Provided by: icmpush_2.2-6.1build1_amd64 bug

NAME

       icmpush - ICMP packet builder

SYNOPSIS

       icmpush type [options] host

DESCRIPTION

       icmpush is a tool that builds ICMP packets fully customized from command line.

       It  supports  the  following  ICMP  error  types:  Redirect, Source Quench, Time Exceeded,
       Destination Unreach and Parameter Problem.

       And the following ICMP information types: Address  Mask  Request,  Timestamp,  Information
       Request, Echo Request, Router Solicitation and Router Advertisement.

       Is not of our concern to give a fully description of how ICMP protocol works, but the more
       knowledgement we have we can fully understand its management, use and posibilities of this
       tool.

       The quantity of arguments needed can appear excessive but his own author reminds that some
       imperative data must be given through a  command  line  for  a  fully  adjustment  to  the
       protocol format on a ICMP packet construction.

       A  long number of examples is given at the EXAMPLES section of this page that shows a real
       use of this program.

OPTIONS

       -h, --help
              Help.

       -V, --version
              Program version.

       -v, --verbose
              Informative mode.

       -vv, --more_verbose
              More informative. Useful when debugging.

       The ICMP type type can be any of the following below:

       -du, --dest_unreach
              Destination Unreach. IP packet couldn't be given.  This ICMP type is error.

       -sq, --src_quench
              Source Quench. IP packet is not given do a congestion on the net.  This  ICMP  type
              is error.

       -red, --redirect
              Redirect.  Request to forward IP packets through another router.  This ICMP type is
              error.

       -echo, --echo_request
              Echo Request. Request sent to a host to receive an echo reply.  This ICMP  type  is
              information.

       -rta, --router_advert address[/preference]
              Router  Advertisement. Router trasmits one or more routers with address address and
              preference preference.  If this is ommited, default preference 0  is  given.   This
              ICMP type is information.

       -rts, --router_solicit
              Router  Solicitation.  Host requeriment for a message of one or more routers.  Like
              the previous, is a part of the messages exchange Router  Discovery  and  this  ICMP
              type is information.

       -tx, --time_exc
              Time Exceeded. Time Exceeded for an IP packet.  This ICMP type is error.

       -param, --param_problem
              Parameter  Problem.  Erroneous value on a variable of IP header.  This ICMP type is
              error.

       -tstamp, --timestamp
              Timestamp. Host request to receive the time of another host.   This  ICMP  type  is
              information.

       -info, --info_req
              Information Request. Host request to receive an Info Reply from another host.  This
              ICMP type is information.

       -mask, --mask_req
              Address Mask Request. Used to find out a host network  mask.   This  ICMP  type  is
              information.

       The options can be any of the following:

       -sp, --spoof address
              IP address to be used as the source of the ICMP packet.

       -to, --timeout secs
              Timeout in seconds to read the answers. Only valid on ICMPs of information type but
              the Router Advertisement type (-rta).  Default is 5 seconds. If 0 is given  answers
              can not be read.

       -n, --no_resolve
              Don't use name resolution.

       -lt, --lifetime secs
              Lifetime   in   seconds   of  the  router  announcement.  Only  valid  with  Router
              Advertisement (-rta) type. 1800 seconds on default (30').

       -gw, --gateway address
              Route gateway address on an ICMP Redirect (-red).  On default  will  be  the  spoof
              address  (-sp),  if it has been specified, or the outgoing IP address if it has not
              been specified.

       -dest, --route_dest address
              Route destination address on an ICMP Redirect (-red). This  is  a  required  option
              when sending an ICMP Redirect.

       -orig, --orig_host address
              Original host within the IP header sent in the 64 bits data field of an ICMP error.
              On default will be the same as the IP of the host that sends the ICMP packet.

       -psrc, --port_src port
              Source port (tcp or udp) within the IP header sent in the 64 bits data field of  an
              ICMP error. 0 on default.

       -pdst, --port_dest port
              Destination  port  (tcp or udp) within the IP header sent in the 64 bits data field
              of an ICMP error. 0 on default.

       -prot, --protocol icmp|tcp|udp
              Protocol to be used within the IP header sent in the 64 bits data field of an  ICMP
              error. Must be one of the three listed above. Tcp on default.

       -id, --echo_id identificator
              Echo  identificator  within the IP header sent in the 64 bits data field of an ICMP
              error when the IP header protocol of the 64 bits data field (-prot) is icmp.  0  on
              default.

       -seq, --echo_seq sequence
              Echo sequence number within the IP header sent in the 64 bits data field of an ICMP
              error when the IP header protocol of the 64 bits data field (-prot) is icmp.  0  on
              default.

       -pat, --pattern pattern
              Data pattern to send on an Echo Request (-echo).

       -gbg, --garbage bytes|max
              Number  of garbage bytes that will be sent on any ICMP packet. With max the maximum
              possible will be sent.

       -ptr, --pointer byte
              Pointer to erroneus byte byte on an ICMP packet showing a parameter problem.  Valid
              only on Parameter Problem type (-param).

       -c, --code code|num|max
              ICMP  code  to send. Code code valid for Destination Unreach (-du), Redirect (-red)
              and Time Exceeded (-tx) types.

              Numerical code can be specified for the ICMP types that doesn't have (Echo Request,
              Information   Request,   Address   Mask   Request,   Router   Solicitation,  Router
              Advertisement, Source Quench, Parameter Problem and Timestamp).

              Using max an ICMP code bigger than the admited ones will be sent.

              Next ICMP CODES section enumerates the valid code types.

ICMP CODES

       Valid codes used with Destination Unreach, Redirect y Time Exceeded types are,

       - Used with Destination Unreach type (-du):

       net-unreach (Net Unreachable) The destination net is unreacheable.

       host-unreach (Host Unreachable) The destination host is unreacheable.

       prot-unreach (Protocol Unreachable) desired protocol is unreacheable to destination host.

       port-unreach (Port Unreachable) desired port is unreacheable to destination host.

       frag-needed (Fragmentation Needed and Don't Fragment was Set) Shows that IP packet had  to
       be  fragmented  because of its size but the sender did not allowed it because of DF (DON'T
       FRAGMENT) flag.

       sroute-fail (Source Route Failed) could'nt follow the route indicated on IP packet.

       net-unknown (Destination Network Unknown) Destination network is unknown.

       host-unknown (Destination Host Unknown) Destination host unknown but network is.

       host-isolated (Source Host Isolated) Can't reach destination host.

       net-ano (Communication with Destination Network  is  Administratively  Prohibited)  access
       network is denied through firewall or similar on receiver side.

       host-ano  (Communication with Destination Host is Administratively Prohibited) access host
       is denied through firewall or similar on receiver side.

       net-unr-tos (Destination Network Unreachable for Type of Service) indicates on destination
       network that the Type Of Service (TOS) applied for is not allowed.

       host-unr-tos  (Destination  Host  Unreachable  for Type of Service) shows that destination
       host is unreachable with applied TOS.

       com-admin-prohib (Communication Administratively Prohibited)  a  router  can't  forward  a
       packet because of administrative filter.

       host-precedence-viol (Host Precedence Violation) IP packet procedence is not allowed.

       precedence-cutoff  (Precedence  cutoff in effect) a smaller IP packet precedence has tried
       to be sent over the minimous impossed by network's manager.

       - To be used with Redirect type (-red):

       net (Redirect Datagram for the Network) shows that destination is a network.

       host (Redirect Datagram for the Host) shows that destination is a host.

       serv-net (Redirect Datagram for the Type Of Service and Network) destination is a type  of
       service and network.

       serv-host  (Redirect  Datagram  for the Type Of Service and Host) destination is a type of
       service and host.

       and

       - to be used with Time Exceeded type (-tx):

       ttl (Time to Live exceeded in Transit) time is over on an IP's header packet.

       frag (Fragment Reassembly Time Exceeded) could  not  put  IP's  packet  fragment  together
       again.

RETURN CODES

       icmpush  can  be  easily used within shell scripts.  Program returns the following data to
       the shell:

       Value  Meaning
       -----  -----------
       0      Finished program OK.
       1      Incorrect argument number.
       2      Unkown ICMP protocol.
       3      Cannot create RAW socket type.
       4      Erroneous ICMP packet.
       5      Erroneous gateway.
       6      Erroneous destination route.
       7      Erroneous ICMP packet code.
       8      Erroneous source host.
       9      Error sending packet.
       10     Protocol still not implemented.
       11     Erroneous IP address or spoof host incorrect.
       12     Could not save memory for the data_hdr union.
       13     Erroneous IP address or packet destination host.
       14     Unkown protocol.
       16     Error reading RAW socket.
       17     Error initializing signal handler SIGALARM.
       18     Echo Request packet data too big.
       19     Source port incorrect.
       20     Destination port incorrect.
       21     Incorrect timeout value.
       22     Incorrect Echo ID.
       23     Incorrect sequence number.
       24     Erroneous Echo data.
       25     IP_HDRINCL error.
       26     Erroneous router address in Router Advertisement.
       27     Incorrect garbage bytes number.
       28     Incorrect ICMP pointer Parameter Problem.

EXAMPLES

       - In response to a packet send with TCP source port 100 and destination  on  port  90,  we
       want  to  send  and  ICMP  Redirect  to  asshole.es  to  modify its routing table with the
       following data: 10.12.12.12 as a gateway to the host death.es masking the packet source as
       if it was sent from infect.comx host:

       icmpush  -red  -sp  infect.comx -gw 10.12.12.12 -dest death.es -c host -prot tcp -psrc 100
       -pdst 90 asshole.es

       - In response to an ICMP packet Echo Request sent  with  Echo  Request  id  100  and  Echo
       Request  sequence number 90, we want to send an ICMP Redirect to the host hemorroids.es to
       modify its routing table with the following data: the host pizza.death as a gateway to the
       host death.es, masking the packet source as if iit was sent from infect.comx host.

       icmpush  -red  -sp  infect.comx  -gw pizza.death -dest death.es -c host -prot icmp -id 100
       -seq 90 hemorroids.es

       - We want to send an ICMP packet Destination Unreach to the host 10.2.3.4 saying that  our
       TCP port number 20 connected with his TCP port 2100, is unreachable.  We mask ourselves as
       host 10.1.1.1:

       icmpush -du -sp 10.1.1.1 -c port-unreach -prot tcp -psrc 2100 -pdst 20 10.2.3.4

       - We want to send an ICMP packet Destination Unreach to host 10.2.3.4 saying that the host
       inferno.hell and its TCP port 69, connected with his port TCP 666 in unreacheable. We mask
       ourselves as gateway router.comx:

       icmpush  -du  -sp  router.comx  -c  host-unreach  -prot  tcp  -psrc  666  -pdst  69  -orig
       inferno.hell 10.2.3.4

       -  We  want to send a packet ICMP Source Quench to host ldg02.hell in response to a packet
       destinated to host ldg00 with UDP protocol, source port 100 and destination port  200.  We
       mask ourselves as gateway 10.10.10.1:

       icmpush -sq -sp 10.10.10.1 -prot udp -psrc 100 -pdst 200 -orig ldg00 ldg02.hell

       -  We want to send an ICMP packet Time Exceeded to host ldg02.hell in response to a packet
       destinated to host ldg00 with UDP protocol, source port 100 and destination port  200.  We
       mask as gateway ldg04.hell:

       icmpush -tx -sp ldg04.hell -c frag -prot udp -psrc 100 -pdst 200 -orig ldg00 ldg02.hell

       -  We  want  to  send  an  ICMP packet Address Mask Request and wait 10 seconds to see the
       replies. We mask the packet with source address of 10.2.3.4 and we send it to the  address
       10.0.1.255:

       icmpush -mask -sp 10.2.3.4 -to 10 10.0.1.255

       -  We want to send an ICMP packet Timestamp to host sepultura.hell.  We mask the packet as
       if it were send from host 10.2.3.1. We use the default timeout (5 seconds):

       icmpush -tstamp --spoof 10.2.3.1 sepultura.hell

       - We want to send an ICMP packet Information Request to  host  voucher.hell.   The  source
       address will be our own IP address, and the timeout will be 20 seconds:

       icmpush -info -to 20 voucher.hell

       - We want to send an ICMP packet Router Solicitation to host lazy.hell. The source address
       will be our own IP address and the timeout will be 20 seconds:

       icmpush -rts --timeout 20 lazy.hell

       - We want to send an ICMP packet Echo Request to host  lazy.hell  with  the  data  pattern
       'MyNameIsGump'.  The source address will be our own IP address and the timeout to read the
       data will be 2 seconds:

       icmpush -echo -data MyNameIsGump -to 2 lazy.hell

       - We want to send ICMP packet Echo Request to 10.12.0.255 with the following data pattern:
       and we do not want to read the answers:

       icmpush -echo -sp 192.168.0.255 -data 'D E A T H' -to 0 192.168.0.255

       - We want to send an ICMP packet Destination Unreach to host destination.death but sending
       it with an ICMP code bigger to the legal ones adding also 60K of garbage data:

       icmpush -du -c max -gbg 60000 destination.death

       - We want to send an ICMP Router Advertisement to host death.es, saying that  the  routers
       to use are: router1.xtc with preference 20, router2.xtc with preference 50 and router3.xtc
       with default preference (0). We mask ourselves as fatherouter.xtc

       icmpush -rta router1.xtc/20  -rta  router2.xtc/50  -rta  router3.xtc  -sp  fatherouter.xtc
       death.es

       - We send an ICMP Parameter Problem to host misery.es saying that the packet sent from the
       host hick.org with udp protocol, source port 13 and destination port 53, has an  error  on
       the IP header byte 13. We will also add all garbage bytes as possible:

       icmpush -sp hick.org -param -ptr 13 -prot udp -psrc 13 -pdest 53 -gbg max misery.es

       -  We  want to send an ICMP packet Timestamp to host www.hicks.org with code 38 instead of
       code (0) as usual:

       icmpush -tstamp -c 38 www.hicks.org

SEE ALSO

       Postel, John, "Internet  Control  Message  Protocol  -  DARPA  Internet  Program  Protocol
       Specification", RFC 792, USC/Information Sciences Institute, September 1981.

       Mogul,  Jeffrey  and  John  Postel,  "Internet  Standard  Subnetting  Procedure", RFC 950,
       Stanford, USC/Information Sciences Institute, August 1985.

       Braden, Robert, "Requeriments for  Internet  Hosts  -  Communication  Layers",  RFC  1122,
       USC/Information Sciences Institute, October 1989.

       Deering, Stephen, "ICMP Router Discovery Messages", RFC 1256, Xerox PARC, September 1991.

       Baker, Fred, "Requeriments for IP Version 4 Routers", RFC 1812, Cisco Systems, June 1995.

       The Linux source code, everything referent to network code and to ICMP protocol.

AUTHOR

       Slayer <tcpbgp@softhome.net>