Awesome

Packémon

Packet monster, or Packémon for short! (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ)

https://github.com/user-attachments/assets/69b317b8-7235-40c8-8586-2aff7d34cc0d

TUI tool for generating packets of arbitrary input and monitoring packets on any network interfaces (default: eth0). This tool is not available for Windows and macOS. I have confirmed that it works on Debian on WSL2.

I intend to develop it patiently🌴

[!WARNING] There may be many bugs. If you find a bug, I would be glad if you raise an issue or give me a pull request!

Feature

This TUI tool has two major functions: packet generation and packet monitoring.

This image shows packemon running in Generator / Monitor mode. DNS query packet generated by Generator on the left is shown in third line of the Monitor. DNS query response packet is shown as 4nd line, and a more detailed view of it is shown in the image below.

Packemon's Monitor allows user to select each packet by pressing Enter key. Then, select any line and press Enter key to see the details of the desired packet. Pressing Esc key in the packet detail screen will return you to the original packet list screen.

Packet Generator

[!WARNING] While using Generator mode, TCP RST packets automatically sent out by the kernel are dropped. When this mode is stopped, the original state is restored. Probably😅. Incidentally, dropping RST packets is done by running the eBPF program. The background note incorporating the eBPF is the POST of X around here.

Packet Monitor

Installation

<pre> Go $ go install github.com/ddddddO/packemon/cmd/packemon@latest deb $ export PACKEMON_VERSION=X.X.X $ curl -o packemon.deb -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.deb $ dpkg -i packemon.deb rpm $ export PACKEMON_VERSION=X.X.X $ yum install https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.rpm apk $ export PACKEMON_VERSION=X.X.X $ curl -o packemon.apk -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.apk $ apk add --allow-untrusted packemon.apk </pre>

Usage

Packet Generator
```
sudo packemon --send
```
Packet Monitor
```
sudo packemon
```

Another feature

The local node's browser can monitor packets from remote nodes or send arbitrary packets from remote nodes.

                                         +-------------------------------------+
+----------------------+                 | REMOTE NODE                         |
| LOCAL NODE (Browser) |                 | $ sudo packemon-api --interface xxx |
|  Monitor   <---------|-- WebSocket   --|--> HTTP GET  /ws  <-----+           |
|  Generator  ---------|-- POST packet --|--> HTTP POST /packet    |           |
+----------------------+                 |      -> parse packet    |           |                  +---------------+
                                         |           -> Network Interface -----|-- Send packet -->| TARGET NODE x |
                                         +-------------------------------------+                  |               |
                                                                                                  +---------------+

Remote node
Local node

[!WARNING] Please note that the following is dangerous.

The following procedure is an example of how you can expose packemon-api to the outside world and monitor and send remote node packets on your browser.

(REMOTE) Please install packemon-api and run.

$ go install github.com/ddddddO/packemon/cmd/packemon-api@latest
$ sudo packemon-api --interface wlan0

(REMOTE) Run ngrok and note the URL to be paid out.
```
$ ngrok http 8082
```
(LOCAL) Enter the dispensed URL into your browser and you will be able to monitor and send packets to remote node.

Related tools

Acknowledgment

rivo/tview
- Packemon is using this TUI library.
Golangで作るソフトウェアルータ
- The way Go handles syscalls, packet checksum logic, etc. was helpful. This is a book in Japanese.

Stargazers over time

Log (japanese)

Links

「Golangで作るソフトウェアルータ」
- その実装コード: https://github.com/sat0ken/go-curo
https://terassyi.net/posts/2020/03/29/ethernet.html
動作確認用コマンドの参考
- https://zenn.dev/takai404/articles/76d47e944d8e18
Scrapboxメモ書き
WSL2のDebianで動作した。
任意の Ethernet ヘッダ / IPv4 ヘッダ / ARP / ICMP を楽に作れてフレームを送信できる
以下はtmuxで3分割した画面に各種ヘッダのフォーム画面を表示している。そして ICMP echo request を送信し、 echo reply が返ってきていることを Wireshark で確認した様子
フレームを受信して詳細表示（ARPとIPv4）
<details><summary>少し前のUI（`5062561` のコミット）</summary>

</details>
TUIライブラリとして https://github.com/rivo/tview を使わせてもらってる🙇

動作確認

Raspberry Piで簡易http server

pi@raspberrypi:~ $ sudo go run main.go

パケットキャプチャ

$ sudo tcpdump -U -i eth0 -w - | /mnt/c/Program\ Files/Wireshark/Wireshark.exe -k -i -

受信画面
```
$ sudo go run cmd/packemon/main.go
```

送信画面

$ sudo go run cmd/packemon/main.go --send

単発フレーム送信コマンド（e.g. ARP request）

$ sudo go run cmd/packemon/main.go --debug --send --proto arp

手軽にブロードキャスト

$ arping -c 1 1.2.3.4
ARPING 1.2.3.4 from 172.23.242.78 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)

tcpでdns

$ nslookup -vc github.com

ipv6でping

どうするか

$ ip -6 route
$ ping -c 1 fe80::1

自前実装の tcp 3way handshake

$ sudo go run cmd/packemon/main.go --send --debug --proto tcp-3way-http

動作確認の様子

Ethernetフレームのみ作って送信（77c9149 でコミットしたファイルにて）
ARPリクエストを作って送信（390f266 でコミットしたファイルにて。中身はめちゃくちゃと思うけど）
ARPリクエストを受信してパース（b6a025a でコミット）

</details>