


NEMESIS-RIP(1)					   NEMESIS-RIP(1)


NAME
       nemesis-rip - RIP Protocol (The Nemesis Project)

SYNOPSIS
       nemesis-rip  [-vZ?]  [-a RIP-address-family ] [-c RIP-com-
       mand ] [-d Ethernet-device ] [-D destination-IP-address	]
       [-F fragmentation-options ] [-h RIP-next-hop-address ] [-H
       source-MAC-address ] [-i RIP-route-address ] [-I	 IP-ID	]
       [-k RIP-network-address-mask ] [-m RIP-metric ] [-M desti-
       nation-MAC-address ] [-O IP-options-file	 ]  [-P	 payload-
       file  ]	[-r  RIP-routing-domain ] [-R RIP-route-tag ] [-S
       source-IP-address ] [-t IP-TOS ] [-T IP-TTL ] [-V RIP-ver-
       sion ] [-x source-port ] [-y destination-port ]

DESCRIPTION
       The  Nemesis  Project  is  designed  to be a command line-
       based, portable human IP stack for UNIX-like  and  Windows
       systems.	 The suite is broken down by protocol, and should
       allow for useful scripting of injected packets from simple
       shell scripts.

       nemesis-rip  provides an interface to craft and inject RIP
       packets allowing the user to specify any portion of a  RIP
       packet as well as lower-level IP packet information.

RIP Options
       -a RIP-address-family
	      Specify	the  RIP-address-family	 within	 the  RIP
	      header.

	      NOTE: Under normal conditions,  the  address-family
	      value is 2 - indicating IP.

       -c RIP-command
	      Specify  the  RIP-command	 within	 the  RIP header.
	      Valid RIP command values:

	      1	 (Request)
	      2	 (Reply)
	      3	 (Trace on - obsolete)
	      4	 (Trace off - obsolete)
	      5	 (Poll)
	      6	 (Poll entry)
	      7	 (Max)

	      NOTE: Under  normal  conditions,	only  commands	1
	      (Request) and 2 (Reply) are valid.

       -h RIP-next-hop address
	      Specify  the  RIP-next-hop-address  within  the RIP
	      header.  The next hop address value is  0	 for  RIP
	      version  1.  For RIP version 2 the next hop address
	      specifies the IP address of the next route  in  the
	      path  to the destination host or network.	 Also for



			   18 May 2003				1





NEMESIS-RIP(1)					   NEMESIS-RIP(1)


	      RIP version 2, if this value is  0,  the	next  hop
	      address is the IP address of the router originating
	      the RIP update.

       -i RIP-route-address
	      Specify  the  RIP-route-address  within	the   RIP
	      header.	This  value  species the destination net-
	      work, subnet or host of route in the form of an  IP
	      address.

       -k RIP-network-address-mask
	      Specify the RIP-network-address-mask within the RIP
	      header.  The network address mask value  is  0  for
	      RIP  version  1.	 For  RIP  version  2 the network
	      address mask specifies the mask associated with the
	      route.

       -m RIP-metric
	      Specify  the  RIP-metric	within	the  RIP  header.
	      Valid RIP-metric values range from 1 to 16.  A RIP-
	      metric  value of 16 is used to invalidate	 a route.

       -P payload-file
	      This will case nemesis-rip  to  use  the	specified
	      payload-file  as	the  payload  when  injecting RIP
	      packets.	For packets injected using the raw inter-
	      face  (where  -d	is not used), the maximum payload
	      size is 65393 bytes.  For	 packets  injected  using
	      the  link	 layer	interface (where -d IS used), the
	      maximum payload size is 1358 bytes.   Payloads  can
	      also  be	read  from  stdin  by  specifying  '-P -'
	      instead of a payload file.

	      Windows systems are limited to  a	 maximum  payload
	      size of 1358 bytes for RIP packets.

       -r RIP-routing-domain
	      Specify	the  RIP-routing-domain	 within	 the  RIP
	      header.  A routing domain value of 0  is	used  for
	      RIP  version  1.	 For  RIP  version  2 the routing
	      domain field is used to identify a unique RIP  pro-
	      cess on the host or router.

       -R RIP-route-tag
	      Specify  the  RIP-route-tag  within the RIP header.
	      The RIP route tag value is used to support exterior
	      gatetway	protocols.   It A route tag value of 0 is
	      used for RIP version 1.	For  RIP  version  2  the
	      route  tag field will contain the autonomous system
	      (AS) number for exterior gateway protocol (EGP) and
	      border  gateway protocol (BGP).  RIP version 2 pre-
	      serves this value when a route is re-advertised.





			   18 May 2003				2





NEMESIS-RIP(1)					   NEMESIS-RIP(1)


       -V RIP-version
	      Specify the RIP-version within the RIP header.

	      NOTE: Under normal condtions only versions 1 and	2
	      are valid.

       -v verbose-mode
	      Display the injected packet in human readable form.
	      Use twice to see a hexdump of the injected  packet.

UDP OPTIONS
       -x source-port
	      Specify the source-port within the UDP header.

       -y destination-port
	      Specify the destination-port within the UDP header.

IP OPTIONS
       -D destination-IP-address
	      Specify the destination-IP-address  within  the  IP
	      header.	If a destination IP address is not speci-
	      fied, one will automatically be selected	depending
	      on  the  RIP version.  By default, RIP version 2 is
	      used in  which  case  the	 default  destination  IP
	      address  is  IP  address is automatically generated
	      and the last octet (least significant bits) are set
	      to  0xff;	 this  is an attempt to emulate a network
	      broadcast to a C class network.  If a  RIP  version
	      other  than 1 or 2 is specified, the destination IP
	      address is entirely random.

       -F fragmentation-options (-F[D],[M],[R],[offset])
	      Specify the fragmentation options:

	      -FD (don't fragment)
	      -FM (more fragments)
	      -FR (reserved flag)
	      -F <offset>

	      within the IP header.  IP fragmentation options can
	      be specified individually or combined into a single
	      argument to the -F command line switch by	 separat-
	      ing the options with commas (eg. '-FD,M') or spaces
	      (eg. '-FM 223').	The IP fragmentation offset is	a
	      13-bit  field  with  valid  values  from 0 to 8189.
	      Don't fragment (DF), more fragments  (MF)	 and  the
	      reserved flag (RESERVED or RB) are 1-bit fields.

	      NOTE: Under normal conditions, the reserved flag is
	      unset.

       -I IP-ID
	      Specify the IP-ID within the IP header.




			   18 May 2003				3





NEMESIS-RIP(1)					   NEMESIS-RIP(1)


       -O IP-options-file
	      This will cause nemesis-rip to  use  the	specified
	      IP-options-file as the options when building the IP
	      header for the injected packet.  IP options can  be
	      up to 40 bytes in length.	 The IP options file must
	      be created manually based upon the desired options.
	      IP  options can also be read from stdin by specify-
	      ing '-O -' instead of an IP-options-file.

       -S source-IP-address
	      Specify the source-IP-address within the IP header.

       -t IP-TOS
	      Specify  the IP-type-of-service (TOS) within the IP
	      header.  Valid type of service values:

	      2	 (Minimize monetary cost)
	      4	 (Maximize reliability)
	      8	 (Maximize throughput)
	      24 (Minimize delay)

	      NOTE: Under normal conditions,  only  one	 type  of
	      service  is set within a packet.	To specify multi-
	      ple types, specify the sum of the desired values as
	      the type of service.

       -T IP-TTL
	      Specify  the  IP-time-to-live  (TTL)  within the IP
	      header.

DATA LINK OPTIONS
       -d Ethernet-device
	      Specify the name (for  UNIX-like	systems)  or  the
	      number (for Windows systems) of the Ethernet-device
	      to use (eg. fxp0, eth0, hme0, 1).

       -H source-MAC-address
	      Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).

       -M destination-MAC-address
	      Specify	       the	   defination-MAC-address
	      (XX:XX:XX:XX:XX:XX).

       -Z list-network-interfaces
	      Lists the available network  interfaces  by  number
	      for use in link-layer injection.

	      NOTE: This feature is only relevant to Windows sys-
	      tems.

DIAGNOSTICS
       Nemesis-rip returns 0 on a successful exit, 1 if it  exits
       on an error.




			   18 May 2003				4





NEMESIS-RIP(1)					   NEMESIS-RIP(1)


BUGS
       Send   concise	and   clearly	written	 bug  reports  to
       jeff@snort.org

AUTHOR
       Jeff Nathan <jeff@snort.org>

       Originally developed by Mark Grimes <mark@stateful.net>

SEE ALSO
       nemesis-arp(1), nemesis-dns(1), nemesis-ethernet(1), neme-
       sis-icmp(1),   nemesis-igmp(1),	 nemesis-ip(1),	 nemesis-
       ospf(1), nemesis-tcp(1), nemesis-udp(1)












































			   18 May 2003				5


