MZ
MZ
MZ
html
Revision: 0.38.1
Date: 2010-02-10
Copyright: Copyright (c) 2007-2009 by Herbert Haas.
Contents
1 Note
2 What is Mausezahn?
3 Disclaimer and License
4 First steps
5 Defining packets
5.1 General packet options
5.2 Configuring protocol types
5.3 Configuring a greater interval
6 Load prepared configurations
7 What's next?
8 Dear users
1 Note
This User's Guide explains Mausezahn's interactive mode relying on
Mausezahn's Own Packet System (MOPS). Most new and all more
sophisticated features are implemented inside this subsystem. MOPS
provides an interactive command line interface (similar as the famous
Cisco CLI) and is multi-threaded, allowing you to create an arbitrary
number of transmission and scanning process(es).
The legacy mode aka direct mode* (which allows you to create frames and
packets right from the Linux command line) is still supported and is
described in this document.
1 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
2 What is Mausezahn?
Mausezahn is a fast traffic generator written in C which allows you to
send nearly every possible and impossible packet. Mausezahn can be used
for example
4 First steps
Using the interactive mode requires to start Mausezahn as server:
# mz -x
2 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
Now you can Telnet to that server using the default port number 25542,
but also an arbitrary port number can be specified:
# mz -x 99
Mausezahn accepts incoming Telnet connections on port 99.
mz: Problems opening config file. Will use defaults
Either from another terminal or from another host try to Telnet to the
Mausezahn server:
------------------------------------------
Mausezahn, version 0.38
Copyright (C) 2007-2009 by Herbert Haas.
------------------------------------------
Username: mz
Password: mz
mz-0.38> enable
Password: mops
mz-0.38#
user = herbert
password = TopSecret
enable = MauseZa#n42
Since you reached the Mausezahn prompt, lets try some first commands.
You can use the '?' character at any time for a contect-sensitive help.
3 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
mz-0.38# show ?
packet Show defined packets interfaces Show detailed
interface information mops Show MOPS details set List
general packet parameters arp Show the advanced
Mausezahn ARP table license Show license and warranty
details
Mausezahn maintains its own ARP table and observes anomalies. There is
an entry for every physical interface (however this host has only one):
mz-0.38# sh arp
Intf Index IP address MAC address last Ch UCast BCast Info
----------------------------------------------------------------------------------
eth0 [1] D 192.168.0.1 00:09:5b:9a:15:84 23:44:41 1 1 0 0000
The column Ch tells us that the announced MAC address has only changed
one time (= when it was learned). The columns Ucast and BCast tell us
how often this entry was announced via unicast or broadcast respectively.
2 interfaces found.
Default interface is eth0.
5 Defining packets
Let's check the current packet list:
4 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
mz-0.38# sh packet
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS, I/i=IP/delivery_off, U=U
mz-0.38(config)# packet
Allocated new packet PKT0002 at slot 2
mz-0.38(config-pkt-2)# ?
...
name Assign a unique name
description Assign a packet description text
bind Select the network interface
count Configure the packet count value
delay Configure the inter-packet delay
interval Configure a greater interval
type Specify packet type
mac Configure packet's MAC addresses
tag Configure tags
payload Configure a payload
port Configure packet's port numbers
end End packet configuration mode
ethernet Configure frame's Ethernet, 802.2, 802.3, or SNAP settings
ip Configure packet's IP settings
udp Configure packet's UDP header parameters
tcp Configure packet's TCP header parameters
Here are a lot of options but normally you only need a few of them. When
you configure lots of different packets you might assign a reasonable name
and description for them:
5 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
You can e. g. change the default settings for the source and destination
MAC/IP addresses using the mac and ip commands:
mz-0.38(config-pkt-2)# tag ?
dot1q Configure 802.1Q (and 802.1P) parameters
mpls Configure MPLS label stack
VLAN[:CoS] [VLAN[:CoS]] ... The leftmost tag is the outer tag in the frame
remove <tag-nr> | all Remove one or more tags (<tag-nr> starts with 1),
by default the first (=leftmost,outer) tag is remo
keyword 'all' can be used instead of tag numbers.
cfi | nocfi [<tag-nr>] Set or unset the CFI-bit in any tag (by default
assuming the first tag).
6 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
mz-0.38(config-pkt-2)# delay ?
delay <value> [hour | min | sec | msec | usec | nsec]
mz-0.38(config-pkt-2)#
7 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
mz-0.38(config-pkt-2)# type
Specify a packet type from the following list:
arp
bpdu
igmp
ip
lldp
tcp
udp
mz-0.38(config-pkt-2-tcp)#
....
seqnr Configure the TCP sequence number
acknr Configure the TCP acknowledgement number
hlen Configure the TCP header length
reserved Configure the TCP reserved field
flags Configure a combination of TCP flags at once
cwr Set or unset the TCP CWR flag
ece Set or unset the TCP ECE flag
urg Set or unset the TCP URG flag
ack set or unset the TCP ACK flag
psh set or unset the TCP PSH flag
rst set or unset the TCP RST flag
syn set or unset the TCP SYN flag
fin set or unset the TCP FIN flag
window Configure the TCP window size
checksum Configure the TCP checksum
urgent-pointer Configure the TCP urgend pointer
options Configure TCP options
end End TCP configuration mode
mz-0.38(config-pkt-2-tcp)# end
mz-0.38(config-pkt-2)# paylo ascii This is a dummy payload for my first packet
mz-0.38(config-pkt-2)# end
Now configure another packet, for example let's assume we want an LLDP
process:
8 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
mz-0.38(config)# packet
Allocated new packet PKT0003 at slot 3
mz-0.38(config-pkt-3)# ty lldp
mz-0.38(config-pkt-3-lldp)# exit
mz-0.38(config)# exit
In the above example we only use the default LLDP settings and don't
configure further LLDP options or TLVs.
Back in the top level of the CLI let's verify what we had done:
mz-0.38# sh pa
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS, I/i=IP/delivery_off, U=U
The column Layers indicates which major protocols have been combined.
For example the packet with packet-id 2 ("Test") utilizes Ethernet (E), IP
(I), and TCP (T). Additionally an 802.1Q tag (Q) has been inserted.
mz-0.38# sh pac
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS, I/i=IP/delivery_off, U=U
9 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
mz-0.38# sh pac 2
Packet [2] Test
Description: This is just a test
State: config, Count=1000, delay=1000 usec (0 s 1000000 nsec), interval= (undefine
Headers:
Ethernet: 00-30-05-76-2e-8d => ff-ff-ff-ff-ff-ff [0800 after 802.1Q tag]
Auto-delivery is ON (that is, the actual MAC is adapted upon transmission)
802.1Q: 0 tag(s); (VLAN:CoS)
IP: SA=192.168.0.4 (not random) (no range)
DA=255.255.255.255 (no range)
ToS=0x00 proto=17 TTL=255 ID=0 offset=0 flags: -|-|-
len=49664(correct) checksum=0x2e8d(correct)
TCP: 83 bytes segment size (including TCP header)
SP=0 (norange) (not random), DP=0 (norange) (not random)
SQNR=3405691582 (start 0, stop 4294967295, delta 0) -- ACKNR=0 (invalid)
Flags: ------------------------SYN----, reserved field is 00, urgent pointer
Announced window size= 100
Offset= 0 (times 32 bit; value is valid), checksum= ffff (valid)
(No TCP options attached) - 0 bytes defined
Payload size: 43 bytes
Frame size: 125 bytes
mz-0.38#
If you want to stop one or more packet processes, use the stop
command. The "emergency stop" is when you use stop all:
10 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
mz-0.38# sh pac
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS, I/i=IP/delivery_off, U=U
mz-0.38(config)# pac 2
Modify packet parameters for packet Test [2]
mz-0.38(config-pkt-2)# interv
Configure a greater packet interval in days, hours, minutes, or seconds
mz-0.38(config-pkt-2)# interv 1 h
mz-0.38(config-pkt-2)# count 10
11 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
when active:
mz-0.38# sh pa
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS, I/i=IP/delivery_off, U=U
mz-0.38# start sl 2
Activate [2]
mz-0.38# sh pa
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS, I/i=IP/delivery_off, U=U
Note that the flag 'I' indicates that an interval has been specified for packet
2. The process is not active at the moment (only packet 5 is active here)
but it will become active in a regular interval. You can verify the actual
interval when viewing the packet details via the show packet 2 command.
12 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
configure terminal
packet
name IGMP_TEST
desc This is only a demonstration how to load a file to mops
type igmp
Then we can add this packet configuration to our packet list using the load
command:
mz-0.38# sh pa
Packet layer flags: E=Ethernet, S=SNAP, Q=802.1Q, M=MPLS, I/i=IP/delivery_off, U=U
7 What's next?
The following features are planned, some of them are already experimental
and will be available soon:
and many others (the true list is much longer). Also a GUI is in preparation
(which will surely not replace the CLI).
8 Dear users
Mausezahn is still under heavy development and you may expect new
features very soon.
13 de 14 13-04-2011 05:35
Mausezahn User's Guide http://www.perihel.at/sec/mz/mops.html
Bugs
Important features you miss
How you used Mausezahn (I am really interested in
practical problems)
Interesting observations with Mausezahn at the network
14 de 14 13-04-2011 05:35