NAME
    APSEND - send arbitrary network packets to hosts

SYNOPSIS
    apsend -x / -destination <dest ip> [options] / <attacks>

DESCRIPTION
    APSEND is a packet sender with which you can build and send
    arbitrary network packets. It supports the following protocols:
    TCP/UDP/IP/ICMP and ethernet frames, but you can (theoretically)
    build every possible packet (based on IP) using the --generic
    option. APSEND is based on the excellent Net::RawIP module from
    Sergey Kolychev <ksv@al.lg.ua>.

OPTIONS
    APSEND has got alot of options to build network packets. It may
    be invoked with the following command-line options:

    -d <destination IP>

    --dest=IP

    --destination=IP This sets the destination IP address to
    <destination IP>. You can use numeric IP addresses like
    192.168.1.1 or hostnames like www.foobar.de. You need this
    option almost every time you use apsend. You won't need it if
    you just want to see the help (using the -?, -h or --help
    option), the ICMP types/code (using the --show option) or the
    available network devices (using the -x option).

    -s <source IP>

    --source=IP This option specifies the source IP address
    (numerical or host name). If use use 0 as your source IP, then
    APSEND will use a random IP address for each packet it sends
    (default source IP="127.0.0.1").

    -v <IP version>

    --version=IP version This option specifies the IP version
    (default=4).

    -o <type of service>

    --tos=type of service Use this option to specify the type of
    service (ToS) in the IP header (default=0).

    --tot=total length This option specifies the total length of the
    IP header (IP header+data=total length). The total length will
    be calculated, if you don't specify it.

    --id=identification IP identification field (default=0).

    -fo <fragmentation offset>

    --frag-off=fragmentation offset

    --frag This options specifies the fragmentation offset as
    described in RFC791 (internet protocol specifications). The
    default value for the fragmentation offset is 0x4000.

    -ttl <time to live> Use this option to specify the time to live
    value in the IP header (default=64).

    --protocol This option specifies the protocol number for the
    protocols based on IP. These are for example ICMP(1), TCP(6) and
    UDP(17). Have a look at the /etc/protocols for other protocol
    numbers. The default protocol number is TCP(6).

    --ipcheck You can use this option to set the IP checksum. You
    can also specify wrong IP checksums to test firewalls or other
    network applications for example. APSEND will calculate the
    right IP checksum as default, if you do not specify your own
    one.

    --ihl This option sets the internet header length (IHL)
    (default=5). The IHL is needed, because of the variable lenght
    of the option field in the IP header.

    -b <source port>

    --source-port=source port

    --sp=source port This option sets the source port for the
    TCP/UDP protocol. The default value for TCP and UDP is to set a
    random port. Have a look at the /etc/services for other
    ports/services.

    -p <destination port>

    --dest-port=destination port

    --dp This option sets the destination port for the TCP/UDP
    protocol. The default value for TCP is port 80 (http) and for
    UDP it is port 7 (echo). Have a look at the /etc/services for
    other ports/services.

    -rs This option sets a random value for the TCP/UDP source port
    (set the $field constant in APSEND to specify the random port
    range).

    -rd Like the -rs option, except that this option specifies the
    destination port.

    -n <sequence number>

    --seq-num=sequence number

    --seq=sequence number This option specifies the TCP/ICMP
    sequence number (default=0).

    -a <ack number>

    --ack-num This option specifies the acknowledgement number
    (default=0).

    -u <urgent pointer>

    --urg-ptr=urgent pointer This option specifies the urgent
    pointer in the TCP header (default=0).

    -do <data offset>

    --data-off=data offset

    --doff=data offset This option specifies the TCP data offset
    (default=5).

    -res1 This option sets the reserved bit 1 in the TCP header.

    -res2 This option sets the reserved bit 2 in the TCP header.

    -w <window size>

    --window=window size This option specifies the TCP window size
    (default=0xffff).

    -tcheck This option sets the TCP checksum. It will be calculated
    by default, if you don't set your own value.

    Here are the different flags in the TCP header:

    -ACK Set the ACK flag in the TCP header.

    -RST Set the RST flag in the TCP header.

    -URG Set the URG flag in the TCP header.

    -PSH Set the PSH flag in the TCP header.

    -SYN Set the SYN flag in the TCP header.

    -FIN Set the FIN flag in the TCP header.

    -len <header/data lenght> This option sets the header+data
    length of the UDP header (default=will be calculated).

    -ucheck <UDP checksum> This option sets the UDP checksum
    (default=0, no calculation).

    -g <ICMP gateway>

    --gateway=ICMP gateway This option sets the internet control
    message protocol (ICMP) gateway (default=0, no gateway).

    -iid <ICMP id>

    --icmp-id=ICMP id Specify the ICMP identification (ICMP id).

    -icheck Set the ICMP checksum (default=will be calculated).

    -mtu <ICMP mtu> This options specifies the ICMP maximal transfer
    unit (ICMP mtu).

    -i <ICMP type>

    --icmp-type=ICMP type This option specifies the ICMP type. You
    can show all possible ICMP types using the -show option (see
    also --icmp-code).

    -c <ICMP code>

    --icmp-code This options specifies the ICMP code. You can show
    all possible ICMP codes using the -show option (see also --icmp-
    type).

    -show Show all ICMP codes/types and exit.

    --eth-device <device> Specify ethernet device.

    -ems <MAC source address>

    --eth-mac-source=MAC source address Set the ethernet MAC source
    address (default=00:00:00:00:00:00).

    -emd <MAC destination address>

    --eth-mac-source=MAC destination address Set the ethernet MAC
    destination address (default=00:00:00:00:00:00).

    -rems Use a random source MAC address.

    -remd Use a random destination MAC address.

    --generic <header/data> This is a very powerfull option, as you
    can use this option, to build every possible packet based on IP.
    The only problem is, that you have to calculate all of the
    checksums/whatever yourself. I'll write more (examples and other
    things) to this option, in the next version of APSEND.

    --li <port>

    --listen=port If you use this option, then APSEND will listen on
    the port <port> and wait for incoming connections. If someone
    connects to this port (via TCP or UDP), then APSEND will print
    all data it gets to STDOUT.

    --co <port>

    --connect=port Use this option, if you want to connect to a
    remote host (via TCP or UDP). If you use this option, then
    APSEND will make a REAL connection (three way handshake) to the
    remote host. If you want to send data to the remote host, just
    type it in (STDIN).

    --regex=Regular expression If APSEND runs in listening mode
    (using the --li <port> option, then you can use this regex to
    print only the data the regex matches.

    --nregex=Regular expression Like --regex, but print only the
    data NOT being matched by this regex.

    -sop <protocol number>

    --socket-protocol=protocol number Use this protocol for the --
    listen or --connect mode of APSEND (currently are only TCP and
    UDP supported).

    -f <script file> (not implemented)

    --file=script file (not implemented) This option specifies the
    scripting file of APSEND. But it's not yet implemented, but
    it'll be available in one of the next versions of APSEND. Sorry.

    -m <number of packets to send>

    --number=number of packets to send This option specifies the
    number of packets to send. Use 0 if you want to send unlimited
    numbers of packets (default=1).

    -q

    --quiet Don't display anything while sending the packets (quiet
    mode).

    -y <data>

    --data=data This option specifies the data to send with the
    TCP/UDP packets (default='').

    -x Show network devices and exit.

ATTACKS
    APSEND includes a few DoS attacks like the land attack and
    others. Please use this attacks only against your OWN machines.
    They're only for educational purposes, so if you do anything
    illegal with this attacks, then it's not my fault.

    -sf

    --syn-flood

    --flood This is a SYN flood attack (I think everyone knows how
    it works).

    --land Land attack against WIN95/98 and possibly NT (I didn't
    test this). Please notify: The source port has to be the same as
    the destination port. If not, then APSEND will autoset it.

    --stream Stream attack (default src/dest port=22).

    --bd

    --bed

    --be-dos DoS attack against BeOS.

    -td

    --tcp-dos

    --tcpd DoS attack against tcpdump 3.4a (we all love this program
    :)). We just need to send an IP packet with protocol=4 and IHL=0
    to crash tcpdump 3.4a (from BLADI bladi@EUSKALNET.NET).

    -uf

    --udp-flood Just a simple UDP flood. This can crash an ascend
    router for example (use destination port 7 (echo) to do this).

    -pf

    --ping-flood A simple ping flood :)

SEE ALSO
    RFC791, RFC792, RFC768, RFC793, perl(1), Net::RawIP(1), the perl
    cookbook, TCP/IP illustrated (Volume 3) [Stevens, 1996], UNIX
    Network programming (Volume 1: Sockets and XTI) [Stevens] and
    TCP/IP - Internet Protokolle im professionellen Einsatz [Mathias
    Hein].

AUTHORS
    Anarchy <anarchy@elxsi.de>

BUGS
    I think there are still alot of bugs in APSEND.

BUG REPORTS
    If you find any bugs in APSEND please report it to
    B<anarchy@elxsi.de>> and if you want me to implement any other
    options/whatever in APSEND then you can also drop me a line.
    Thanks!

