Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
packit(8)	  Network packet generator and capture tool	     packit(8)

NAME
       Packit -	network	packet generator and capture tool

SYNOPSIS
       Packet capture:

	 packit	-m capture [-cGHnvsX] [-i interface] [-r|-w file] expression

       Packet injection:

	 packit	-m inject [-t protocol]	[-aAbcCdDeFgGhHjJkKlLmMnNoOpPqQrRsSTuUvwWxXyYzZ] [-i interface]

DESCRIPTION
       Packit is a network auditing tool. It's value is	derived	from its abil-
       ity to customize, inject, monitor, and manipulate IP traffic. By	allow-
       ing  you	to define (spoof) all TCP, UDP,	ICMP, IP, ARP, RARP and	Ether-
       net header options, Packit can be useful	to test	 firewalls,  intrusion
       detection  systems,  port scanning, simulating network traffic and gen-
       eral TCP/IP auditing. Packit is also an	excellent  tool	 for  learning
       TCP/IP.

PACKIT BASE OPTIONS
       -m mode
	      Select  a	 runtime  mode.	Currently supported modes are capture,
	      inject and trace.	The default mode is inject.

PACKET CAPTURE OPTIONS
       Packet capture options are as follows:

       -c count
	      Specify the number of packets to capture.

       -e     Display link-layer header	data.

       -G     Display the timestamp in GMT rather than localtime.

       -i interface
	      Listen on	interface. If unspecified, packit will use the	lowest
	      numbered device in the 'up' state	(excluding loopback).

       -n     Do  not  resolve	host addresses to names	but resolve ports num-
	      bers.  Disables DNS lookups.

       -nn    Do not resolve ports numbers to their protocol names but resolve
	      host addresses.

       -nnn   Do not resolve host addresses or port numbers.

       -r file
	      Read  packet  data from tcpdump formatted	binary log file. Exam-
	      ple: a file created with -w option.

       -s snaplen
	      Read snaplen bytes of data from each packet rather than the  de-
	      fault of 68.

       -v     Enables verbose packet capture.

       -w file
	      Write  the  raw  packets	to file	rather than displaying time to
	      stderr.

       -X     Display hexadecimal & ascii dump	of  each  packet  up  to  snap
	      length bytes.

       expression
	      Selects  which  packets should be	displayed. If no expression is
	      given, all packets are displayed.	This option is based  in  pcap
	      library. See the pcap-filter(7) manpage for more detailed	infor-
	      mation.

PACKET INJECTION AND TRACE
       Packet injection	is used	to define and inject a	network	 traffic  onto
       your  network.  You have	the ability to define essentially any ARP, IP,
       TCP, UDP, ICMP and Ethernet header value. This can  be  valuable	 in  a
       number  of  ways, including testing firewalls, intrusion	detection sys-
       tems, simulating	traffic	flow and general TCP/IP	auditing.

CHOOSE A PROTOCOL
       -t protocol
	      Specify the type of packet to inject. Supported values are: ARP,
	      RARP,  TCP,  UDP and ICMP. This option defaults to TCP in	inject
	      mode and to ICMP in trace	mode.

PACKET INJECTION AND TRACE GENERAL
       This section documents the operational command-line options.

       -c count
	      The value	of count is the	total number of	packets	we would  like
	      to inject	(a count value of 0 means forever).

       -b burst	rate
	      Specifies	 the  number  of packets to inject every interval (de-
	      fined by -w). A burst rate of 0 will send	packets	as quickly  as
	      possible.

       -h     Host  response  mode. Enabling this option will print any	packet
	      you inject and then wait to see if the remote host responds. See
	      -H option	for timeout.

       -H timeout
	      Specify  the  timeout  value (in seconds)	to use with '-h'. This
	      value defaults to	'1' second.

       -i interface
	      Specify the interface to transmit	from, if the machine has  mul-
	      tiple interfaces.

       -v     Verbose injection	mode. Displays each packet you inject. It also
	      has the same effect as in	capture	mode while used	with the  '-h'
	      option.

       -p payload
	      This  option defines the payload portion of the header. Hex pay-
	      load should be prefixed with '0x'	with each value	separated by a
	      whitespace.  An  ASCII example: -p 'hello, this is my packet'. A
	      Hex example: -p '0x 70 61	63 6B 69 74'.

       -w interval
	      Specify the number of seconds to	wait  between  packet  bursts.
	      This value defaults to '1' second.

       -Z length
	      Specify  the  size of the	packet(s) to inject. The maximum value
	      is 65535.

IP HEADER OPTIONS
       This section documents the IP header command-line options.

       -s src address
	      The IP address the packet	will appear to come from. If  unspeci-
	      fied,  packit  will default to the IP address of the lowest num-
	      bered device in the 'up' state, excluding	loopback.

       -sR    Use a random source IP address.

       -d dst address
	      The IP address of	the machine you	would like to contact.

       -dR    Use a random destination IP address.

       -o type of service
	      TOS values are typically in hexadecimal format, however,	packit
	      only  accepts  TOS values	as integers. Below are the 4 valid TOS
	      bit values:

	      o	 Minimize delay: 16 (0x10)

	      o	 Maximize throughput: 8	(0x08)

	      o	 Maximize reliability: 4 (0x04)

	      o	 Minimize monetary cost: 2 (0x02)

       -n ID number
	      The ID number is used to identify	each datagram sent by a	 host.
	      It  generally  increments	 by  one with each datagram sent. This
	      value is random by default.

       -T TTL The TTL value defines the	upper limit on the number  of  devices
	      through  which  the datagram may pass to reach it's destination.
	      The default value	is 128.

       -V IP protocol number
	      Specify the IP  protocol	associated  with  this	packet	(RAWIP
	      only).  The default value	is 255.

TCP HEADER OPTIONS
       This section documents the TCP header command-line options.

       -S src port
	      The  port	 from  which our source	address	is communicating from.
	      This value is random by default.

       -D dst port
	      The port on the destination we would like	to communicate on.  In
	      inject  mode this	value is 0 by default while in trace mode this
	      value is random by default. You may also specify a range of  ad-
	      dresses in the format: -D	1:1024.

       -f     Do not fragment this packet.

       -F tcp flags
	      There  are  6 TCP	header flag bits. They can be used in combina-
	      tion with	one another and	 are  specified	 using	the  following
	      identifiers:

	      o	 S : SYN (Synchronization sequence number)

	      o	 F : FIN (Sender is finished)

	      o	 A : ACK (Acknowledgement number is valid)

	      o	 P : PSH (Receiver should push this data to the	remote host)

	      o	 U : URG (The urgent pointer is	valid)

	      o	 R : RST (Reset	this connection)

	      As an example, to	set the	SYN and	FIN bits use the following: -F
	      SF

       -q sequence number
	      The sequence number is a 32-bit unsigned (positive) number  used
	      to identify the byte in a	stream of data from the	sending	TCP to
	      the receiving TCP	that the first byte of data represents.

       -a ack number
	      The acknowledgement (ack)	number defines the next	sequence  num-
	      ber  that	 the sender of the ack expects to see. It is typically
	      the sequence number + 1 during valid TCP communication. It is  a
	      32-bit unsigned (positive) number.

       -W window size
	      The  window  size	 provides  flow	control. It is a 16-bit	number
	      that defines how many bytes the receiver is willing  to  accept.
	      The default value	is 1500.

       -u urgent pointer
	      In valid TCP communication, the urgent pointer is	only useful if
	      the URG flag is set. Used	with the sequence number, it points to
	      the last byte of urgent data.

UDP HEADER OPTIONS
       This  section documents the UDP header command-line options. UDP	is the
       default IP protocol for TRACE mode.

       -S src port
	      The port from which our source address  is  communicating	 from.
	      This value is random by default.

       -D dst port
	      The  port	on the destination we would like to communicate	on. In
	      inject mode this value is	0 by default while in trace mode  this
	      value  is	random by default. You may also	specify	a range	of ad-
	      dresses in the format: -D	1:1024.

ICMP HEADER OPTIONS
       This section documents the ICMP header command-line options.

       -K type
	      Specify the ICMP type. See docs/ICMP.txt for details  on	types.
	      On    Debian    systems	 this	 file	 can   be   found   at
	      /usr/share/doc/packit/ICMP.txt.

       -C code
	      Specify the ICMP code. See docs/ICMP.txt for details  on	codes.
	      On    Debian    systems	 this	 file	 can   be   found   at
	      /usr/share/doc/packit/ICMP.txt.

   ICMP	ECHO REQUEST AND ECHO REPLY OPTIONS
       -N id number
	      Define the 16-bit	ICMP identification number. This value is ran-
	      dom by default.

       -Q sequence number
	      Define  the 16-bit ICMP sequence number. This value is random by
	      default.

   ICMP	UNREACHABLE OR REDIRECT	OR TIME	EXCEEDED OPTIONS
       -g gateway
	      Define the gateway in which to redirect traffic to. This	option
	      is only used for ICMP redirects (type 5).

       -j address
	      Define the source	address	of the original	packet.

       -J src port
	      Define the source	port of	the original packet.

       -l address
	      Define the destination address of	the original packet.

       -L dst port
	      Define the destination port of the original packet.

       -m time to live
	      Define  the Time To Live of the original packet. This option de-
	      faults to	128.

       -M id  Define the IP ID of the original packet. This option defaults to
	      random.

       -O type of service
	      Define  the  Type	 of Service of the original packet. See	the -o
	      option for the possible values.

       -P protocol
	      Define the protocol of the original packet. This option defaults
	      to UDP.

   MASK	REQUEST	AND MASK REPLY OPTIONS
       -N id number
	      Define the 16-bit	ICMP identification number. This value is ran-
	      dom by default.

       -Q sequence number
	      Define the 16-bit	ICMP sequence number. This value is random  by
	      default.

       -G address mask
	      Define  the address network mask.	The default value for this op-
	      tion is 255.255.255.0.

   TIMESTAMP REQUEST AND TIMESTAMP REPLY OPTIONS
       -N id number
	      Define the 16-bit	ICMP identification number. This value is ran-
	      dom by default.

       -Q sequence number
	      Define  the 16-bit ICMP sequence number. This value is random by
	      default.

       -U original timestamp
	      Define the 32-bit	original timestamp. This value	is  0  by  de-
	      fault.

       -k received timestamp
	      Define  the  32-bit  received  timestamp.	This value is 0	by de-
	      fault.

       -z transmit timestamp
	      Define the 32-bit	transmit timestamp. This value	is  0  by  de-
	      fault.

ARP AND	RARP HEADER OPTIONS
       This  section documents the ARP/RARP header command-line	options. These
       options have the	ability	to do the most damage with the	least  effort,
       especially on large cable and DSL networks. Use with caution.

       Packit only supports ARP/RARP protocol addresses	in IPv4	format

       -A operation type
	      Define  the ARP /	RARP / IRARP operation type. The valid options
	      are as follows:

	      o	 1 : ARP Request (Default for ARP packages)

	      o	 2 : ARP Reply

	      o	 3 : Reverse ARP Request (Default for RARP packages)

	      o	 4 : Reverse ARP Reply

	      o	 5 : Inverse ARP Request

	      o	 6 : Inverse ARP Reply

       -y target IP address
	      The IP address of	the target host.

       -yR    Use a random target host IP address.

       -Y target ethernet address
	      The Ethernet (hardware) address of the target host.

       -YR    Usage a random target host Ethernet address.

       -x sender IP address
	      The IP address of	the sender host.

       -xR    Use a random sender host IP address.

       -X sender ethernet address
	      The Ethernet (hardware) address of the sender host.

       -XR    Usage a random sender host Ethernet address.

ETHERNET HEADER	OPTIONS
       This section documents the Ethernet header command-line options.

       -e src ethernet address
	      The Ethernet (hardware) address the packet will appear  to  come
	      from.   If  not  defined,	 the original Ethernet address will be
	      used.

       -eR    Use a random source Ethernet address. If you  define  this,  you
	      will  most likely	need to	define the destination Ethernet	header
	      value as well. When using	either -e or -E, you enable link level
	      packet  injection	 and  the  destination	cannot be auto-defined
	      while injecting in this manner.

       -E dst ethernet address
	      The Ethernet (hardware) of the next routable interface which the
	      packet will cross	while making it's way to the destination.

       -ER    Use  a  random  destination  Ethernet address. The following two
	      rules should be followed if you actually want the	destination to
	      receive the packets you're sending:

	      1.  If  the  destination exists beyond your default route	(gate-
		  way),	the destination	Ethernet address should	be set to  the
		  default routes Ethernet address. This	can typically be found
		  by using the arp(8) command.

	      2.  If the destination exists on your  subnet,  the  destination
		  Ethernet address should be set to its	Ethernet address. This
		  can typically	be found by using the arp(8) command.

PACKET CAPTURE EXAMPLES
       Print all TCP communications that doesn't revolve around	SSH (port 22):

	   # packit -m cap 'tcp	and not	port 22'

       Print the start and end packets (the SYN	and FIN	packets) of  each  TCP
       conversation  that  involves  a non-local host, don't resolve addresses
       and display hex/ascii dump of the packet:

	   # packit -m cap -nX 'tcp[tcpflags] &	(tcp-syn|tcp-fin) != 0 and not src and dst net localnet'

       Write the first 10 ICMP packets captured	to a file:

	   # packit -m cap -c 10 -w /tmp/mylog 'icmp'

PACKET INJECTION EXAMPLES
       Inject 10 ICMP type 8 (echo request) packets from  host	'3.1.33.7'  to
       host '192.168.0.1' and watch for	a response:

	   # packit -t icmp -s 3.1.33.7	-d 192.168.0.1 -c 10 -h

       Inject  an  ICMP	type 18	(mask reply) packet with an ICMP id of 211 and
       an address mask of 255.255.255.0:

	   # packit -t icmp -K 18 -d 127.0.0.1 -N 211 -G 255.255.255.0

       Inject 5	TCP packets from random	hosts to  'www.example.com'  with  the
       SYN flag	set, a window size of 666, a random source Ethernet address, a
       destination Ethernet address of 00:53:00:0f:00:0d, with	a  payload  of
       "HI JOHN", displaying each packet injected.

	   # packit -sR	-d www.example.com -F S	-c 5 -W	666 -eR	-E 00:53:00:0f:00:0d -p	'HI JOHN' -v

       or simplifying the MAC address:

	   # packit -sR	-d www.example.com -F S	-c 5 -W	666 -eR	-E 0:53:0:f:00:d -p 'HI	JOHN' -v

       Inject  a total of 1000 TCP packets in 20 packet	per second bursts from
       192.168.0.1 on port 403 to 192.168.0.20 on port 80 with the SYN and RST
       flags  set,  a sequence number of 12345678910 and a source Ethernet ad-
       dress of	0:0:0:0:0:0:

	   # packit -s 192.168.0.1 -d 192.168.0.20 -S 403 -D 80	-F SR -q 12345678910 -c	1000 -b	20 -e 0:0:0:0:0:0

       Inject a	TCP packets from 10.22.41.6 to	172.16.1.3  on	ports  ranging
       from 1-1024 with	the SYN	flag set and display each packet we send:

	   # packit -s 10.22.41.6 -d 172.16.1.3	-D 1-1024 -F S -v

       Inject	a   broadcast	ARP   reply   stating	that   4.3.2.1	is  at
       00:53:00:01:02:03.  Also, spoof the source Ethernet address for a  lit-
       tle more	authenticity and supply	the payload in hex:

	   # packit -t arp -A 2	-x 4.3.2.1 -X 5:4:3:2:1:0 -e 00:53:00:01:02:03 -p '0x 70 61 63 6B 69 74'

TRACE ROUTE EXAMPLES
       Appear as a DNS response	by using a UDP source port of 53 (DNS):

	   # packit -m trace -t	UDP -d 192.168.2.35 -S 53

       Appear as HTTP traffic by using TCP port	80:

	   # packit -m trace -t	TCP -d www.google.com -S 80 -FS

SEE ALSO
       arp(8), pcap(3),	pcap-filter(7),	tcpdump(1)

BUGS
       o  Due  to  limitations	in some	versions of *BSD, specifying arbitrary
	  Ethernet and/or ARP header data may not be supported.

       o  ARP capture data is incomplete.

       o  Please send bug reports, questions, requests,	 fixes	and  pull  re-
	  quests to https://github.com/eribertomota/packit/issues

AUTHOR
       The  original  author  of  packit is Darren Bounds. The current project
       maintainer is Joao Eriberto Mota	Filho. There are  other	 new  authors.
       Please,	see  AUTHORS  file in source code. To help in development, see
       CONTRIBUTING.md.	On Debian systems, these files will  be	 available  at
       /usr/share/doc/packit/.

       The latest version of Packit can	be found at https://github.com/eriber-
       tomota/packit

packit-1.7			  05 Feb 2020			     packit(8)

NAME | SYNOPSIS | DESCRIPTION | PACKIT BASE OPTIONS | PACKET CAPTURE OPTIONS | PACKET INJECTION AND TRACE | CHOOSE A PROTOCOL | PACKET INJECTION AND TRACE GENERAL | IP HEADER OPTIONS | TCP HEADER OPTIONS | UDP HEADER OPTIONS | ICMP HEADER OPTIONS | ARP AND RARP HEADER OPTIONS | ETHERNET HEADER OPTIONS | PACKET CAPTURE EXAMPLES | PACKET INJECTION EXAMPLES | TRACE ROUTE EXAMPLES | SEE ALSO | BUGS | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=packit&sektion=8&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help