Provided by: ptunnel-ng_1.42-1_amd64 bug


       ptunnel-ng - tunnel TCP connections over ICMP echo request/reply packets.


       ptunnel-ng -p <address> -l <port> -r<address> -R<port> [-m <magic>] [-c <connections>] [-v
       <level>] [-L <interface>] [-o<file>] [-s] [-P <password>] [--udp] [--unprivileged]
       [-d<pidfile>] [-S] [-u<user>] [-g<group>] [-C<directory>] [-e<context>] [-h]


       PingTunnel-NG is a fork from the famous PingTunnel with the aim of an improved and
       refactored code base and some additional features.

       ptunnel is an application that allows you to reliably tunnel TCP connections to a remote
       host using ICMP echo request and reply packets, commonly known as ping requests and
       replies. At first glance, this might seem like a rather useless thing to do, but it can
       actually come in handy in some cases. The following example illustrates the main
       motivation in creating ptunnel:

       Setting: You're on the go, and stumble across an open wireless network. The network gives
       you an IP address, but won't let you send TCP or UDP packets out to the rest of the
       internet, for instance to check your mail. What to do? By chance, you discover that the
       network will allow you to ping any computer on the rest of the internet. With ptunnel, you
       can utilize this feature to check your mail, or do other things that require TCP.


       Client options only:

              Specify the host on which the proxy is running.

              Specifies the port on which the client will listen for incoming TCP connections.

              Enables continuous output of statistics (packet loss, etc.)

       Server and Client options:

              Sets a different magic value which can be used to bypass Cisco's IPS. It may also
              work for other IDS/IPS/Firewalls.
              Remember: This value has to be the same on the server and client!

              Specifies the address to which you want your packets tunneled after reaching the
              proxy when in client mode, or restricts the destination packets can be forwarded to
              when in server mode.

              Specifies/restrict the port that the proxy should tunnel the TCP connection to.

              Set the maximum of concurrent tunnels.

              Controls the verbosity level. -1 is no output, 0 shows errors only, 1 shows info
              messages, 2 gives more output, 3 provides even more output, level 4 displays debug
              info and level 5 displays absolutely everything, including the nasty details of
              sends and receives.

              Specify the network interface to capture packets from. Note that packet capturing
              isn't always necessary, but you should try this if you experience problems with

              Specify a file to log to, rather than printing to standard out.

              Set a password (must be same on client and proxy) which will be used for the
              challenge response authentication. The program will try to hide the password from
              `/proc/PID/cmdline` but it may not work for ld wrapper or debugging/profiling tools
              like valgrind.

              Enables tunneling over UDP port 53 (DNS) instead of using ICMP. This will only work
              if your proxy can accept incoming traffic on port 53, and the client is able to
              send data to the proxy on port 53. Note that this option does not wrap ptunnel's
              data in DNS-compliant packets. This option must be given on both the proxy and
              client side for things to work correctly.

              Run proxy in unprivileged mode. This causes the proxy to forward packets using
              standard echo requests, instead of crafting custom echo replies. Unprivileged mode
              will only work on some systems, and is in general less reliable than running in
              privileged mode.

              (Not available on Windows.)
              Run in background, writing PID to a pidfile.

              (Not available on Windows.)
              Changes logging to use the built-in syslog fascility.

              (Not available on Windows.)
              When started in privileged mode (as root), drop down to user's rights as soon as

              (Not available on Windows.)
              When started in privileged mode (as root), drop down to group's rights as soon as
              possible. If you set --user it is not required to set this option too. The program
              will use the group associated with that user.

              (Not available on Windows.)
              When started in privileged mode (as root), restrict file access to the specified

              (Only available on Linux.)
              Set SELinux context when all there is left to do are network I/O operations. In
              order to be able to combine with --chroot you will have to `mount --bind /proc

              Displays brief usage information.


       The following assumes that ptunnel is run as root, both on the proxy and client. To tunnel
       ssh connections from the client machine via a proxy running on to the
       computer, the following command line would be used:
       ptunnel -p -lp 8000 -da -dp 22
       An ssh connection to can now be established as follows:
       ssh -p 8000 localhost
       If ssh complains about potential man-in-the-middle attacks, simply remove the offending
       key from the known_hosts file. The warning/error is expected if you have previously ssh'd
       to your local computer (i.e., ssh localhost), or you have used ptunnel to forward ssh
       connections to different hosts.

       Of course, for all of this to work, you need to start the proxy on your proxy-computer
       ( Doing this is very simple:


       If you find that the proxy isn't working, you will need to enable packet capturing on the
       main network device. Currently this device is assumed to be an ethernet-device (i.e.,
       ethernet or wireless). Packet capturing is enabled by giving the -c switch, and supplying
       the device name to capture packets on (for instance eth0 or en1). The same goes for the
       client. On Mac OS X, packet capturing must always be enabled (both for proxy and client),
       as resent packets won't be received otherwise.

       To protect yourself from others using your proxy, you can protect access to it with a
       password using the <tt>-x</tt> switch. The password is never sent in the clear, but keep
       in mind that it may be visible from tools like top or ps, which can display the command
       line used to start an application.


       ptunnel-ng does only exit if an invalid command line option is found or a fatal error
       during the initialisation process occurred. If this happens the exit value should always
       be non zero.  The program does not exit until forced to do so by an external SIGNAL or if
       it crashes.


       ptunnel-ng currently does not handle packet capturing on network interfaces other than
       ethernet or wireless correctly.


       PingTunnel-NG: Toni Uhlig (

       PingTunnel: Daniel Stoedle (

       Windows port: Mike Miller (

       SELinux support: Sebastien Raveau (

       Patches: Joe McKenzie, Steffen Wendzel and StalkR.


       ptunnel-ng is licensed under the BSD License.


       The ptunnel-ng homepage is currently located here:
       The ptunnel homepage is currently located here:
       The freshmeat project page is located here:
       Please take the time to rate ptunnel or ptunnel-ng if you find it useful. Thanks!