Tool 77: Check if seqnum are predictible
This tool sends a lot of TCP SYN packets, and displays seqnum (ISN) in
TCP SYN-ACK replies. This seqnum should be random, otherwise a blind
spoofing attack is possible.
Parameter --spoofip indicates how to generate link layer for spoofing.
Values 'best', 'link' or 'raw' are common choices for --spoofip. Here
is the list of accepted values:
- 'raw' means to spoof at IP4/IP6 level (it uses system IP stack). If
a firewall is installed, or on some systems, this might not work.
- 'linkf' means to spoof at link level (currently, only Ethernet is
supported). The 'f' means to Fill source Ethernet address.
However, if source IP address is spoofed, it might be impossible
to Fill it. So, linkf will not work: use linkb or linkfb instead.
- 'linkb' means to spoof at link level. The 'b' means to left a Blank
source Ethernet address (0:0:0:0:0:0, do not try to Fill it).
- 'linkfb' means to spoof at link level. The 'f' means to try to Fill
source Ethernet address, but if it is not possible, it is left
- 'rawlinkf' means to try 'raw', then try 'linkf'
- 'rawlinkb' means to try 'raw', then try 'linkb'
- 'rawlinkfb' means to try 'raw', then try 'linkfb'
- 'linkfraw' means to try 'linkf', then try 'raw'
- 'linkbraw' means to try 'linkb', then try 'raw'
- 'linkfbraw' means to try 'linkfb', then try 'raw'
- 'link' is an alias for 'linkfb'
- 'rawlink' is an alias for 'rawlinkfb'
- 'linkraw' is an alias for 'linkfbraw'
- 'best' is an alias for 'linkraw'. It should work in all cases.
netwox 77 -i ip -p port [-s spoofip] [-w uint32]
||destination IP address
||destination port number
||IP spoof initialization type
||maximum waiting time for answer (in msec)
netwox 77 -i "188.8.131.52" -p "80"
netwox 77 --dst-ip "184.108.40.206" --dst-port "80"