NEMESIS-IP(1)							 NEMESIS-IP(1)



NAME
       nemesis-ip - IP Protocol (The Nemesis Project)

SYNOPSIS
       nemesis-ip  [-vZ?]  [-d	Ethernet-device ] [-D destination-IP-address ]
       [-F fragmentation-options ] [-H source-MAC-address ] [-I	 IP-ID	]  [-M
       destination-MAC-address	]  [-p IP-protocol-number ] [-P payload-file ]
       [-S source-IP-address ] [-t IP-TOS ] [-T IP-TTL ]

DESCRIPTION
       The Nemesis Project is designed to be a	command	 line-based,  portable
       human  IP stack for UNIX-like and Windows systems.  The suite is broken
       down by protocol, and should allow for  useful  scripting  of  injected
       packets from simple shell scripts.

       nemesis-ip  provides an interface to craft and inject IP packets allow-
       ing the user to inject an entirely arbitrary IP packet.

IP OPTIONS
       -D destination-IP-address
	      Specify the destination-IP-address within the IP header.

       -F fragmentation-options (-F[D],[M],[R],[offset])
	      Specify the fragmentation options:

	      -FD (don't fragment)
	      -FM (more fragments)
	      -FR (reserved flag)
	      -F <offset>

	      within the IP header.  IP fragmentation options can be specified
	      individually  or	combined into a single argument to the -F com-
	      mand line switch by separating  the  options  with  commas  (eg.
	      '-FD,M') or spaces (eg. '-FM 223').  The IP fragmentation offset
	      is a 13-bit field with valid values from 0 to 8189.  Don't frag-
	      ment  (DF),  more fragments (MF) and the reserved flag (RESERVED
	      or RB) are 1-bit fields.

	      NOTE: Under normal conditions, the reserved flag is unset.

       -I IP-ID
	      Specify the IP-ID within the IP header.

       -O IP-options-file
	      This will cause nemesis-ip to use the specified  IP-options-file
	      as  the  options	when  building	the IP header for the injected
	      packet.  IP options can be up to 40 bytes	 in  length.   The  IP
	      options  file  must  be  created manually based upon the desired
	      options.	IP options can also be read from stdin	by  specifying
	      '-O -' instead of an IP-options-file.

       -p IP-protocol-number
	      Specify  the  IP-protocol-number	as  an	integer	 within the IP
	      header.  Valid IP-protocol-numbers include:

	      0	   IP	       (pseudo protocol number)
	      1	   ICMP	       (internet control message protocol)
	      2	   IGMP	       (Internet Group Management)
	      3	   GGP	       (gateway-gateway protocol)
	      4	   IP-ENCAP    (IP encapsulated in IP (officially ``IP''))
	      5	   ST	       (ST datagram mode)
	      6	   TCP	       (transmission control protocol)
	      7	   UCL	       (UCL)
	      8	   EGP	       (exterior gateway protocol)
	      9	   IGP	       (any private interior gateway)
	      10   BBN-RCC-MON (BBN RCC Monitoring)
	      11   NVP-II      (Network Voice Protocol)
	      12   PUP	       (PARC universal packet protocol)
	      13   ARGUS       (ARGUS)
	      14   EMCON       (EMCON)
	      15   XNET	       (Cross Net Debugger)
	      16   CHAOS       (Chaos)
	      17   UDP	       (user datagram protocol)
	      18   MUX	       (Multiplexing)
	      19   DCN-MEAS    (DCN Measurement Subsystems)
	      20   HMP	       (host monitoring protocol)
	      21   PRM	       (Packet Radio Measurement)
	      22   XNS-IDP     (Xerox NS IDP)
	      23   TRUNK-1     (Trunk-1)
	      24   TRUNK-2     (Trunk-2)
	      25   LEAF-1      (Leaf-1)
	      26   LEAF-2      (Leaf-2)
	      27   RDP	       ("reliable datagram" protocol)
	      28   IRTP	       (Internet Reliable Transaction)
	      29   ISO-TP4     (ISO Transport Protocol class 4)
	      30   NETBLT      (Bulk Data Transfer Protocol)
	      31   MFE-NSP     (MFE Network Services Protocol)
	      32   MERIT-INP   (MERIT Internodal Protocol)
	      33   SEP	       (Sequential Exchange Protocol)
	      34   3PC	       (Third Party Connect Protocol)
	      35   IDPR	       (Inter-Domain Policy Routing Protocol)
	      36   XTP	       (Xpress Tranfer Protocol)
	      37   DDP	       (Datagram Delivery Protocol)
	      38   IDPR-CMTP   (IDPR Control Message Transport Protocol)
	      39   IDPR-CMTP   (IDPR Control Message Transport)
	      40   IL	       (IL Transport Protocol)
	      41   IPv6	       (Internet Protocol version 6)
	      42   SDRP	       (Source Demand Routing Protocol)
	      43   SIP-SR      (SIP Source Route)
	      44   SIP-FRAG    (SIP Fragment)
	      45   IDRP	       (Inter-Domain Routing Protocol)
	      46   RSVP	       (Reservation Protocol)
	      47   GRE	       (General Routing Encapsulation)
	      48   MHRP	       (Mobile Host Routing Protocol)
	      49   BNA	       (BNA)
	      50   IPSEC-ESP   (Encap Security Payload)
	      51   IPSEC-AH    (Authentication Header)
	      52   I-NLSP      (Integrated Net Layer Security TUBA)
	      53   SWIPE       (IP with Encryption)
	      54   NHRP	       (NBMA Next Hop Resolution Protocol)
	      55   MOBILEIP    (MobileIP encapsulation)
	      57   SKIP	       (SKIP)
	      58   IPv6-ICMP   (ICMP for IPv6)
	      59   IPv6-NoNxt  (No Next Header for IPv6)
	      60   IPv6-Opts   (Destination Options for IPv6)
	      61   any	       (host internal protocol)
	      62   CFTP	       (CFTP)
	      63   any	       (local network)
	      64   SAT-EXPAK   (SATNET and Backroom EXPAK)
	      65   KRYPTOLAN   (Kryptolan)
	      66   RVD	       (MIT Remote Virtual Disk Protocol)
	      67   IPPC	       (Internet Pluribus Packet Core)
	      68   any	       (distributed file system)
	      69   SAT-MON     (SATNET Monitoring)
	      70   VISA	       (VISA Protocol)
	      71   IPCV	       (Internet Packet Core Utility)
	      72   CPNX	       (Computer Protocol Network Executive)
	      73   CPHB	       (Computer Protocol Heart Beat)
	      74   WSN	       (Wang Span Network)
	      75   PVP	       (Packet Video Protocol)
	      76   BR-SAT-MON  (Backroom SATNET Monitoring)
	      77   SUN-ND      (SUN ND PROTOCOL-Temporary)
	      78   WB-MON      (WIDEBAND Monitoring)
	      79   WB-EXPAK    (WIDEBAND EXPAK)
	      80   ISO-IP      (ISO Internet Protocol)
	      81   VMTP	       (Versatile Message Transport)
	      82   SECURE-VMTP (SECURE-VMTP)
	      83   VINES       (VINES)
	      84   TTP	       (TTP)
	      85   NSFNET-IGP  (NSFNET-IGP)
	      86   DGP	       (Dissimilar Gateway Protocol)
	      87   TCF	       (TCF)
	      88   IGRP	       (IGRP)
	      89   OSPFIGP     (Open Shortest Path First IGP)
	      90   Sprite-RPC  (Sprite RPC Protocol)
	      91   LARP	       (Locus Address Resolution Protocol)
	      92   MTP	       (Multicast Transport Protocol)
	      93   AX.25       (AX.25 Frames)
	      94   IPIP	       (Yet Another IP encapsulation)
	      95   MICP	       (Mobile Internetworking Control Protocol)
	      96   SCC-SP      (Semaphore Communications Sec. Protocol)
	      97   ETHERIP     (Ethernet-within-IP Encapsulation)
	      98   ENCAP       (Yet Another IP encapsulation)
	      99   any	       (private encryption scheme)
	      100  GMTP	       (GMTP)
	      103  PIM	       (Protocol Independent Multicast)
	      108  IPComp      (IP Payload Compression Protocol)
	      112  VRRP	       (Virtual Router Redundancy Protocol)
	      255  Reserved


       -P payload-file
	      This will cause nemesis-ip to use the specified payload-file  as
	      the  payload  when  injecting  IP packets.  For packets injected
	      using the raw interface (where -d is not used) the maximum  pay-
	      load  size  is 65475 bytes.  For packets injected using the link
	      layer interface (where -d IS used), the maximum payload size  is
	      1440  bytes.  Payloads can also be read from stdin by specifying
	      '-P -' instead of a payload-file.

	      Windows systems are limited to a maximum payload	size  of  1440
	      bytes for IP packets.

	      The payload file can consist of any arbitary data though it will
	      be most useful to create a payload resembling the structure of a
	      packet type not supported by nemesis.  Used in this manner, vir-
	      tually any IP packet can be injected.

       -S source-IP-address
	      Specify the source-IP-address within the IP header.

       -t IP-TOS
	      Specify the  IP-type-of-service  (TOS)  within  the  IP  header.
	      Valid type of service values:

	      2	 (Minimize monetary cost)
	      4	 (Maximize reliability)
	      8	 (Maximize throughput)
	      24 (Minimize delay)

	      NOTE:  Under  normal conditions, only one type of service is set
	      within a packet.	To specify multiple types, specify the sum  of
	      the desired values as the type of service.

       -T IP-TTL
	      Specify the IP-time-to-live (TTL) within the IP header.

       -v verbose-mode
	      Display  the  injected packet in human readable form.  Use twice
	      to see a hexdump of the injected	packet	with  printable	 ASCII
	      characters  on the right.	 Use three times for a hexdump without
	      decoded ASCII.

DATA LINK OPTIONS
       -d Ethernet-device
	      Specify the name (for UNIX-like systems) or the number (for Win-
	      dows  systems)  of  the  Ethernet-device to use (eg. fxp0, eth0,
	      hme0, 1).

       -H source-MAC-address
	      Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).

       -M destination-MAC-address
	      Specify the destintion-MAC-address (XX:XX:XX:XX:XX:XX).

       -Z list-network-interfaces
	      Lists the available network interfaces  by  number  for  use  in
	      link-layer injection.

	      NOTE: This feature is only relevant to Windows systems.

DIAGNOSTICS
       Nemesis-ip returns 0 on a successful exit, 1 if it exits on an error.

BUGS
       Send concise and clearly written bug reports to jeff@snort.org

AUTHOR
       Jeff Nathan <jeff@snort.org>

SEE ALSO
       nemesis-arp(1),	nemesis-dns(1),	 nemesis-ethernet(1), nemesis-icmp(1),
       nemesis-igmp(1), nemesis-ospf(1), nemesis-rip(1), nemesis-tcp(1), neme-
       sis-udp(1)



				  16 May 2003			 NEMESIS-IP(1)
