Manual Page - nemesis-dns(1)

Manual Reference Pages - NEMESIS-DNS (1)

NAME

nemesis-dns - DNS Protocol (The Nemesis Project)

Synopsis
Description
Dns Options
TCP OPTIONS (enabled via -k)
Udp Options
Ip Options
Data Link Options
Diagnostics
Bugs

SYNOPSIS

nemesis-dns [-kvZ?] [-a ack-number ] [-A number-of-authoritative-DNS-resource-records ] [-b number-of-DNS-answers ] [-d Ethernet-device ] [-D destination-IP-address ] [-f TCP-flags ] [-F fragmentation-options ] [-g DNS-flags ] [-H source-MAC-address ] [-i DNS-ID ] [-I IP-ID ] [-M destination-MAC-address ] [-o TCP-options-file ] [-O IP-options-file ] [-P payload-file ] [-q number-of-DNS-questions ] [-r number-of-additional-DNS-resource-records ] [-s sequence-number ] [-S source-IP-address ] [-t IP-TOS ] [-T IP-TTL ] [-u urgent-pointer ] [-w window-size ] [-x TCP/UDP-source-port ] [-y TCP/UDP-destination-port ]

DESCRIPTION

The Nemesis Project is designed to be a command line-based, portable human IP stack for UNIX-like and Windows systems. The suite is broken down by protocol, and should allow for useful scripting of injected packets from simple shell scripts.
nemesis-dns provides an interface to craft and inject DNS packets allowing the user to specify any portion of a DNS packet as well as lower-level IP and TCP/UDP packet information.

DNS OPTIONS

-A number-of-authoritative-resource-records Specify the number-of-authoritative-resource-records within the DNS header.

-b Number-of-answer-resource-records Specify the number-of-answer-resource-records within the DNS header.

-g DNS-flags Specify the DNS-flags within the DNS header.

-i Specify the DNS-ID within the DNS header.

-k TCP-transport-mode Enables the use of TCP when injecting DNS packets.

-P payload-file This will cause nemesis-dns to use the specified payload-file as the payload when injecting DNS packets. For packets injected using the raw interface (where -d is not used), the maximum payload size is 65443 bytes for DNS packets injected using TCP and 65455 for DNS packets injected using UDP. For packets injected using the link layer interface (where -d IS used), the maximum payload size is 1368 bytes for TCP DNS packets and 1420 bytes for UDP DNS packets. Payloads can also be read from stdin by specifying ’-P -’ instead of a payload-file.
Windows systems are limited to a maximum payload size of 1368 bytes for TCP DNS packets and 1420 bytes for UDP DNS packets.
The payload file can consist of any arbitrary data though it will be most useful to create a payload resembling the structure of the DNS packet specified using the command-line options. In order to send real DNS packets, a payload containing the appropriate record data (as specified in the DNS header) must be created manually.

-q Number-of-questions Specify the number-of-questions within the DNS header.

-r Number-of-additional-resource-records Specify the number-of-additional-resource-records within the DNS header.

-v verbose-mode Display the injected packet in human readable form. Use twice to see a hexdump of the injected packet with printable ASCII characters on the right. Use three times for a hexdump without decoded ASCII.

TCP OPTIONS (enabled via -k)

-a Acknowledgement-Number Specify the acknowledgement-number (ACK number) within the TCP header.
-f TCP flags (-fS/-fA/-fR/-fP/-fF/-fU/-fE/-fC)
Specify the TCP flags:
-fS (SYN) 

-fA (ACK) 

-fR (RST) 

-fP (PSH) 

-fF (FIN) 

-fU (URG) 

-fE (ECE) 

-fC (CWR) 
within the TCP header. Flags can be combined in the form ’-fPA’.
-o TCP-options-file This will cause nemesis-dns to use the specified TCP-options-file as the options when building the TCP header for the injected packet. TCP options can be up to 40 bytes in length. The TCP options file must be created manually based upon the desired options. TCP options can also be read from stdin by specifying ’-o -’ instead of a TCP-options-file.

-s sequence-number Specify the sequence-number within the TCP header.

-u urgent-pointer-offset Specify the urgent-pointer-offset within the TCP header.

-w window-size Specify the window-size within the TCP header.

-x TCP-source-port Specify the TCP-source-port packet within the TCP header.

-y TCP-destination port Specify the TCP-destintion-port within the TCP header.

UDP OPTIONS

-x UDP-source-port Source Port of injected packet.

-y UDP-Destination-Port Target Port of injected packet.

IP OPTIONS

-D destination-IP-address Specify the destination-IP-address within the IP header.
-F fragmentation-options (-F[D],[M],[R],[offset])
Specify the fragmentation options:
-FD (don’t fragment) 

-FM (more fragments) 

-FR (reserved flag) 

-F <offset> 
within the IP header. IP fragmentation options can be specified individually or combined into a single argument to the -F command line switch by separating the options with commas (eg. ’-FD,M’) or spaces (eg. ’-FM 223’). The IP fragmentation offset is a 13-bit field with valid values from 0 to 8189. Don’t fragment (DF), more fragments (MF) and the reserved flag (RESERVED or RB) are 1-bit fields.
NOTE: Under normal conditions, the reserved flag is unset.
-I IP-ID Specify the IP-ID within the IP header.

-O IP-options-file This will cause nemesis-dns to use the specified IP-options-file as the options when building the IP header for the injected packet. IP options can be up to 40 bytes in length. The IP options file must be created manually based upon the desired options. IP options can also be read from stdin by specifying ’-O -’ instead of an IP-options-file.

-S source-IP-address Specify the source-IP-address within the IP header.
-t IP-TOS
Specify the IP-type-of-service (TOS) within the IP header. Valid type of service values:
2  (Minimize monetary cost)
4  (Maximize reliability)
8  (Maximize throughput)
24 (Minimize delay)
NOTE: Under normal conditions, only one type of service is set within a packet. To specify multiple types, specify the sum of the desired values as the type of service.
-T IP-TTL Specify the IP-time-to-live (TTL) within the IP header.

DATA LINK OPTIONS

-d Ethernet-device Specify the name (for UNIX-like systems) or the number (for Windows systems) of the Ethernet-device to use (eg. fxp0, eth0, hme0, 1).

-H source-MAC-address Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).

-M destination-MAC-address Specify the defination-MAC-address (XX:XX:XX:XX:XX:XX).

-Z list-network-interfaces Lists the available network interfaces by number for use in link-layer injection.
NOTE: This feature is only relevant to Windows systems.

DIAGNOSTICS

Nemesis-dns returns 0 on a successful exit, 1 if it exits on an error.

BUGS

An interface for users to create DNS packet payloads should be created.
Send concise and clearly written bug reports to jeff@snort.org

AUTHOR

Jeff Nathan <jeff@snort.org>
Originally developed by Mark Grimes <mark@stateful.net>

Manual Reference Pages - NEMESIS-DNS (1)

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

DNS OPTIONS

TCP OPTIONS (enabled via -k)

UDP OPTIONS

IP OPTIONS

DATA LINK OPTIONS

DIAGNOSTICS

BUGS

AUTHOR

SEE ALSO

-A number-of-authoritative-resource-records	Specify the number-of-authoritative-resource-records within the DNS header.
-b Number-of-answer-resource-records	Specify the number-of-answer-resource-records within the DNS header.
-g DNS-flags	Specify the DNS-flags within the DNS header.
-i	Specify the DNS-ID within the DNS header.
-k TCP-transport-mode	Enables the use of TCP when injecting DNS packets.
-P payload-file	This will cause nemesis-dns to use the specified payload-file as the payload when injecting DNS packets. For packets injected using the raw interface (where -d is not used), the maximum payload size is 65443 bytes for DNS packets injected using TCP and 65455 for DNS packets injected using UDP. For packets injected using the link layer interface (where -d IS used), the maximum payload size is 1368 bytes for TCP DNS packets and 1420 bytes for UDP DNS packets. Payloads can also be read from stdin by specifying ’-P -’ instead of a payload-file. Windows systems are limited to a maximum payload size of 1368 bytes for TCP DNS packets and 1420 bytes for UDP DNS packets. The payload file can consist of any arbitrary data though it will be most useful to create a payload resembling the structure of the DNS packet specified using the command-line options. In order to send real DNS packets, a payload containing the appropriate record data (as specified in the DNS header) must be created manually.
-q Number-of-questions	Specify the number-of-questions within the DNS header.
-r Number-of-additional-resource-records	Specify the number-of-additional-resource-records within the DNS header.
-v verbose-mode	Display the injected packet in human readable form. Use twice to see a hexdump of the injected packet with printable ASCII characters on the right. Use three times for a hexdump without decoded ASCII.

-a Acknowledgement-Number	Specify the acknowledgement-number (ACK number) within the TCP header.
-f TCP flags (-fS/-fA/-fR/-fP/-fF/-fU/-fE/-fC)	Specify the TCP flags: -fS (SYN) -fA (ACK) -fR (RST) -fP (PSH) -fF (FIN) -fU (URG) -fE (ECE) -fC (CWR) within the TCP header. Flags can be combined in the form ’-fPA’.
-o TCP-options-file	This will cause nemesis-dns to use the specified TCP-options-file as the options when building the TCP header for the injected packet. TCP options can be up to 40 bytes in length. The TCP options file must be created manually based upon the desired options. TCP options can also be read from stdin by specifying ’-o -’ instead of a TCP-options-file.
-s sequence-number	Specify the sequence-number within the TCP header.
-u urgent-pointer-offset	Specify the urgent-pointer-offset within the TCP header.
-w window-size	Specify the window-size within the TCP header.
-x TCP-source-port	Specify the TCP-source-port packet within the TCP header.
-y TCP-destination port	Specify the TCP-destintion-port within the TCP header.

-x UDP-source-port	Source Port of injected packet.
-y UDP-Destination-Port	Target Port of injected packet.

-D destination-IP-address	Specify the destination-IP-address within the IP header.
-F fragmentation-options (-F[D],[M],[R],[offset])	Specify the fragmentation options: -FD (don’t fragment) -FM (more fragments) -FR (reserved flag) -F <offset> within the IP header. IP fragmentation options can be specified individually or combined into a single argument to the -F command line switch by separating the options with commas (eg. ’-FD,M’) or spaces (eg. ’-FM 223’). The IP fragmentation offset is a 13-bit field with valid values from 0 to 8189. Don’t fragment (DF), more fragments (MF) and the reserved flag (RESERVED or RB) are 1-bit fields. NOTE: Under normal conditions, the reserved flag is unset.
-I IP-ID	Specify the IP-ID within the IP header.
-O IP-options-file	This will cause nemesis-dns to use the specified IP-options-file as the options when building the IP header for the injected packet. IP options can be up to 40 bytes in length. The IP options file must be created manually based upon the desired options. IP options can also be read from stdin by specifying ’-O -’ instead of an IP-options-file.
-S source-IP-address	Specify the source-IP-address within the IP header.
-t IP-TOS	Specify the IP-type-of-service (TOS) within the IP header. Valid type of service values: 2 (Minimize monetary cost) 4 (Maximize reliability) 8 (Maximize throughput) 24 (Minimize delay) NOTE: Under normal conditions, only one type of service is set within a packet. To specify multiple types, specify the sum of the desired values as the type of service.
-T IP-TTL	Specify the IP-time-to-live (TTL) within the IP header.

-d Ethernet-device	Specify the name (for UNIX-like systems) or the number (for Windows systems) of the Ethernet-device to use (eg. fxp0, eth0, hme0, 1).
-H source-MAC-address	Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).
-M destination-MAC-address	Specify the defination-MAC-address (XX:XX:XX:XX:XX:XX).
-Z list-network-interfaces	Lists the available network interfaces by number for use in link-layer injection. NOTE: This feature is only relevant to Windows systems.