abcip

ABCIP is awesome. I use it to test Snort and other network analysis utilities off-the-wire. What is ABCIP really though? ABCIP interprets a text-based specification which it then converts into a PCAP. All supported protocols (which is a growing set), fields can be modified easily per-packet, or per-session. Automatic IPv4/IPv6 fragmentation, TCP Segmentation, and TCP Sequence + Acknowledgment calculation are easily its most undervalued features. To give the project homescreen some substance, I've taken the liberty to annotate one of the tests included in the package. --- # Run the following, ABCIP default reads from STDIN $ abcip --pcap http.pcap # Define the packet layers d ( stack="eth:ip4:tcp" ) # Configure the layers (index of layers starts at 2) # 3:a == layer 3 (IPv4) client address # 4:b == layer 4 (TCP) server address; i.e., "port". # # If the layer referencing confuses you, refer to the OSI Model. c ( 3:a="192.168.1.101", 4:b=80 ) a ( syn ) b ( syn, ack ) a ( ack ) # HTTP Client GET request a ( psh,ack,data="GET / HTTP/1.1|0D 0A 0D 0A|" ) # HTTP Server Response b ( psh,ack,data= "HTTP/1.1 200 OK|d a|" "Transfer-Encoding: chunked|d a|" "Content-Type: text/html; charset=iso-8859-1|d a d a|" ) # HTTP Server Response-Continued b ( psh,ack,data="A|d a|ABCDEFGHIJ|d a|" ) b ( psh,ack,data="4|d a|EFGH|d a|" ) # Client acknowledges the reciept of the three(3) prior "b()" statements a ( ack ) # HTTP Server Response-Continued again b ( ack, data="4|d a|IJKL|d a|" ) b ( ack, data="4|d a|MNOP|d a d a|" ) # Client acknowledges the reciept of the two(2) prior "b()" statements a ( ack ) # TCP 4-way FIN Shake (3 packet short-form). b ( fin, ack ) a ( fin, ack ) b ( ack ) ---- ABCIP fanboy for 4 years; since before it existed on Sourceforge.