NEMESIS-TCP(1)							NEMESIS-TCP(1)



NAME
       nemesis-tcp - TCP Protocol (The Nemesis Project)

SYNOPSIS
       nemesis-tcp  [-vZ?] [-a ack-number ] [-d Ethernet-device ] [-D destina-
       tion-IP-address ] [-f TCP-flags ] [-F fragmentation-options ] [-I IP-ID
       ]  [-M destination-MAC-address ] [-o TCP-options-file ] [-O IP-options-
       file ] [-P payload-file ] [-s sequence-number ] [-S source-IP-address ]
       [-t  IP-TOS  ]  [-T IP-TTL ] [-u urgent-pointer ] [-w window-size ] [-x
       source-port ] [-y destination-port ]

DESCRIPTION
       The Nemesis Project is designed to be a	command	 line-based,  portable
       human  IP stack for UNIX-like and Windows systems.  The suite is broken
       down by protocol, and should allow for  useful  scripting  of  injected
       packets from simple shell scripts.

       nemesis-tcp  provides  an  interface  to	 craft	and inject TCP packets
       allowing the user to specify any portion of a TCP  packet  as  well  as
       lower-level IP packet information.

TCP Options
       -a Acknowledgement-Number
	      Specify  the  acknowledgement-number (ACK number) within the TCP
	      header.

       -f TCP flags (-fS/-fA/-fR/-fP/-fF/-fU/-fE/-fC/-f-)
	      Specify the TCP flags:

	      -fS (SYN)
	      -fA (ACK)
	      -fR (RST)
	      -fP (PSH)
	      -fF (FIN)
	      -fU (URG)
	      -fE (ECE)
	      -fC (CWR)
	      -f- NONE

	      within the TCP header.   Flags  can  be  combined	 in  the  form
	      '-fPA'.	If  flags are specified in the form '-f-' then the TCP
	      header will be built without flags.

       -o TCP-options-file
	      This will cause nemesis-dns to use  the  specified  TCP-options-
	      file  as	the  options  when  building  the  TCP	header for the
	      injected packet.	TCP options can be up to 40 bytes  in  length.
	      The  TCP	options	 file  must be created manually based upon the
	      desired options.	TCP options can also be	 read  from  stdin  by
	      specifying '-o -' instead of a TCP-options-file.

       -P payload-file
	      This  will case nemesis-tcp to use the specified payload-file as
	      the payload when injecting TCP packets.	For  packets  injected
	      using the raw interface (where -d is not used), the maximum pay-
	      load size is 65415 bytes.	 For packets injected using  the  link
	      layer  interface (where -d IS used), the maximum payload size is
	      1380 bytes.  Payloads can also be read from stdin by  specifying
	      '-P -' instead of a payload file.

	      Windows  systems	are  limited to a maximum payload size of 1380
	      bytes for TCP packets.

       -s sequence-number
	      Specify the sequence-number within the TCP header.

       -u urgent-pointer-offset
	      Specify the urgent-pointer-offset within the TCP header.

       -v verbose-mode
	      Display the injected packet in human readable form.   Use	 twice
	      to  see  a  hexdump  of the injected packet with printable ASCII
	      characters on the right.	Use three times for a hexdump  without
	      decided ASCII.

       -w window-size
	      Specify the window-size within the TCP header.

       -x source-port
	      Specify the source-port packet within the TCP header.

       -y destination port
	      Specify the destintion-port within the TCP header.

IP OPTIONS
       -D destination-IP-address
	      Specify the destination-IP-address within the IP header.

       -F fragmentation-options (-F[D],[M],[R],[offset])
	      Specify the fragmentation options:

	      -FD (don't fragment)
	      -FM (more fragments)
	      -FR (reserved flag)
	      -F <offset>

	      within the IP header.  IP fragmentation options can be specified
	      individually or combined into a single argument to the  -F  com-
	      mand  line  switch  by  separating  the options with commas (eg.
	      '-FD,M') or spaces (eg. '-FM 223').  The IP fragmentation offset
	      is a 13-bit field with valid values from 0 to 8189.  Don't frag-
	      ment (DF), more fragments (MF) and the reserved  flag  (RESERVED
	      or RB) are 1-bit fields.

	      NOTE: Under normal conditions, the reserved flag is unset.

       -I IP-ID
	      Specify the IP-ID within the IP header.

       -O IP-options-file
	      This will cause nemesis-tcp to use the specified IP-options-file
	      as the options when building the	IP  header  for	 the  injected
	      packet.	IP  options  can  be up to 40 bytes in length.	The IP
	      options file must be created manually  based  upon  the  desired
	      options.	 IP  options can also be read from stdin by specifying
	      '-O -' instead of an IP-options-file.

       -S source-IP-address
	      Specify the source-IP-address within the IP header.

       -t IP-TOS
	      Specify the  IP-type-of-service  (TOS)  within  the  IP  header.
	      Valid type of service values:

	      2	 (Minimize monetary cost)
	      4	 (Maximize reliability)
	      8	 (Maximize throughput)
	      24 (Minimize delay)

	      NOTE:  Under  normal conditions, only one type of service is set
	      within a packet.	To specify multiple types, specify the sum  of
	      the desired values as the type of service.

       -T IP-TTL
	      Specify the IP-time-to-live (TTL) within the IP header.

DATA LINK OPTIONS
       -d Ethernet-device
	      Specify the name (for UNIX-like systems) or the number (for Win-
	      dows systems) of the Ethernet-device to  use  (eg.  fxp0,	 eth0,
	      hem0, 1).

       -H source-MAC-address
	      Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).

       -M destination-MAC-address
	      Specify the defination-MAC-address (XX:XX:XX:XX:XX:XX).

       -Z list-network-interfaces
	      Lists  the  available  network  interfaces  by number for use in
	      link-layer injection.

	      NOTE: This feature is only relevant to Windows systems.

DIAGNOSTICS
       Nemesis-tcp returns 0 on a successful exit, 1 if it exits on an	error.

BUGS
       Send concise and clearly written bug reports to jeff@snort.org

AUTHOR
       Jeff Nathan <jeff@snorg.org>

       Originally developed by Mark Grimes <mark@stateful.net>

SEE ALSO
       nemesis-arp(1),	nemesis-dns(1),	 nemesis-ethernet(1), nemesis-icmp(1),
       nemesis-igmp(1), nemesis-ip(1), nemesis-ospf(1), nemesis-rip(1),	 neme-
       sis-udp(1)



				  16 May 2003			NEMESIS-TCP(1)
