Packet monster, or Packémon
for short! (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ)
packemon_dns.mp4
TUI tool for generating packets of arbitrary input and monitoring packets on any network interfaces (default: eth0
). This tool is not available for Windows and macOS. I have confirmed that it works on Linux (Debian and Ubuntu on WSL2) .
I intend to develop it patiently🌴
Warning
This tool is implemented with protocol stacks from scratch and utilizes raw socket.
There may be many bugs. If you find a bug, I would be glad if you raise an issue or give me a pull request!
This TUI tool has two major functions: packet generation and packet monitoring.
This image shows packemon running in Generator / Monitor mode.
DNS query packet generated by Generator on the left is shown in third line of the Monitor. DNS query response packet is shown as 4nd line, and a more detailed view of it is shown in the image below.
See here for detailed instructions.
Packemon's Monitor allows user to select each packet by pressing Enter
key. Then, select any line and press Enter
key to see the details of the desired packet. Pressing Esc
key in the packet detail screen will return you to the original packet list screen.
Warning
While using Generator mode, TCP RST packets automatically sent out by the kernel are dropped. When this mode is stopped, the original state is restored. Probably😅. Incidentally, dropping RST packets is done by running the eBPF program. The background note incorporating the eBPF is the POST of X around here.
-
Send generated packets to any network interfaces.
- You can specify network interface with
--interface
flag. Default iseth0
.
- You can specify network interface with
-
The following types of packets are covered.
- Ethernet
- ARP (WIP)
- IPv4 (WIP)
- ICMP (WIP)
- TCP (WIP)
- UDP (WIP)
- TLSv1.2 (WIP)
- Currently there is only debug mode
- TCP 3way handshake ~ TLS handshake ~ TLS Application data
- Currently there is only debug mode
- DNS (WIP)
- HTTP (WIP)
- HTTPS (WIP)
- Currently there is only debug mode
- TCP 3way handshake ~ TLS handshake ~ TLS Application data (HTTP GET request / response)
- Currently there is only debug mode
- xxxxx....
- Routing Protocols
- IGP (Interior Gateway Protocol)
- OSPF (Open Shortest Path First)
- EIGRP (Enhanced Interior Gateway Routing Protocol)
- RIP (Routing Information Protocol)
- EGP (Exterior Gateway Protocol)
- BGP (Border Gateway Protocol)
- Currently there is only debug mode
- TCP 3way handshake ~ Open ~ Keepalive ~ Update ~ Notification
- Currently there is only debug mode
- BGP (Border Gateway Protocol)
- IGP (Interior Gateway Protocol)
-
Monitor any network interfaces.
- You can specify network interface with
--interface
flag. Default iseth0
.
- You can specify network interface with
-
The following types of packets are covered.
- Ethernet
- ARP
- IPv4 (WIP)
- ICMP (WIP)
- TCP (WIP)
- UDP
- DNS (WIP)
- DNS query
- DNS query response
- xxxxx....
- HTTP (WIP)
- HTTP GET request
- HTTP GET response
- xxxxx....
- xxxxx....
- Routing Protocols
- IGP (Interior Gateway Protocol)
- OSPF (Open Shortest Path First)
- EIGRP (Enhanced Interior Gateway Routing Protocol)
- RIP (Routing Information Protocol)
- EGP (Exterior Gateway Protocol)
- BGP (Border Gateway Protocol)
- IGP (Interior Gateway Protocol)
Go $ go install github.com/ddddddO/packemon/cmd/packemon@latest deb $ export PACKEMON_VERSION=X.X.X $ curl -o packemon.deb -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.deb $ dpkg -i packemon.deb rpm $ export PACKEMON_VERSION=X.X.X $ yum install https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.rpm apk $ export PACKEMON_VERSION=X.X.X $ curl -o packemon.apk -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.apk $ apk add --allow-untrusted packemon.apk
-
Packet Generator
sudo packemon --send
-
Packet Monitor
sudo packemon
-
setup
# Generator $ sudo packemon --send
# Monitor $ sudo packemon
← Generator | Monitor →
-
Generator
-
Protocols
>Ethernet
>Ether Type
> IPv4 -
Protocols
>IPv4
>Protocol
> UDP -
Protocols
>IPv4
>Destination IP Addr
> 1.1.1.1- Enter the address of DNS resolver here. Above is the address of Cloudflare resolver.
-
Protocols
>UDP
>Destination Port
> 53 -
Protocols
>UDP
>Automatically calculate length ?
> (Check!) -
Protocols
>DNS
>Queries Domain
> go.dev- Enter here the domain for which you want to name resolution.
-
Protocols
>DNS
> Click on Send!- At this time, DNS query is sent with the contents set so far.
-
-
Monitor
The local node's browser can monitor packets from remote nodes or send arbitrary packets from remote nodes.
+-------------------------------------+
+----------------------+ | REMOTE NODE |
| LOCAL NODE (Browser) | | $ sudo packemon-api --interface xxx |
| Monitor <---------|-- WebSocket --|--> HTTP GET /ws <-----+ |
| Generator ---------|-- POST packet --|--> HTTP POST /packet | |
+----------------------+ | -> parse packet | | +---------------+
| -> Network Interface -----|-- Send packet -->| TARGET NODE x |
+-------------------------------------+ | |
+---------------+
Warning
Please note that the following is dangerous.
The following procedure is an example of how you can expose packemon-api to the outside world and monitor and send remote node packets on your browser.
- (REMOTE) Please install
packemon-api
and run.$ go install github.com/ddddddO/packemon/cmd/packemon-api@latest $ sudo packemon-api --interface wlan0
- (REMOTE) Run
ngrok
and note the URL to be paid out.$ ngrok http 8082
- (LOCAL) Enter the dispensed URL into your browser and you will be able to monitor and send packets to remote node.
- netcat
- Nmap
- Scapy
- google/gopacket
-
- Packemon is using this TUI library.
-
- The way Go handles syscalls, packet checksum logic, etc. was helpful. This is a book in Japanese.
xxx
-
「Golangで作るソフトウェアルータ」
- その実装コード: https://github.com/sat0ken/go-curo
-
動作確認用コマンドの参考
-
WSL2のDebianで動作した。
-
任意の Ethernet ヘッダ / IPv4 ヘッダ / ARP / ICMP を楽に作れてフレームを送信できる
-
以下はtmuxで3分割した画面に各種ヘッダのフォーム画面を表示している。そして ICMP echo request を送信し、 echo reply が返ってきていることを Wireshark で確認した様子
-
TUIライブラリとして https://github.com/rivo/tview を使わせてもらってる🙇
pi@raspberrypi:~ $ sudo go run main.go
$ sudo tcpdump -U -i eth0 -w - | /mnt/c/Program\ Files/Wireshark/Wireshark.exe -k -i -
-
受信画面
$ sudo go run cmd/packemon/main.go
-
送信画面
$ sudo go run cmd/packemon/main.go --send
-
単発フレーム送信コマンド(e.g. ARP request)
$ sudo go run cmd/packemon/main.go --debug --send --proto arp
$ arping -c 1 1.2.3.4
ARPING 1.2.3.4 from 172.23.242.78 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)
$ nslookup -vc github.com
どうするか
$ ip -6 route
$ ping -c 1 fe80::1
$ sudo go run cmd/packemon/main.go --send --debug --proto tcp-3way-http