


NEMESIS-ICMP(1)					  NEMESIS-ICMP(1)


NAME
       nemesis-icmp - ICMP Protocol (The Nemesis Project)

SYNOPSIS
       nemesis-icmp   [-vZ?]   [-a  ICMP-timestamp-request-reply-
       transmit-time ] [-b original-destination-IP-address ]  [-B
       original-source-IP-address ] [-c ICMP-code ] [-d Ethernet-
       device ] [-D destination-IP-address ] [-e  ICMP-ID  ]  [-f
       original-IP-fragmentation  ]  [-F  fragmentation-options ]
       [-G preferred-gateway ] [-H source-MAC-address ] [-i ICMP-
       type  ] [-I IP-ID ] [-j original-IP-TOS ] [-J original-IP-
       TTL ] [-l original-IP-options-file ] [-m ICMP-mask  ]  [-M
       destination-MAC-address	 ]   [-o  ICMP-timestamp-request-
       transmit-time ] [-O IP-options-file ] [-p original-IP-pro-
       tocol  ]	 [-P payload-file ] [-q ICMP-injection-mode ] [-r
       ICMP-timestamp-request-reply-received-time ]  [-S  source-
       IP-address ] [-t IP-TOS ] [-T IP-TTL ]

DESCRIPTION
       The  Nemesis  Project  is  designed  to be a command line-
       based, portable human IP stack for UNIX-like  and  Windows
       systems.	 The suite is broken down by protocol, and should
       allow for useful scripting of injected packets from simple
       shell scripts.

       nemesis-icmp  provides  an  interface  to craft and inject
       ICMP packets allowing the user to specify any  portion  of
       an  ICMP	 packet as well as lower-level IP packet informa-
       tion.

ICMP Options
       -c ICMP-type
	      Specify the ICMP-code within the ICMP header.

       -e ICMP-ID
	      Specify the ICMP-ID within the ICMP header.

       -G preferred-gateway
	      Specify the preferred-gateway-IP-address	for  ICMP
	      redirect injection.

       -i ICMP-type
	      Specify the ICMP-type within the ICMP header.

       -m address-mask
	      Specify  the  IP-address-mask for ICMP address mask
	      packets.

       -P payload-file
	      This will case nemesis-icmp to  use  the	specified
	      payload-file  as	the  payload  when injecting ICMP
	      packets.	For packets injected using the raw inter-
	      face  (where  -d	is not used), the maximum payload
	      size is 65387 bytes.  For	 packets  injected  using



			   16 May 2003				1





NEMESIS-ICMP(1)					  NEMESIS-ICMP(1)


	      the  link	 layer	interface (where -d IS used), the
	      maximum payload size is 1352 bytes.   Payloads  can
	      also  be	read  from  stdin  by  specifying  '-P -'
	      instead of a payload file.

	      Windows systems are limited to  a	 maximum  payload
	      size of 1352 bytes for ICMP packets.

       -q ICMP-injection-mode
	      Specify the ICMP-injection-mode to use when inject-
	      ing.  Valid modes are:

	      -qE (ICMP echo)
	      -qM (ICMP address mask)
	      -qU (ICMP unreachable)
	      -qX (ICMP time exceeded)
	      -qR (ICMP redirect)
	      -qT (ICMP timestamp)

	      Only one mode may be specified at a time.

       -s ICMP-sequence-number
	      Specify the ICMP-sequence-number	within	the  ICMP
	      header.

       -v verbose-mode
	      Display the injected packet in human readable form.
	      Use twice to see a hexdump of the injected  packet.

ICMP TIMESTAMP OPTIONS
       -a ICMP-timestamp-request-reply-transmit-time
	      Specify  the ICMP-timestamp-request-reply-transmit-
	      time (the time a reply to an ICMP timestamp request
	      was  transmitted) within the ICMP timestamp header.

       -o ICMP-timestamp-request-transmit-time
	      Specify  the   ICMP-timestamp-request-transmit-time
	      (the  time  an ICMP timestamp request was transmit-
	      ted) within the ICMP timestamp header.

       -r ICMP-timestamp-request-reply-received-time
	      Specify the  ICMP-timestamp-request-reply-received-
	      time (the time a reply to an ICMP timestamp request
	      was received) within the ICMP timestamp header.

ICMP ORIGINAL DATAGRAM OPTIONS
       -b original-destination-IP-address
	      Specify the original-destination-IP-address  within
	      an  ICMP	unreachable,  redirect	or  time exceeded
	      packet.

       -B original-source-IP-address
	      Specify the  original-source-IP-address  within  an
	      ICMP unreachable, redirect or time exceeded packet.



			   16 May 2003				2





NEMESIS-ICMP(1)					  NEMESIS-ICMP(1)


       -f original-fragmentation-options
	      Specify	 the	original-IP-fragmentation-options
	      within   an  ICMP	 unreachable,  redirect	 or  time
	      exceeded packet.	For  more  information	reference
	      the '-F' command line switch.

       -j original-IP-TOS
	      Specify	the   original-IP-type-of-service   (TOS)
	      within  an  ICMP	unreachable,  redirect	or   time
	      exceeded packet.

       -J original-IP-TTL
	      Specify  the  original-IP-time-to-live (TTL) within
	      an ICMP  unreachable,  redirect  or  time	 exceeded
	      packet.

       -l original-IP-options-file
	      This  will  cause nemesis-icmp to use the specified
	      original-IP-options-file as the options when build-
	      ing  the	original  IP header for the injected ICMP
	      unreachable, redirect or time exceeded packet.   IP
	      options  can  be	up to 40 bytes in length.  The IP
	      options file must be created  manually  based  upon
	      the  desired  options.  IP options can also be read
	      from stdin by specifying '-O -' instead of  an  IP-
	      options-file.

       -p original-IP-protocol
	      Specify  the  original-IP-protocol  within  an ICMP
	      unrechable, redirect or time exceeded packet.

IP OPTIONS
       -D destination-IP-address
	      Specify the destination-IP-address  within  the  IP
	      header.

       -F fragmentation-options (-F[D],[M],[R],[offset])
	      Specify the fragmentation options:

	      -FD (don't fragment)
	      -FM (more fragments)
	      -FR (reserved flag)
	      -F <offset>


	      within the IP header.  IP fragmentation options can
	      be specified individually or combined into a single
	      argument	to the -F command line switch by separat-
	      ing the options with commas (eg. '-FD,M') or spaces
	      (eg.  '-FM 223').	 The IP fragmentation offset is a
	      13-bit field with valid  values  from  0	to  8189.
	      Don't  fragment  (DF),  more fragments (MF) and the
	      reserved flag (RESERVED or RB) are 1-bit fields.




			   16 May 2003				3





NEMESIS-ICMP(1)					  NEMESIS-ICMP(1)


	      NOTE: Under normal conditions, the reserved flag is
	      unset.

       -I IP-ID
	      Specify the IP-ID within the IP header.

       -O IP-options-file
	      This  will  cause nemesis-icmp to use the specified
	      IP-options-file as the options when building the IP
	      header  for the injected packet.	IP options can be
	      up to 40 bytes in length.	 The IP options file must
	      be created manually based upon the desired options.
	      IP options can also be read from stdin by	 specify-
	      ing '-O -' instead of an IP-options-file.

       -S source-IP-address
	      Specify the source-IP-address within the IP header.

       -t IP-TOS
	      Specify the IP-type-of-service (TOS) within the  IP
	      header.  Valid type of service values:

	      2	 (Minimize monetary cost)
	      4	 (Maximize reliability)
	      8	 (Maximize throughput)
	      24 (Minimize delay)

	      NOTE:  Under  normal  conditions,	 only one type of
	      service is set within a packet.  To specify  multi-
	      ple types, specify the sum of the desired values as
	      the type of service.

       -T IP-TTL
	      IP-time-to-live (TTL) within the IP header.

DATA LINK OPTIONS
       -d Ethernet-device
	      Specify the name (for  UNIX-like	systems)  or  the
	      number (for Windows systems) of the Ethernet-device
	      to use (eg. fxp0, eth0, hme0, 1).

       -H source-MAC-address
	      Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).

       -M destination-MAC-address
	      Specify	       the	   destintion-MAC-address
	      (XX:XX:XX:XX:XX:XX).

       -Z list-network-interfaces
	      Lists the available network  interfaces  by  number
	      for use in link-layer injection.

	      NOTE: This feature is only relevant to Windows sys-
	      tems.



			   16 May 2003				4





NEMESIS-ICMP(1)					  NEMESIS-ICMP(1)


DIAGNOSTICS
       Nemesis-icmp returns 0 on a successful exit, 1 if it exits
       on an error.

BUGS
       Send   concise	and   clearly	written	 bug  reports  to
       jeff@snort.org

AUTHOR
       Jeff Nathan <jeff@snort.org>

       Originally   developed	by   Mark   Grimes   <mark@state-
       ful.net>

SEE ALSO
       nemesis-arp(1), nemesis-dns(1), nemesis-ethernet(1), neme-
       sis-igmp(1),  nemesis-ip(1),   nemesis-ospf(1),	 nemesis-
       rip(1), nemesis-tcp(1), nemesis-udp(1)







































			   16 May 2003				5


