NEMESIS-RIP(1)							NEMESIS-RIP(1)



NAME
       nemesis-rip - RIP Protocol (The Nemesis Project)

SYNOPSIS
       nemesis-rip  [-vZ?] [-a RIP-address-family ] [-c RIP-command ] [-d Eth-
       ernet-device ] [-D destination-IP-address ] [-F fragmentation-options ]
       [-h  RIP-next-hop-address  ]  [-H  source-MAC-address  ] [-i RIP-route-
       address ] [-I IP-ID ] [-k RIP-network-address-mask ] [-m	 RIP-metric  ]
       [-M  destination-MAC-address ] [-O IP-options-file ] [-P payload-file ]
       [-r RIP-routing-domain ] [-R RIP-route-tag ]  [-S  source-IP-address  ]
       [-t  IP-TOS ] [-T IP-TTL ] [-V RIP-version ] [-x source-port ] [-y des-
       tination-port ]

DESCRIPTION
       The Nemesis Project is designed to be a	command	 line-based,  portable
       human  IP stack for UNIX-like and Windows systems.  The suite is broken
       down by protocol, and should allow for  useful  scripting  of  injected
       packets from simple shell scripts.

       nemesis-rip  provides  an  interface  to	 craft	and inject RIP packets
       allowing the user to specify any portion of a RIP  packet  as  well  as
       lower-level IP packet information.

RIP Options
       -a RIP-address-family
	      Specify the RIP-address-family within the RIP header.

	      NOTE:  Under  normal conditions, the address-family value is 2 -
	      indicating IP.

       -c RIP-command
	      Specify the RIP-command within the RIP header.  Valid  RIP  com-
	      mand values:

	      1	 (Request)
	      2	 (Reply)
	      3	 (Trace on - obsolete)
	      4	 (Trace off - obsolete)
	      5	 (Poll)
	      6	 (Poll entry)
	      7	 (Max)

	      NOTE:  Under  normal conditions, only commands 1 (Request) and 2
	      (Reply) are valid.

       -h RIP-next-hop address
	      Specify the RIP-next-hop-address within  the  RIP	 header.   The
	      next  hop address value is 0 for RIP version 1.  For RIP version
	      2 the next hop address specifies the  IP	address	 of  the  next
	      route  in the path to the destination host or network.  Also for
	      RIP version 2, if this value is 0, the next hop address  is  the
	      IP address of the router originating the RIP update.

       -i RIP-route-address
	      Specify the RIP-route-address within the RIP header.  This value
	      species the destination network, subnet or host of route in  the
	      form of an IP address.

       -k RIP-network-address-mask
	      Specify the RIP-network-address-mask within the RIP header.  The
	      network address mask value is 0 for RIP version 1.  For RIP ver-
	      sion  2  the  network address mask specifies the mask associated
	      with the route.

       -m RIP-metric
	      Specify the RIP-metric within the RIP header.  Valid  RIP-metric
	      values  range from 1 to 16.  A RIP-metric value of 16 (infinity)
	      is used to invalidate  a route.

       -P payload-file
	      This will case nemesis-rip to use the specified payload-file  as
	      the  payload  when  injecting RIP packets.  For packets injected
	      using the raw interface (where -d is not used), the maximum pay-
	      load  size  is 65393 bytes.  For packets injected using the link
	      layer interface (where -d IS used), the maximum payload size  is
	      1358  bytes.  Payloads can also be read from stdin by specifying
	      '-P -' instead of a payload file.

	      Windows systems are limited to a maximum payload	size  of  1358
	      bytes for RIP packets.

       -r RIP-routing-domain
	      Specify the RIP-routing-domain within the RIP header.  A routing
	      domain value of 0 is used for RIP version 1.  For RIP version  2
	      the  routing  domain field is used to identify a unique RIP pro-
	      cess on the host or router.

       -R RIP-route-tag
	      Specify the RIP-route-tag within the RIP header.	The RIP	 route
	      tag  value  is  used  to support exterior gatetway protocols.  A
	      route tag value of 0 is used for RIP version 1.  For RIP version
	      2	 the  route  tag field will contain the autonomous system (AS)
	      number for exterior gateway protocol (EGP)  and  border  gateway
	      protocol (BGP).  RIP version 2 preserves this value when a route
	      is re-advertised.

       -V RIP-version
	      Specify the RIP-version within the RIP header.

	      NOTE: Under normal conditions only versions 1 and 2 are valid.

       -v verbose-mode
	      Display the injected packet in human readable form.   Use	 twice
	      to  see  a  hexdump  of the injected packet with printable ASCII
	      characters on the right.	Use three times for a hexdump  without
	      decoded ASCII.

UDP OPTIONS
       -x source-port
	      Specify the source-port within the UDP header.

       -y destination-port
	      Specify the destination-port within the UDP header.

IP OPTIONS
       -D destination-IP-address
	      Specify  the  destination-IP-address within the IP header.  If a
	      destination IP address is not specified, one will	 automatically
	      be  selected depending on the RIP version.  By default, RIP ver-
	      sion 2 is used in which case the default destination IP  address
	      is  IP  address  is  automatically  generated and the last octet
	      (least significant bits) are set to 0xff; this is an attempt  to
	      emulate a network broadcast to a C class network.	 If a RIP ver-
	      sion other than 1 or 2 is specified, the destination IP  address
	      is entirely random.

       -F fragmentation-options (-F[D],[M],[R],[offset])
	      Specify the fragmentation options:

	      -FD (don't fragment)
	      -FM (more fragments)
	      -FR (reserved flag)
	      -F <offset>

	      within the IP header.  IP fragmentation options can be specified
	      individually or combined into a single argument to the  -F  com-
	      mand  line  switch  by  separating  the options with commas (eg.
	      '-FD,M') or spaces (eg. '-FM 223').  The IP fragmentation offset
	      is a 13-bit field with valid values from 0 to 8189.  Don't frag-
	      ment (DF), more fragments (MF) and the reserved  flag  (RESERVED
	      or RB) are 1-bit fields.

	      NOTE: Under normal conditions, the reserved flag is unset.

       -I IP-ID
	      Specify the IP-ID within the IP header.

       -O IP-options-file
	      This will cause nemesis-rip to use the specified IP-options-file
	      as the options when building the	IP  header  for	 the  injected
	      packet.	IP  options  can  be up to 40 bytes in length.	The IP
	      options file must be created manually  based  upon  the  desired
	      options.	 IP  options can also be read from stdin by specifying
	      '-O -' instead of an IP-options-file.

       -S source-IP-address
	      Specify the source-IP-address within the IP header.

       -t IP-TOS
	      Specify the  IP-type-of-service  (TOS)  within  the  IP  header.
	      Valid type of service values:

	      2	 (Minimize monetary cost)
	      4	 (Maximize reliability)
	      8	 (Maximize throughput)
	      24 (Minimize delay)

	      NOTE:  Under  normal conditions, only one type of service is set
	      within a packet.	To specify multiple types, specify the sum  of
	      the desired values as the type of service.

       -T IP-TTL
	      Specify the IP-time-to-live (TTL) within the IP header.

DATA LINK OPTIONS
       -d Ethernet-device
	      Specify the name (for UNIX-like systems) or the number (for Win-
	      dows systems) of the Ethernet-device to  use  (eg.  fxp0,	 eth0,
	      hme0, 1).

       -H source-MAC-address
	      Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).

       -M destination-MAC-address
	      Specify the defination-MAC-address (XX:XX:XX:XX:XX:XX).

       -Z list-network-interfaces
	      Lists  the  available  network  interfaces  by number for use in
	      link-layer injection.

	      NOTE: This feature is only relevant to Windows systems.

DIAGNOSTICS
       Nemesis-rip returns 0 on a successful exit, 1 if it exits on an	error.

BUGS
       Currently,  only	 one  RIP  entry  is  supported using the command line
       switches.  To add more entries to a RIP update packet, a binary payload
       file  must  be created by hand containing the additional (up to 24) RIP
       entries.

       Send concise and clearly written bug reports to jeff@snort.org

AUTHOR
       Jeff Nathan <jeff@snort.org>

       Originally developed by Mark Grimes <mark@stateful.net>

SEE ALSO
       nemesis-arp(1), nemesis-dns(1),	nemesis-ethernet(1),  nemesis-icmp(1),
       nemesis-igmp(1),	 nemesis-ip(1), nemesis-ospf(1), nemesis-tcp(1), neme-
       sis-udp(1)



				  18 May 2003			NEMESIS-RIP(1)
