1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
- Sensible defaults.
- Manual page. (DONE, but on-going)
- Command-line argument processing is a mess. How to improve it? Use a parser
that mimics tcpdump expressions???
- support UDP and ICMP as well (DONE)
- support layer 2 (DONE)
- GRE, MPLS - ask Darrin (DONE)
- Only 2 TCP options implemented. What others would be useful? (DONE)
- Should I add support for IP options? (Yes! DONE)
- Output options:
* To stdout (raw) (DONE)
* To stdout (in hex) (DONE)
* To pcap file. (DONE)
* The real thing, to the wire (partially DONE. Need to fix non-Linux platforms)
- Read options from a file. (DONE! - was "complicated", but it's done :-)
- Output specific PDUs from the final packet, like from UDP and up.
- More than 3 PDUs? (what if I want to create a custom BGP packet?)
(don't know what this was, but it's DONE - I can create a BGP message
just fine)
- Test suite (open valid PCAP file and use ttt to create same PCAP file.)
- Support IP and TCP options from a file (nemesis' -O option)
- The -P option should be more flexible. Maybe "-P file:payload.dat", or
"-P data:'1 2 3 4'", or "-P repeat:'blah -times 5'"
- Debian packaging (DONE)
- configure switchs --with-pcap --with-ssl (and --without-xxx equivalents)
- A GUI?
- Add a numspec for IP addresses
- Add randomness to numspec, i.e. a default and then a probability of
getting that default (see pysic) (DONE)
- Portability (ongoing)
- Better error handling. Right now all errors cause error() to be called,
which ends the program.
- Ability to define multiple packets on the command line or in a command
file. Need to have a global array of PDUs for this and need to introduce
a new option "--eop" or "--end-of-packet". (DONE!)
- Migrate to popt (DONE)
- Implement --nocksum. Make it a flag in the PDU structure so it can be
specified for any PDU. (DONE)
- --only-first n (DONE)
- Ability to specify "auto" for lengths and checksums. (DONE)
- Design a way to have each PDU handle processing of its command line
options. This should be a modular, per-PDU thing, instead of making
options.c bigger and bigger with each new PDU. (DONE)
- Some of the PDUs require a complex specification when the PDU is
being created on the command line (or command file.) We need
to be able to provide on-line help that describes this complex
specification. For example:
-------------------------- Begin example -----------------------------
$ ttt --icmpv6-router-renum help
Creates an ICMPv6 router renumbering message. Takes as parameter
a message specification that has the following format:
<code>,<sequence #>,<segment #>,max delay[,flags]
All parameters are numbers with the exception of the flags field.
flags can be: "test", "proceed", "result", "all" and "site".
They can be in any order but must be separated by ':'.
For example:
1,1,0,50000,test:proceed
1 sets the code to 1 for a Rouer Renumbering Result
1 sets the sequence number
0 sets the segment number
50000 sets the max delay in milliseconds
"test" sets the T flag - test command
"proceed" sets the P flag - Proceed previously
In this example the R, A and S flags are set to 0.
---------------------------- End example -----------------------------
- Signal handling so a Tcl command can be interrupted.
- Create a PDU Tcl object type as well as commands to handle them (done)
- Provide a way to generate a packet from a Tcl PDU object type (done)
- Provide a way to modify a generated packet (barray command?)
From Shiva:
There are a couple tools I need to write to continue analyzing the
traffic I’ve captured. Suggestions welcome:
* I need to be able to extract HTTP payloads from a pcap. It should
be pretty easy to re-use Wireshark’s TCP Stream reassembly to get
the TCP layer. With that done, I could easily get the HTTP layer…
then maybe I can hand it to some Mozilla libs to be ungzipd,
unchuncked, etc. It would be pretty awesome if this was built into
scapy though but to my knowledge it isn’t.
* I need to fake DNS responses at “runtime”. I’m sure there
are honeynet tools that do this and I could config a “malicious”
DNS server just a easily.
|
