<w w w s e c u r i t y b u g w a r e o r g>
S o f t w a r e R e l e a s e
Packet Excalibur v1.0 (Vivienne release)
A multi-platform graphical and scriptable network packet engine
with extensible text based protocol descriptions
C o d i n g : Jitsu
I d e a s : Jitsu & Irib
S u p p o r t : Nono
Supported Platforms
Windows 95/98/Me/NT/2000/XP
Linux kernel 2.2/2.4 with Gnome or KDE
Problem
We were tought that network transmissions was nothing more than a
set of
protocols piled a-top of each other.
That protocols could be described as a fixed set of semantics and
grammar
rules.
That algorithmics could easily deal with semantics and grammar
rules.
And that a slick GUI was better than endless command lines.
Solution
So we built a "packet" engine that would understand basic semantics
to describe protocols and utterly simple logic to process them. And
we tried
to keep it simple, to keep it usefull, so we thought it as a GUI.
Packet Excalibur is now available for download :
http://www.securitybugware.org/excalibur/PacketExcalibur_1.0_win32.exe
http://www.securitybugware.org/excalibur/PacketExcalibur_1.0_win32.zip
http://www.securitybugware.org/excalibur/PacketExcalibur_1.0_linux.tgz
http://www.securitybugware.org/excalibur/PacketExcalibur_1.0_win_lin_src.zip
The is free software, distributed under the GNU public license, it
works under
both microsoft and linux operating systems. It was built using
solely GNU
compilers (gcc and mingw).
You will be able
to decide packet attributes from physical layer to the top,
to sniff and spoof packets (packet generator) in a single
interface,
to build scripts in the gui,
to define additional protocols in simple text files.
Some sample protocols definitions, scripts, and packets are
provided. You're
welcome to contribute and forward yours to securitybugware for
future release.
Below is some sample definition file, it describes the IP protocol
in a file named
"iso-3 Internet Protocol (IP).def", fields are used in the gui to
build and to
decode packets :
$bit=4 $desc="Version" $default=4
$value=4 $desc="IPv4"
$value=5 $desc="ST Datagram Mode"
$bit=4 $desc="Header length" $default=5
$value=5 $desc="No options (5x32bits)"
$function=@ip-opt-len $desc="Has options (5+opt.len/32)" $rfc="iso-3
IP Options.def" $rfc_option
$byte=1 $desc="Type of Service" $default=0
$value=0x00 $desc="normal (query)"
$value=0x02 $desc="min cost (NNTP)"
$value=0x03 $desc="Flash"
$value=0x04 $desc="max reliable (IGP)"
$value=0x05 $desc="CRITIC/ECP"
$value=0x06 $desc="Internetwork Control"
$value=0x07 $desc="Network Control"
$value=0x08 $desc="max through. (data)"
$value=0x10 $desc="min delay (control)"
$byte=2 $desc="IP datagram len" $default=@ip-data-len
$value=40 $desc="IP+TCP only"
$function=@ip-data-len $desc="IP datagram len"
$byte=2 $desc="IP id"
$bit=1 $desc="Fragment flags" $default=0
$value=0 $desc="reserved"
$value=1 $desc="unknown"
$bit=1 $desc="Fragment ?" $default=1
$value=0 $desc="do"
$value=1 $desc="don't"
$bit=1 $desc="Fragmented ?" $default=0
$value=0 $desc="no"
$value=1 $desc="yes"
$bit=13 $desc="Fragment offset" $default=0
$value=0 $desc="no fragment"
$byte=1 $desc="Time to Live (TTL)" $default=128
$value=128 $desc="half max hopes"
$byte=1 $desc="Protocol" $default=6
$value=0 $desc="Hop-by-Hop"
$value=1 $desc="ICMP" $rfc="iso-4 Int
Ctrl Msg Proto (ICMP).def"
$value=3 $desc="Gateway-to-Gateway"
$value=4 $desc="CMCC Gateway Monitoring Message"
$value=5 $desc="ST"
$value=6 $desc="TCP" $rfc="iso-4 Trans
Ctrl Proto (TCP).def"
$value=7 $desc="UCL"
$value=9 $desc="Secure"
$value=10 $desc="BBN RCC Monitoring"
$value=11 $desc="NVP"
$value=12 $desc="PUP"
$value=13 $desc="Pluribus"
$value=14 $desc="Telenet"
$value=15 $desc="XNET"
$value=16 $desc="Chaos"
$value=17 $desc="UDP" $rfc="iso-4 User
Datagram Proto (UDP).def"
$value=18 $desc="Multiplexing"
$value=19 $desc="DCN"
$value=20 $desc="TAC Monitoring"
$value=43 $desc="Routing (Type 0)"
$value=44 $desc="Fragment"
$value=50 $desc="Encapsulating Security Payload" $rfc="iso-3-n Ecap
Sec Payload.def"
$value=51 $desc="Authentication"
$value=59 $desc="Nothing next"
$value=60 $desc="Destination Options"
$value=63 $desc="Any Local Network"
$value=64 $desc="SATNET and Backroom EXPAK"
$value=65 $desc="MIT Subnet Support"
$value=69 $desc="SATNET Monitoring"
$value=71 $desc="Internet Packet Core Utility"
$value=76 $desc="Backroom SATNET Monitoring"
$value=78 $desc="WIDEBAND Monitoring"
$value=79 $desc="WIDEBAND EXPAK"
$byte=2 $desc="IP header checksum" $default=@ip-checksum
$function=@ip-checksum $desc="IP checksum"
$dotted=4 $desc="Source IP"
$function=@my-ip-addr $desc="this adapter ip"
$dotted=4 $desc="Dest. IP"
$function=@my-ip-addr $desc="this adapter ip"
In short all protocols are described with the simple field semantic
:
[[type]=[size]] {element description} {default value}
{ {value=[value set]} {value description} {value defines rfc {rfc
an option to current iso}} }
See Packet Excalibur documentation for details.
Have Phun,
Jitsu.
Jitsu/securitybugware.org
