Home

Awesome

Packémon

Packet monster, or Packémon for short! (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) <br>

<!-- ![](./assets/packemon.gif) -->

https://github.com/user-attachments/assets/69b317b8-7235-40c8-8586-2aff7d34cc0d

TUI tool for generating packets of arbitrary input and monitoring packets on any network interfaces (default: eth0). This tool is not available for Windows and macOS. I have confirmed that it works on Debian on WSL2.<br>

I intend to develop it patiently🌴

[!WARNING] There may be many bugs. If you find a bug, I would be glad if you raise an issue or give me a pull request!

Feature

This TUI tool has two major functions: packet generation and packet monitoring.

This image shows packemon running in Generator / Monitor mode.</br> DNS query packet generated by Generator on the left is shown in third line of the Monitor. DNS query response packet is shown as 4nd line, and a more detailed view of it is shown in the image below.

Packemon's Monitor allows user to select each packet by pressing Enter key. Then, select any line and press Enter key to see the details of the desired packet. Pressing Esc key in the packet detail screen will return you to the original packet list screen.

Packet Generator

[!WARNING] While using Generator mode, TCP RST packets automatically sent out by the kernel are dropped. When this mode is stopped, the original state is restored. Probably😅. Incidentally, dropping RST packets is done by running the eBPF program. The background note incorporating the eBPF is the POST of X around here.

Packet Monitor

Installation

<pre> <b>Go</b> $ go install github.com/ddddddO/packemon/cmd/packemon@latest <b>deb</b> $ export PACKEMON_VERSION=X.X.X $ curl -o packemon.deb -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.deb $ dpkg -i packemon.deb <b>rpm</b> $ export PACKEMON_VERSION=X.X.X $ yum install https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.rpm <b>apk</b> $ export PACKEMON_VERSION=X.X.X $ curl -o packemon.apk -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.apk $ apk add --allow-untrusted packemon.apk </pre>

Usage

Another feature

The local node's browser can monitor packets from remote nodes or send arbitrary packets from remote nodes.

                                         +-------------------------------------+
+----------------------+                 | REMOTE NODE                         |
| LOCAL NODE (Browser) |                 | $ sudo packemon-api --interface xxx |
|  Monitor   <---------|-- WebSocket   --|--> HTTP GET  /ws  <-----+           |
|  Generator  ---------|-- POST packet --|--> HTTP POST /packet    |           |
+----------------------+                 |      -> parse packet    |           |                  +---------------+
                                         |           -> Network Interface -----|-- Send packet -->| TARGET NODE x |
                                         +-------------------------------------+                  |               |
                                                                                                  +---------------+

[!WARNING] Please note that the following is dangerous.

The following procedure is an example of how you can expose packemon-api to the outside world and monitor and send remote node packets on your browser.

  1. (REMOTE) Please install packemon-api and run.
    $ go install github.com/ddddddO/packemon/cmd/packemon-api@latest
    $ sudo packemon-api --interface wlan0
    
  2. (REMOTE) Run ngrok and note the URL to be paid out.
    $ ngrok http 8082
    
  3. (LOCAL) Enter the dispensed URL into your browser and you will be able to monitor and send packets to remote node.

Related tools

Acknowledgment

Stargazers over time

Stargazers over time

Log (japanese)

<details><summary>xxx</summary>

Links

動作確認

Raspberry Piで簡易http server

pi@raspberrypi:~ $ sudo go run main.go

パケットキャプチャ

$ sudo tcpdump -U -i eth0 -w - | /mnt/c/Program\ Files/Wireshark/Wireshark.exe -k -i -

手軽にブロードキャスト

$ arping -c 1 1.2.3.4
ARPING 1.2.3.4 from 172.23.242.78 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)

tcpでdns

$ nslookup -vc github.com

ipv6でping

どうするか

$ ip -6 route
$ ping -c 1 fe80::1

自前実装の tcp 3way handshake

$ sudo go run cmd/packemon/main.go --send --debug --proto tcp-3way-http

動作確認の様子

<details><summary>xxx</summary> </details>