m trace -t TCP -d www.google.com -S 80 -FS

       This  section  documents  the  UDP  header command-line options. UDP is the default IP protocol for TRACE
       mode.

       -Ssrcport
              The port from which our source address is communicating from. This value is random by default.

       -Ddstport
              The port on the destination we would like to communicate on. In inject mode this  value  is  0  by
              default  while  in  trace  mode  this  value is random by default. You may also specify a range of
              addresses in the format: -D 1:1024.