


NEMESIS-DNS(1)					   NEMESIS-DNS(1)


NAME
       nemesis-dns - DNS Protocol (The Nemesis Project)

SYNOPSIS
       nemesis-dns [-kvZ?] [-a ack-number ] [-A number-of-author-
       itative-DNS-resource-records ] [-b number-of-DNS-answers ]
       [-d  Ethernet-device  ]	[-D  destination-IP-address ] [-f
       TCP-flags ] [-F fragmentation-options ]	[-g  DNS-flags	]
       [-H source-MAC-address ] [-i DNS-ID ] [-I IP-ID ] [-M des-
       tination-MAC-address ]  [-o  TCP-options-file  ]	 [-O  IP-
       options-file  ] [-P payload-file ] [-q number-of-DNS-ques-
       tions ]	[-r  number-of-additional-DNS-resource-records	]
       [-s sequence-number ] [-S source-IP-address ] [-t IP-TOS ]
       [-T IP-TTL ] [-u urgent-pointer ] [-w  window-size  ]  [-x
       TCP/UDP-source-port ] [-y TCP/UDP-destination-port ]

DESCRIPTION
       The  Nemesis  Project  is  designed  to be a command line-
       based, portable human IP stack for UNIX-like  and  Windows
       systems.	 The suite is broken down by protocol, and should
       allow for useful scripting of injected packets from simple
       shell scripts.

       nemesis-dns  provides an interface to craft and inject DNS
       packets allowing the user to specify any portion of a  DNS
       packet as well as lower-level IP and TCP/UDP packet infor-
       mation.

DNS OPTIONS
       -A number-of-authoritative-resource-records
	      Specify	 the	number-of-authoritative-resource-
	      records within the DNS header.

       -b Number-of-answer-resource-records
	      Specify	 the	number-of-answer-resource-records
	      within the DNS header.

       -g DNS-flags
	      Specify the DNS-flags within the DNS header.

       -i DNS-ID
	      Specify the DNS-ID within the DNS header.

       -k TCP-transport-mode
	      Enables the use of TCP when injecting DNS	 packets.

       -P payload-file
	      This  will  cause	 nemesis-dns to use the specified
	      payload-file as  the  payload  when  injecting  DNS
	      packets.	For packets injected using the raw inter-
	      face (where -d is not used),  the	 maximum  payload
	      size  is 65443 bytes for DNS packets injected using
	      TCP and 65455 for DNS packets injected  using  UDP.
	      For packets injected using the link layer interface



			   17 May 2003				1





NEMESIS-DNS(1)					   NEMESIS-DNS(1)


	      (where -d IS used), the  maximum	payload	 size  is
	      1368  bytes  for TCP DNS packets and 1420 bytes for
	      UDP DNS packets.	Payloads can also  be  read  from
	      stdin  by	 specifying  '-P -' instead of a payload-
	      file.

	      Windows systems are limited to  a	 maximum  payload
	      size  of	1368  bytes  for TCP DNS packets and 1420
	      bytes for UDP DNS packets.

	      The payload file can consist of any  arbitary  data
	      though  it  will be most useful to create a payload
	      resembling the structure of the DNS  packet  speci-
	      fied  using  the command-line options.  In order to
	      send real DNS packets,  a	 payload  containing  the
	      appropriate  record  data	 (as specified in the DNS
	      header) must be created manually.

       -q Number-of-questions
	      Specify  the  number-of-questions	 within	 the  DNS
	      header.

       -r Number-of-additional-resource-records
	      Specify  the  number-of-additional-resource-records
	      within the DNS header.

       -v verbose-mode
	      Display the injected packet in human readable form.
	      Use  twice to see a hexdump of the injected packet.

TCP OPTIONS (enabled via -k)
       -a Acknowledgement-Number
	      Specify  the  acknowledgement-number  (ACK  number)
	      within the TCP header.

       -f TCP flags (-fS/-fA/-fR/-fP/-fF/-fU/-fE/-fC)
	      Specify the TCP flags:

	      -fS (SYN)
	      -fA (ACK)
	      -fR (RST)
	      -fP (PSH)
	      -fF (FIN)
	      -fU (URG)
	      -fE (ECE)
	      -fC (CWR)

	      within  the  TCP	header.	 Flags can be combined in
	      the form '-fPA'.

       -o TCP-options-file
	      This will cause nemesis-dns to  use  the	specified
	      TCP-options-file	as  the options when building the
	      TCP header for the injected  packet.   TCP  options



			   17 May 2003				2





NEMESIS-DNS(1)					   NEMESIS-DNS(1)


	      can  be  up to 40 bytes in length.  The TCP options
	      file  must  be  created  manually	 based	upon  the
	      desired options.	TCP options can also be read from
	      stdin by	specifying  '-o	 -'  instead  of  a  TCP-
	      options-file.

       -s  sequence-number
	      Specify  the sequence-number within the TCP header.

       -u urgent-pointer-offset
	      Specify the urgent-pointer-offset	 within	 the  TCP
	      header.

       -w window-size
	      Specify the window-size within the TCP header.

       -x TCP-source-port
	      Specify  the  TCP-source-port packet within the TCP
	      header.

       -y TCP-destination port
	      Specify  the  TCP-destintion-port	 within	 the  TCP
	      header.

UDP OPTIONS
       -x UDP-source-port
	      Source Port of injected packet.

       -y UDP-Destination-Port
	      Target Port of injected packet.

IP OPTIONS
       -D destination-IP-address
	      Specify  the  destination-IP-address  within the IP
	      header.

       -F fragmentation-options (-F[D],[M],[R],[offset])
	      Specify the fragmentation options:

	      -FD (don't fragment)
	      -FM (more fragments)
	      -FR (reserved flag)
	      -F <offset>

	      within the IP header.  IP fragmentation options can
	      be specified individually or combined into a single
	      argument to the -F command line switch by	 separat-
	      ing the options with commas (eg. '-FD,M') or spaces
	      (eg. '-FM 223').	The IP fragmentation offset is	a
	      13-bit  field  with  valid  values  from 0 to 8189.
	      Don't fragment (DF), more fragments  (MF)	 and  the
	      reserved flag (RESERVED or RB) are 1-bit fields.

	      NOTE: Under normal conditions, the reserved flag is



			   17 May 2003				3





NEMESIS-DNS(1)					   NEMESIS-DNS(1)


	      unset.

       -I IP-ID
	      Specify the IP-ID within the IP header.

       -O IP-options-file
	      This will cause nemesis-dns to  use  the	specified
	      IP-options-file as the options when building the IP
	      header for the injected packet.  IP options can  be
	      up to 40 bytes in length.	 The IP options file must
	      be created manually based upon the desired options.
	      IP  options can also be read from stdin by specify-
	      ing '-O -' instead of an IP-options-file.

       -S source-IP-address
	      Specify the source-IP-address within the IP header.

       -t IP-TOS
	      Specify  the IP-type-of-service (TOS) within the IP
	      header.  Valid type of service values:

	      2	 (Minimize monetary cost)
	      4	 (Maximize reliability)
	      8	 (Maximize throughput)
	      24 (Minimize delay)

	      NOTE: Under normal conditions,  only  one	 type  of
	      service  is set within a packet.	To specify multi-
	      ple types, specify the sum of the desired values as
	      the type of service.

       -T IP-TTL
	      Specify  the  IP-time-to-live  (TTL)  within the IP
	      header.

DATA LINK OPTIONS
       -d Ethernet-device
	      Specify the name (for  UNIX-like	systems)  or  the
	      number (for Windows systems) of the Ethernet-device
	      to use (eg. fxp0, eth0, hme0, 1).

       -H source-MAC-address
	      Specify the source-MAC-address (XX:XX:XX:XX:XX:XX).

       -M destination-MAC-address
	      Specify	       the	   defination-MAC-address
	      (XX:XX:XX:XX:XX:XX).

       -Z list-network-interfaces
	      Lists the available network  interfaces  by  number
	      for use in link-layer injection.

	      NOTE: This feature is only relevant to Windows sys-
	      tems.



			   17 May 2003				4





NEMESIS-DNS(1)					   NEMESIS-DNS(1)


DIAGNOSTICS
       Nemesis-dns returns 0 on a successful exit, 1 if it  exits
       on an error.

BUGS
       An  interface  for  users  to  create  DNS packet payloads
       should be created.

       Send  concise  and  clearly   written   bug   reports   to
       jeff@snort.org

AUTHOR
       Jeff Nathan <jeff@snort.org>

       Originally developed by Mark Grimes <mark@stateful.net>

SEE ALSO
       nemesis-arp(1),	  nemesis-ethernet(1),	 nemesis-icmp(1),
       nemesis-igmp(1), nemesis-ip(1), nemesis-ospf(1),	 nemesis-
       rip(1), nemesis-tcp(1), nemesis-udp(1)





































			   17 May 2003				5


