A program intercepts and analyzes ICMP packets from a network interface specified by a user. If an ICMP tunnel is found, displays warning that contains IP addresses of hosts and possible process IDs.
- Python
^3.7.4 - Pip
^19.0.3 - Superuser privileges
git clone https://github.com/itfray/ICMP-tunnel-detector.git
cd ./ICMP-tunnel-detector-
python -m pip install -r requirements.txt
-
python3 -m pip install -r requirements.txt
-
python sniffer.py -la [ipv4 address]
-
python3 sniffer.py -la [ipv4 address]
python sniffer.py -h
usage: sniffer.py [-h] [-la LISTEN_ADDR] [-t TIMEOUT] [-f FILE] [-d]
ICMP-tunneling: sniffer script
options:
-h, --help show this help message and exit
-la LISTEN_ADDR, --listen_addr LISTEN_ADDR
Specifies the interface's address that listen icmp-traffic
-t TIMEOUT, --timeout TIMEOUT
Specifies the timeout for sniffer operation
-f FILE, --file FILE Specifies the filename for sniffer's pcap file
-d, --debug Displays debugging information
-laor--listen_addris a IPv4 address of listened network interface. If host is in192.168.1.0/24local network and has192.168.1.2IP address. If necessary, receive ICMP messages from this network, for which you need to specify the-lavalue192.168.1.2.
If an ICMP tunnel is found, displays warning:
[H:M:S.f] Possible tunnel detected: A.B.C.D:X --> D.B.C.A
else displays information:
[H:M:S.f] A.B.C.D --> D.B.C.A
Client:
python client.py -h
usage: client.py [-h] [-pid PROCESS_ID] [-lid LISTEN_ID] [-la LISTEN_ADDR] [-c COEFF] [-t TIMEOUT] [-dr] [-di] [-df] [-f FILE]
[-sb SIZE_BLOCK_FILE] [-d]
remote_addr
ICMP-tunneling: client script
positional arguments:
remote_addr Specifies the address server
options:
-h, --help show this help message and exit
-pid PROCESS_ID, --process_id PROCESS_ID
Specifies the connection icmp id for client
-lid LISTEN_ID, --listen_id LISTEN_ID
Specifies the connection icmp id for server
-la LISTEN_ADDR, --listen_addr LISTEN_ADDR
Specifies the interface's address that listen server
-c COEFF, --coeff COEFF
Specifies the one of scrambler coefficients
-t TIMEOUT, --timeout TIMEOUT
Specifies the timeout for server operation
-dr, --data_rand Specifies the mode random generating data
-di, --data_inp Specifies the mode input generating data
-df, --data_file Specifies the mode file generating data
-f FILE, --file FILE Specifies the filename for mode file generating data
-sb SIZE_BLOCK_FILE, --size_block_file SIZE_BLOCK_FILE
Specifies the size for block reading file for mode file generating data
-d, --debug Displays debugging information
Server:
python server.py -h
usage: server.py [-h] [-pid PROCESS_ID] [-lid LISTEN_ID] [-la LISTEN_ADDR] [-c COEFF] [-t TIMEOUT] [-d]
ICMP-tunneling: server script
options:
-h, --help show this help message and exit
-pid PROCESS_ID, --process_id PROCESS_ID
Specifies the connection icmp id for server
-lid LISTEN_ID, --listen_id LISTEN_ID
Specifies the connection icmp id for client
-la LISTEN_ADDR, --listen_addr LISTEN_ADDR
Specifies the interface's address that listen server
-c COEFF, --coeff COEFF
Specifies the one of scrambler coefficients
-t TIMEOUT, --timeout TIMEOUT
Specifies the timeout for server operation
-d, --debug Displays debugging information
Open new terminal and run sniffer:
python sniffer.py -la 127.0.0.1
Open new terminal and run server:
python server.py -la 127.0.0.1
Open new terminal and run client:
python client.py 127.0.0.1 -la 127.0.0.1 -di
Enter different data to the client console.
To get debugging information about types of messages sent, specify a flag
-d.
MIT. See LICENSE.