Print pretty names for flags, pretty documentation, allow a user spec…

…ified timeout.

README → README.pod

@@ -1,12 +1,8 @@
-synfrag - Copyright Yahoo! Inc 2012
-
-Summary
-====================
+=head1 synfrag
 
 A network scanning tool for sending fragmented IPv4 and IPv6 packets.
 
-Description
-====================
+=head1 Description
 
 synfrag is a network scanning and penetration testing tool used to craft and
 send fragmented and unfragmented IPv4 and IPv6 packets. It currently supports
@@ -30,8 +26,7 @@ circumvent network protections.  However, many of these operating systems
 do not implement the same protections for all protocols, allowing some
 fragmented traffic through while blocking others.
 
-Notes
-====================
+=head1 Notes
 
 synfrag is currently under development and is missing some useful features.
 Namely, synfrag does not resolve hostnames nor discover the next-hop layer
@@ -49,18 +44,78 @@ to prevent the operating system from misinterpreting replies or to prevent
 synfrag scans, traffic sent to (or from) this port, or with this ICMP echo ID,
 can be discarded.
 
-License
-====================
+=head1 Examples
+
+The following is a simple example test using synfrag to probe TCP port 22 via
+unfragmented IPv4. Note that the dstmac parameter is set to that of the router
+between the srcip's network and the dstip's network:
+
+ %sudo ./synfrag \
+ --srcip 10.72.122.120 
+ --dstip 10.72.107.254 \
+ --interface eth1 \
+ --dstmac 00:00:0C:07:AC:01 \
+ --dstport 22 \
+ --test v4-tcp
+ Starting test "v4-tcp". Opening interface "eth1".
+
+ Ethernet Frame, ethertype 2048
+  Src MAC 00:1A:4B:C6:F5:2E
+  Dest MAC 00:00:0C:07:AC:01
+
+ IPv4 Packet:
+  Src IP: 10.72.122.120
+  Dst IP: 10.72.107.254
+  Protocol: 6
+  Frag Offset: 0
+  Flags: 0
+  Iphl: 5
+
+ TCP Packet:
+  Src Port: 44128
+  Dst Port: 22
+  Seq Num: 6026158
+  Ack Num: 0
+  Syn: 1
+  Ack: 0
+  Rst: 0
+
+ Packet transmission successful, waiting for reply...
+
+ IPv4 Packet:
+  Src IP: 10.72.107.254
+  Dst IP: 10.72.122.120
+  Protocol: 6
+  Frag Offset: 0
+  Flags: 2
+  Iphl: 5
+
+ TCP Packet:
+  Src Port: 22
+  Dst Port: 44128
+  Seq Num: 321403012
+  Ack Num: 6026159
+  Syn: 1
+  Ack: 1
+  Rst: 0
+
+ Test was successful.
+
+=head1 License
 
 synfrag is released under the BSD license. synfrag includes BSD licensed code
 from libnet, and links against libpcap, also licensed under the BSD license.
 
-Author
-====================
+=head1 Copyright
+
+Copyright Yahoo! Inc, 2012
+
+=head1 Author
+
 John Eaglesham
-Yahoo! Inc
 
-Changes
-====================
-1.0 - 20120209
+=head1 Changes
+
+=head2 1.0 - 20120209
+Initial release as open source.
 

README.txt

@@ -0,0 +1,116 @@
+synfrag
+    A network scanning tool for sending fragmented IPv4 and IPv6 packets.
+
+Description
+    synfrag is a network scanning and penetration testing tool used to craft
+    and send fragmented and unfragmented IPv4 and IPv6 packets. It currently
+    supports sending both TCP SYN, ICMP echo (ping), and ICMP6 echo packets.
+    Various fragmentation configurations are also available. synfrag tries
+    its best to read any replies sent by targeted hosts to determine if they
+    are willing or able to respond.
+
+    The purpose of synfrag is to test host and network responses to
+    fragmented requests. Many current routers implement access control lists
+    (ACLs) in a manner that is unable to properly detect traffic inside
+    fragmented IP packets, leading to situations where hosts are believed to
+    be isolated from internet traffic by these ACLs. In some cases,
+    specially crafted packets can bypass these router ACLs by taking
+    advantage of their inability to properly process fragmented packets,
+    exposing hosts to the internet unprotected.
+
+    Some operating systems implement a security mechanism that ignores
+    fragmented TCP SYN packets, preventing connections from being
+    established under the assumption that these packets are abnormal and
+    specially designed to circumvent network protections. However, many of
+    these operating systems do not implement the same protections for all
+    protocols, allowing some fragmented traffic through while blocking
+    others.
+
+Notes
+    synfrag is currently under development and is missing some useful
+    features. Namely, synfrag does not resolve hostnames nor discover the
+    next-hop layer 2 address, and requires the user to specify these
+    parameters.
+
+    Additionally, synfrag does not attempt to prevent the host operating
+    system from interpreting any replies received from scanned hosts,
+    meaning that after a scan the operating system may send a TCP RST packet
+    to the scanned host, misinterpreting its reply as meant for the
+    operating system. This can be worked around via firewall rules.
+
+    TCP SYN requests sent by synfrag currently all use the source port
+    44128. The same number is used for ICMP/6 echo packet IDs. When writing
+    firewall rules to prevent the operating system from misinterpreting
+    replies or to prevent synfrag scans, traffic sent to (or from) this
+    port, or with this ICMP echo ID, can be discarded.
+
+Examples
+    The following is a simple example test using synfrag to probe TCP port
+    22 via unfragmented IPv4. Note that the dstmac parameter is set to that
+    of the router between the srcip's network and the dstip's network:
+
+     %sudo ./synfrag \
+     --srcip 10.72.122.120 
+     --dstip 10.72.107.254 \
+     --interface eth1 \
+     --dstmac 00:00:0C:07:AC:01 \
+     --dstport 22 \
+     --test v4-tcp
+     Starting test "v4-tcp". Opening interface "eth1".
+
+ Ethernet Frame, ethertype 2048
+      Src MAC 00:1A:4B:C6:F5:2E
+      Dest MAC 00:00:0C:07:AC:01
+
+ IPv4 Packet:
+      Src IP: 10.72.122.120
+      Dst IP: 10.72.107.254
+      Protocol: 6
+      Frag Offset: 0
+      Flags: 0
+      Iphl: 5
+
+ TCP Packet:
+      Src Port: 44128
+      Dst Port: 22
+      Seq Num: 6026158
+      Ack Num: 0
+      Syn: 1
+      Ack: 0
+      Rst: 0
+
+ Packet transmission successful, waiting for reply...
+
+ IPv4 Packet:
+      Src IP: 10.72.107.254
+      Dst IP: 10.72.122.120
+      Protocol: 6
+      Frag Offset: 0
+      Flags: 2
+      Iphl: 5
+
+ TCP Packet:
+      Src Port: 22
+      Dst Port: 44128
+      Seq Num: 321403012
+      Ack Num: 6026159
+      Syn: 1
+      Ack: 1
+      Rst: 0
+
+ Test was successful.
+
+License
+    synfrag is released under the BSD license. synfrag includes BSD licensed
+    code from libnet, and links against libpcap, also licensed under the BSD
+    license.
+
+Copyright
+    Copyright Yahoo! Inc, 2012
+
+Author
+    John Eaglesham
+
+Changes
+  1.0 - 20120209
+Initial release as open source.

flag_names.c

@@ -0,0 +1,9 @@
+tcp_flag_names[0] = NULL;
+tcp_flag_names[1] = "CWR";
+tcp_flag_names[2] = "ECN";
+tcp_flag_names[3] = "URG";
+tcp_flag_names[4] = "ACK";
+tcp_flag_names[5] = "PSH";
+tcp_flag_names[6] = "RST";
+tcp_flag_names[7] = "SYN";
+tcp_flag_names[8] = "FIN";

flag_names.h

@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) 2012, Yahoo! Inc All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ *     Redistributions of source code must retain the above copyright notice,
+ *     this list of conditions and the following disclaimer.  Redistributions
+ *     in binary form must reproduce the above copyright notice, this list
+ *     of conditions and the following disclaimer in the documentation and/or
+ *     other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * Author: John Eaglesham
+ */
+
+char *tcp_flags_to_names( unsigned char );
+char *icmp_type_to_name( unsigned char );
+char *icmp_code_to_name( unsigned char, unsigned char );