NEMESIS-DNS(1)							NEMESIS-DNS(1)



NAME
       nemesis-dns - DNS Protocol (The Nemesis Project)

SYNOPSIS
       nemesis-dns  [-kvZ?]  [-a ack-number ] [-A number-of-authoritative-DNS-
       resource-records ] [-b number-of-DNS-answers ]  [-d  Ethernet-device  ]
       [-D  destination-IP-address ] [-f TCP-flags ] [-F fragmentation-options
       ] [-g DNS-flags ] [-H source-MAC-address ] [-i DNS-ID ] [-I IP-ID ] [-M
       destination-MAC-address	] [-o TCP-options-file ] [-O IP-options-file ]
       [-P payload-file ] [-q number-of-DNS-questions  ]  [-r  number-of-addi-
       tional-DNS-resource-records  ]  [-s  sequence-number  ]	[-S source-IP-
       address ] [-t IP-TOS ] [-T IP-TTL ] [-u urgent-pointer  ]  [-w  window-
       size ] [-x TCP/UDP-source-port ] [-y TCP/UDP-destination-port ]

DESCRIPTION
       The  Nemesis  Project  is designed to be a command line-based, portable
       human IP stack for UNIX-like and Windows systems.  The suite is	broken
       down  by	 protocol,  and	 should allow for useful scripting of injected
       packets from simple shell scripts.

       nemesis-dns provides an interface  to  craft  and  inject  DNS  packets
       allowing	 the  user  to	specify any portion of a DNS packet as well as
       lower-level IP and TCP/UDP packet information.

DNS OPTIONS
       -A number-of-authoritative-resource-records
	      Specify the number-of-authoritative-resource-records within  the
	      DNS header.

       -b Number-of-answer-resource-records
	      Specify  the  number-of-answer-resource-records  within  the DNS
	      header.

       -g DNS-flags
	      Specify the DNS-flags within the DNS header.

       -i DNS-ID
	      Specify the DNS-ID within the DNS header.

       -k TCP-transport-mode
	      Enables the use of TCP when injecting DNS packets.

       -P payload-file
	      This will cause nemesis-dns to use the specified payload-file as
	      the  payload  when  injecting DNS packets.  For packets injected
	      using the raw interface (where -d is not used), the maximum pay-
	      load  size is 65443 bytes for DNS packets injected using TCP and
	      65455 for DNS packets injected using UDP.	 For packets  injected
	      using  the  link layer interface (where -d IS used), the maximum
	      payload size is 1368 bytes for TCP DNS packets  and  1420	 bytes
	      for  UDP	DNS  packets.  Payloads can also be read from stdin by
	      specifying '-P -' instead of a payload-file.

	      Windows systems are limited to a maximum payload	size  of  1368
	      bytes for TCP DNS packets and 1420 bytes for UDP DNS packets.

	      The  payload  file  can  consist of any arbitrary data though it
	      will be most useful to create a payload resembling the structure
	      of  the DNS packet specified using the command-line options.  In
	      order to send real DNS packets, a payload containing the	appro-
	      priate record data (as specified in the DNS header) must be cre-
	      ated manually.

       -q Number-of-questions
	      Specify the number-of-questions within the DNS header.

       -r Number-of-additional-resource-records
	      Specify the number-of-additional-resource-records within the DNS
	      header.

       -v verbose-mode
	      Display  the  injected packet in human readable form.  Use twice
	      to see a hexdump of the injected	packet	with  printable	 ASCII
	      characters  on the right.	 Use three times for a hexdump without
	      decoded ASCII.

TCP OPTIONS (enabled via -k)
       -a Acknowledgement-Number
	      Specify the acknowledgement-number (ACK number) within  the  TCP
	      header.

       -f TCP flags (-fS/-fA/-fR/-fP/-fF/-fU/-fE/-fC)
	      Specify the TCP flags:

	      -fS (SYN)
	      -fA (ACK)
	      -fR (RST)
	      -fP (PSH)
	      -fF (FIN)
	      -fU (URG)
	      -fE (ECE)
	      -fC (CWR)

	      within  the  TCP	header.	  Flags	 can  be  combined in the form
	      '-fPA'.

       -o TCP-options-file
	      This will cause nemesis-dns to use  the  specified  TCP-options-
	      file  as	the  options  when  building  the  TCP	header for the
	      injected packet.	TCP options can be up to 40 bytes  in  length.
	      The  TCP	options	 file  must be created manually based upon the
	      desired options.	TCP options can also be	 read  from  stdin  by
	      specifying '-o -' instead of a TCP-options-file.

       -s  sequence-number
	      Specify the sequence-number within the TCP header.

       -u urgent-pointer-offset
	      Specify the urgent-pointer-offset within the TCP header.

       -w window-size
	      Specify the window-size within the TCP header.

       -x TCP-source-port
	      Specify the TCP-source-port packet within the TCP header.

       -y TCP-destination port
	      Specify the TCP-destintion-port within the TCP header.

UDP OPTIONS
       -x UDP-source-port
	      Source Port of injected packet.

       -y UDP-Destination-Port
	      Target Port of injected packet.

IP OPTIONS
       -D destination-IP-address
	      Specify the destination-IP-address within the IP header.

       -F fragmentation-options (-F[D],[M],[R],[offset])
	      Specify the fragmentation options:

	      -FD (don't fragment)
	      -FM (more fragments)
	      -FR (reserved flag)
	      -F <offset>

	      within the IP header.  IP fragmentation options can be specified
	      individually or combined into a single argument to the  -F  com-
	      mand  line  switch  by  separating  the options with commas (eg.
	      '-FD,M') or spaces (eg. '-FM 223').  The IP fragmentation offset
	      is a 13-bit field with valid values from 0 to 8189.  Don't frag-
	      ment (DF), more fragments (MF) and the reserved  flag  (RESERVED
	      or RB) are 1-bit fields.

	      NOTE: Under normal conditions, the reserved flag is unset.

       -I IP-ID
	      Specify the IP-ID within the IP header.

       -O IP-options-file
	      This will cause nemesis-dns to use the specified IP-options-file
	      as the options when building the	IP  header  for	 the  injected
	      packet.	IP  options  can  be up to 40 bytes in length.	The IP
	      options file must be created manually  based  upon  the  desired
	      options.	 IP  options can also be read from stdin by specifying
	      '-O -' instead of an IP-options-file.

       -S source-IP-address
	      Specify the source-IP-address within the IP header.

       -t IP-TOS
	      Specify the  IP-type-of-service  (TOS)  within  the  IP  header.
	      Valid type of service values:

	      2	 (Minimize monetary cost)
	      4	 (Maximize reliability)
	      8	 (Maximize throughput)
	      24 (Minimize delay)

	      NOTE:  Under  normal conditions, only one type of service is set
	      within a packet.	To specify multiple types, specify the sum  of
	      the desired values as the type of service.

       -T IP-TTL
	      Specify the IP-time-to-live (TTL) within the IP header.

DATA LINK OPTIONS
       -d Ethernet-device
	      Specify the name (for UNIX-like systems) or the number (for Win-
	      dows systems) of the Ethernet-device to  use  (eg.  fxp0,	 eth0,
	      hme0, 1).

       -H source-MAC-address
	      Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).

       -M destination-MAC-address
	      Specify the defination-MAC-address (XX:XX:XX:XX:XX:XX).

       -Z list-network-interfaces
	      Lists  the  available  network  interfaces  by number for use in
	      link-layer injection.

	      NOTE: This feature is only relevant to Windows systems.

DIAGNOSTICS
       Nemesis-dns returns 0 on a successful exit, 1 if it exits on an	error.

BUGS
       An interface for users to create DNS packet payloads should be created.

       Send concise and clearly written bug reports to jeff@snort.org

AUTHOR
       Jeff Nathan <jeff@snort.org>

       Originally developed by Mark Grimes <mark@stateful.net>

SEE ALSO
       nemesis-arp(1), nemesis-ethernet(1), nemesis-icmp(1),  nemesis-igmp(1),
       nemesis-ip(1),  nemesis-ospf(1),	 nemesis-rip(1), nemesis-tcp(1), neme-
       sis-udp(1)



				  17 May 2003			NEMESIS-DNS(1)
