NEMESIS-ICMP(1)						       NEMESIS-ICMP(1)



NAME
       nemesis-icmp - ICMP Protocol (The Nemesis Project)

SYNOPSIS
       nemesis-icmp  [-vZ?]  [-a  ICMP-timestamp-request-reply-transmit-time ]
       [-b original-destination-IP-address ] [-B original-source-IP-address  ]
       [-c  ICMP-code ] [-d Ethernet-device ] [-D destination-IP-address ] [-e
       ICMP-ID ] [-f original-IP-fragmentation ] [-F  fragmentation-options  ]
       [-G  preferred-gateway  ]  [-H source-MAC-address ] [-i ICMP-type ] [-I
       IP-ID ] [-j original-IP-TOS ] [-J original-IP-TTL  ]  [-l  original-IP-
       options-file  ] [-m ICMP-mask ] [-M destination-MAC-address ] [-o ICMP-
       timestamp-request-transmit-time ] [-O IP-options-file ]	[-p  original-
       IP-protocol  ]  [-P  payload-file ] [-q ICMP-injection-mode ] [-r ICMP-
       timestamp-request-reply-received-time ] [-S source-IP-address ] [-t IP-
       TOS ] [-T IP-TTL ]

DESCRIPTION
       The  Nemesis  Project  is designed to be a command line-based, portable
       human IP stack for UNIX-like and Windows systems.  The suite is	broken
       down  by	 protocol,  and	 should allow for useful scripting of injected
       packets from simple shell scripts.

       nemesis-icmp provides an interface to craft  and	 inject	 ICMP  packets
       allowing	 the  user to specify any portion of an ICMP packet as well as
       lower-level IP packet information.

ICMP Options
       -c ICMP-type
	      Specify the ICMP-code within the ICMP header.

       -e ICMP-ID
	      Specify the ICMP-ID within the ICMP header.

       -G preferred-gateway
	      Specify  the  preferred-gateway-IP-address  for  ICMP   redirect
	      injection.

       -i ICMP-type
	      Specify the ICMP-type within the ICMP header.

       -m address-mask
	      Specify the IP-address-mask for ICMP address mask packets.

       -P payload-file
	      This will case nemesis-icmp to use the specified payload-file as
	      the payload when injecting ICMP packets.	For  packets  injected
	      using the raw interface (where -d is not used), the maximum pay-
	      load size is 65387 bytes.	 For packets injected using  the  link
	      layer  interface (where -d IS used), the maximum payload size is
	      1352 bytes.  Payloads can also be read from stdin by  specifying
	      '-P -' instead of a payload file.

	      Windows  systems	are  limited to a maximum payload size of 1352
	      bytes for ICMP packets.

       -q ICMP-injection-mode
	      Specify the ICMP-injection-mode to use  when  injecting.	 Valid
	      modes are:

	      -qE (ICMP echo)
	      -qM (ICMP address mask)
	      -qU (ICMP unreachable)
	      -qX (ICMP time exceeded)
	      -qR (ICMP redirect)
	      -qT (ICMP timestamp)

	      Only one mode may be specified at a time.

       -s ICMP-sequence-number
	      Specify the ICMP-sequence-number within the ICMP header.

       -v verbose-mode
	      Display  the  injected packet in human readable form.  Use twice
	      to see a hexdump of the injected	packet	with  printable	 ASCII
	      characters  on the right.	 Use three times for a hexdump without
	      decoded ASCII.

ICMP TIMESTAMP OPTIONS
       -a ICMP-timestamp-request-reply-transmit-time
	      Specify the ICMP-timestamp-request-reply-transmit-time (the time
	      a reply to an ICMP timestamp request was transmitted) within the
	      ICMP timestamp header.

       -o ICMP-timestamp-request-transmit-time
	      Specify the ICMP-timestamp-request-transmit-time	(the  time  an
	      ICMP  timestamp  request was transmitted) within the ICMP times-
	      tamp header.

       -r ICMP-timestamp-request-reply-received-time
	      Specify the ICMP-timestamp-request-reply-received-time (the time
	      a	 reply	to  an ICMP timestamp request was received) within the
	      ICMP timestamp header.

ICMP ORIGINAL DATAGRAM OPTIONS
       -b original-destination-IP-address
	      Specify  the  original-destination-IP-address  within  an	  ICMP
	      unreachable, redirect or time exceeded packet.

       -B original-source-IP-address
	      Specify  the  original-source-IP-address within an ICMP unreach-
	      able, redirect or time exceeded packet.

       -f original-fragmentation-options
	      Specify the  original-IP-fragmentation-options  within  an  ICMP
	      unreachable,  redirect or time exceeded packet.  For more infor-
	      mation reference the '-F' command line switch.

       -j original-IP-TOS
	      Specify the original-IP-type-of-service  (TOS)  within  an  ICMP
	      unreachable, redirect or time exceeded packet.

       -J original-IP-TTL
	      Specify	the  original-IP-time-to-live  (TTL)  within  an  ICMP
	      unreachable, redirect or time exceeded packet.

       -l original-IP-options-file
	      This will cause nemesis-icmp to use the  specified  original-IP-
	      options-file as the options when building the original IP header
	      for the injected ICMP unreachable,  redirect  or	time  exceeded
	      packet.	IP  options  can  be up to 40 bytes in length.	The IP
	      options file must be created manually  based  upon  the  desired
	      options.	 IP  options can also be read from stdin by specifying
	      '-O -' instead of an IP-options-file.

       -p original-IP-protocol
	      Specify the  original-IP-protocol	 within	 an  ICMP  unrechable,
	      redirect or time exceeded packet.

IP OPTIONS
       -D destination-IP-address
	      Specify the destination-IP-address within the IP header.

       -F fragmentation-options (-F[D],[M],[R],[offset])
	      Specify the fragmentation options:

	      -FD (don't fragment)
	      -FM (more fragments)
	      -FR (reserved flag)
	      -F <offset>


	      within the IP header.  IP fragmentation options can be specified
	      individually or combined into a single argument to the  -F  com-
	      mand  line  switch  by  separating  the options with commas (eg.
	      '-FD,M') or spaces (eg. '-FM 223').  The IP fragmentation offset
	      is a 13-bit field with valid values from 0 to 8189.  Don't frag-
	      ment (DF), more fragments (MF) and the reserved  flag  (RESERVED
	      or RB) are 1-bit fields.

	      NOTE: Under normal conditions, the reserved flag is unset.

       -I IP-ID
	      Specify the IP-ID within the IP header.

       -O IP-options-file
	      This  will  cause	 nemesis-icmp to use the specified IP-options-
	      file as the options when building the IP header for the injected
	      packet.	IP  options  can  be up to 40 bytes in length.	The IP
	      options file must be created manually  based  upon  the  desired
	      options.	 IP  options can also be read from stdin by specifying
	      '-O -' instead of an IP-options-file.

       -S source-IP-address
	      Specify the source-IP-address within the IP header.

       -t IP-TOS
	      Specify the  IP-type-of-service  (TOS)  within  the  IP  header.
	      Valid type of service values:

	      2	 (Minimize monetary cost)
	      4	 (Maximize reliability)
	      8	 (Maximize throughput)
	      24 (Minimize delay)

	      NOTE:  Under  normal conditions, only one type of service is set
	      within a packet.	To specify multiple types, specify the sum  of
	      the desired values as the type of service.

       -T IP-TTL
	      IP-time-to-live (TTL) within the IP header.

DATA LINK OPTIONS
       -d Ethernet-device
	      Specify the name (for UNIX-like systems) or the number (for Win-
	      dows systems) of the Ethernet-device to  use  (eg.  fxp0,	 eth0,
	      hme0, 1).

       -H source-MAC-address
	      Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).

       -M destination-MAC-address
	      Specify the destintion-MAC-address (XX:XX:XX:XX:XX:XX).

       -Z list-network-interfaces
	      Lists  the  available  network  interfaces  by number for use in
	      link-layer injection.

	      NOTE: This feature is only relevant to Windows systems.

DIAGNOSTICS
       Nemesis-icmp returns 0 on a successful exit, 1 if it exits on an error.

BUGS
       Send concise and clearly written bug reports to jeff@snort.org

AUTHOR
       Jeff Nathan <jeff@snort.org>

       Originally   developed  by  Mark	 Grimes	 <mark@stateful.net>

SEE ALSO
       nemesis-arp(1),	nemesis-dns(1),	 nemesis-ethernet(1), nemesis-igmp(1),
       nemesis-ip(1), nemesis-ospf(1), nemesis-rip(1),	nemesis-tcp(1),	 neme-
       sis-udp(1)



				  16 May 2003		       NEMESIS-ICMP(1)
