Awesome
Packémon
Packet monster, or Packémon
for short! (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) <br>
https://github.com/user-attachments/assets/69b317b8-7235-40c8-8586-2aff7d34cc0d
TUI tool for generating packets of arbitrary input and monitoring packets on any network interfaces (default: eth0
). This tool is not available for Windows and macOS. I have confirmed that it works on Debian on WSL2.<br>
I intend to develop it patiently🌴
[!WARNING] There may be many bugs. If you find a bug, I would be glad if you raise an issue or give me a pull request!
Feature
This TUI tool has two major functions: packet generation and packet monitoring.
This image shows packemon running in Generator / Monitor mode.</br> DNS query packet generated by Generator on the left is shown in third line of the Monitor. DNS query response packet is shown as 4nd line, and a more detailed view of it is shown in the image below.
Packemon's Monitor allows user to select each packet by pressing Enter
key. Then, select any line and press Enter
key to see the details of the desired packet. Pressing Esc
key in the packet detail screen will return you to the original packet list screen.
Packet Generator
[!WARNING] While using Generator mode, TCP RST packets automatically sent out by the kernel are dropped. When this mode is stopped, the original state is restored. Probably😅. Incidentally, dropping RST packets is done by running the eBPF program. The background note incorporating the eBPF is the POST of X around here.
-
Send generated packets to any network interfaces.
- You can specify network interface with
--interface
flag. Default iseth0
.
- You can specify network interface with
-
The following types of packets are covered.
- Ethernet
- ARP (WIP)
- IPv4 (WIP)
- ICMP (WIP)
- TCP (WIP)
- UDP (WIP)
- TLSv1.2 (WIP)
- Currently there is only debug mode
- TCP 3way handshake ~ TLS handshake ~ TLS Application data
- Currently there is only debug mode
- DNS (WIP)
- HTTP (WIP)
- HTTPS (WIP)
- Currently there is only debug mode
- TCP 3way handshake ~ TLS handshake ~ TLS Application data (HTTP GET request / response)
- Currently there is only debug mode
- xxxxx....
- Routing Protocols
- IGP (Interior Gateway Protocol)
- OSPF (Open Shortest Path First)
- EIGRP (Enhanced Interior Gateway Routing Protocol)
- RIP (Routing Information Protocol)
- EGP (Exterior Gateway Protocol)
- BGP (Border Gateway Protocol)
- Currently there is only debug mode
- TCP 3way handshake ~ Open ~ Keepalive ~ Update ~ Notification
- Currently there is only debug mode
- BGP (Border Gateway Protocol)
- IGP (Interior Gateway Protocol)
Packet Monitor
-
Monitor any network interfaces.
- You can specify network interface with
--interface
flag. Default iseth0
.
- You can specify network interface with
-
The following types of packets are covered.
- Ethernet
- ARP
- IPv4 (WIP)
- ICMP (WIP)
- TCP (WIP)
- UDP
- DNS (WIP)
- DNS query
- DNS query response
- xxxxx....
- HTTP (WIP)
- HTTP GET request
- HTTP GET response
- xxxxx....
- xxxxx....
- Routing Protocols
- IGP (Interior Gateway Protocol)
- OSPF (Open Shortest Path First)
- EIGRP (Enhanced Interior Gateway Routing Protocol)
- RIP (Routing Information Protocol)
- EGP (Exterior Gateway Protocol)
- BGP (Border Gateway Protocol)
- IGP (Interior Gateway Protocol)
Installation
<pre> <b>Go</b> $ go install github.com/ddddddO/packemon/cmd/packemon@latest <b>deb</b> $ export PACKEMON_VERSION=X.X.X $ curl -o packemon.deb -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.deb $ dpkg -i packemon.deb <b>rpm</b> $ export PACKEMON_VERSION=X.X.X $ yum install https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.rpm <b>apk</b> $ export PACKEMON_VERSION=X.X.X $ curl -o packemon.apk -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.apk $ apk add --allow-untrusted packemon.apk </pre>Usage
-
Packet Generator
sudo packemon --send
-
Packet Monitor
sudo packemon
Another feature
The local node's browser can monitor packets from remote nodes or send arbitrary packets from remote nodes.
+-------------------------------------+
+----------------------+ | REMOTE NODE |
| LOCAL NODE (Browser) | | $ sudo packemon-api --interface xxx |
| Monitor <---------|-- WebSocket --|--> HTTP GET /ws <-----+ |
| Generator ---------|-- POST packet --|--> HTTP POST /packet | |
+----------------------+ | -> parse packet | | +---------------+
| -> Network Interface -----|-- Send packet -->| TARGET NODE x |
+-------------------------------------+ | |
+---------------+
-
Remote node
-
Local node
[!WARNING] Please note that the following is dangerous.
The following procedure is an example of how you can expose packemon-api to the outside world and monitor and send remote node packets on your browser.
- (REMOTE) Please install
packemon-api
and run.$ go install github.com/ddddddO/packemon/cmd/packemon-api@latest $ sudo packemon-api --interface wlan0
- (REMOTE) Run
ngrok
and note the URL to be paid out.$ ngrok http 8082
- (LOCAL) Enter the dispensed URL into your browser and you will be able to monitor and send packets to remote node.
Related tools
- netcat
- Nmap
- Scapy
- google/gopacket
Acknowledgment
-
- Packemon is using this TUI library.
-
- The way Go handles syscalls, packet checksum logic, etc. was helpful. This is a book in Japanese.
Stargazers over time
Log (japanese)
<details><summary>xxx</summary>Links
-
「Golangで作るソフトウェアルータ」
- その実装コード: https://github.com/sat0ken/go-curo
-
動作確認用コマンドの参考
-
WSL2のDebianで動作した。
-
任意の Ethernet ヘッダ / IPv4 ヘッダ / ARP / ICMP を楽に作れてフレームを送信できる
-
以下はtmuxで3分割した画面に各種ヘッダのフォーム画面を表示している。そして ICMP echo request を送信し、 echo reply が返ってきていることを Wireshark で確認した様子
-
フレームを受信して詳細表示(ARPとIPv4)
<details><summary>少し前のUI(`5062561` のコミット)</summary> -
TUIライブラリとして https://github.com/rivo/tview を使わせてもらってる🙇
動作確認
Raspberry Piで簡易http server
pi@raspberrypi:~ $ sudo go run main.go
パケットキャプチャ
$ sudo tcpdump -U -i eth0 -w - | /mnt/c/Program\ Files/Wireshark/Wireshark.exe -k -i -
-
受信画面
$ sudo go run cmd/packemon/main.go
-
送信画面
$ sudo go run cmd/packemon/main.go --send
-
単発フレーム送信コマンド(e.g. ARP request)
$ sudo go run cmd/packemon/main.go --debug --send --proto arp
手軽にブロードキャスト
$ arping -c 1 1.2.3.4
ARPING 1.2.3.4 from 172.23.242.78 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)
tcpでdns
$ nslookup -vc github.com
ipv6でping
どうするか
$ ip -6 route
$ ping -c 1 fe80::1
自前実装の tcp 3way handshake
$ sudo go run cmd/packemon/main.go --send --debug --proto tcp-3way-http
動作確認の様子
<details><summary>xxx</summary>-
Ethernetフレームのみ作って送信(
77c9149
でコミットしたファイルにて) -
ARPリクエストを作って送信(
390f266
でコミットしたファイルにて。中身はめちゃくちゃと思うけど) -
ARPリクエストを受信してパース(
b6a025a
でコミット)