Simple generation at channel level
Working with tcp sessions
http_server
Simple HTTP server on localhost.
run as:
anettest -f this_file.fws
http_client
tcp_socket_client
Tcp server that connects to server, sends data and displays answer.
There is a sample of corresponding server.
tcp_socket_server
Tcp server that accepts new connections, waits for predefined request and sends response.
There is a sample of corresponding client.
tcp_socket_server2
Tcp server that accepts new connections, waits for predefined request and sends response.
There is a sample of corresponding client.
tcp_gateway
Transfers data between TCP client and server.
Client and server can be found in other samples or you can specify real not local addresses.
mail_reader
Reads mail over POP3 protocol.
run like this:
anettest -T 999999 -d client:pop3.mail.ru:110 -f this_file.fws
send_http_message
Connecting to www.mail.ru over TCP, then sends the HTTP request
run program as
anettest -T 5000 -d client:www.mail.ru:80 -f send_http_message.fws
under UNIX you should not delete CR (^M) symboles from this file or you should add them (\r)
you may watch the result with some sniffer
Udp
udp_socket_client
Udp client using system socket, sends to 2 ports. There is a sample of corresponding server.
udp_socket_server
Udp server using system socket, binds to 2 ports and accepts data for both displaying it.
There is a sample of corresponding client.
Tracing, processing, displaying
http_parser
Traces requests to HTTP server and parses them.
Outputs for urls which ends up by html, htm, php or empty extension.
Can distinguish parameters in url after ?.
Runs as
anettest -d eth0#0 -f this_file.fws
simple_sniffer
Traces tcp and udp packets and displays info about them.
run program as
anettest -d eth0#0 -f this_file.fws
simple_sniffer1
Traces tcp and udp packets and displays info about them.
run program as
anettest -d eth0 -f this_file.fws
scan1
Traces TCP packets with destination port = 80 and displays destination IP address for each packet.
Doesn't print packets with destination IP which has been already printed.
run program as
anettest -d eth0 -f this_file.fws
waiting_packets
Waits for defined packets for a interval of time. Displays the result: accepted or not accepted (droped).
run like this:
anettest -d eth0 -f this_file.fws
scan_with_syscalls
Traces TCP packets and for each destination IP address performs system calls,
running the browser, writing the address to file (for Windows).
run like this:
anettest -d eth0#0 -f this_file.fws
Tracing, processing, displaying (scanner mode)
scan
Traces packets to and from, displays reports with number of packets, bytes, rate per second.
run program as
anettest -d eth0 -rf scan.fws
tracing_packets
Periodically displays reports about each packet: is recieved and how mush.
run program as
anettest -vr -d eth0 -f tracing_packets.fws
mask
Traces two kinds of packet: 1) any http packet, but not to mail.ru; 2) any http packet.
run like this:
anettest -d eth0 -r -f this_file.fws
Read/write trace(pcap) files
work_with_traces
Changes content of trace file
Runs as: anettest -d eth0 -f this_file.fws
work_with_traces1
Watches trace file with smtp packets. Searches for packets with MAIL FROM command.
Adds found email address to the list of variables.
After watch, displays the filled list of variables.
scan_trace
Watches trace file with smtp packets. Searches for packets with MAIL FROM command.
Adds found email address to the list of variables.
After watch, displays the filled list of variables.
Run as:
anettest -d eth0 -f this_file.fws
Send/receive at channel level
my_gateway
Transmit packets from one interface to another (and will change their content if you uncomment some lines).
Parameter 'sourceIP' may be defined prior to processing of this file if you want to set filter on source IP.
Run like this:
anettest -d eth0#0 -d eth1#1 -f this_file.fws
anettest -d eth0#0 -d eth1#1 define sourceIP 1.1.1.1 this_file.fws
ask_mac
Sends arp request and waits reply, prints the answer: MAC address or timeout
run program as
anettest -d eth0 -f this_file.fws
arp_spoofing
Arp spoofing. Waits for the defined arp request and sends reply to it.
run program as
anettest -d eth0 -f this_file.fws
arp_spoofing_all
Arp spoofing. Waits for any arp request and sends reply to it.
run program as
anettest -d eth0 -f this_file.fws
arp_spoofing_all1
Continuously waits for any arp requests and sends replies to them.
run program as
anettest -d eth0 -f this_file.fws
arp_request
run program as
anettest -d eth0 -f this_file.fws
Core script syntax
variables
Using variables examples
rus as:
anettest -d eth0 -f this_file.fws
arrays
Show the example how to use arrays of variables or fields
Runs as: anettest -d eth0 -f this_file.fws
common_tests
Common test of program Anettest
hexdump
conditions
Simple firewall test
compare_mode
Sample file for progam AnetTest.
Run program as
anettest -c trace1.pcap -c trace2.pcap -c trace3.pcap -f compare_mode.fws
Program will search all the packets defined below in trace-files.
and will output info about packets for which search results don't correspond packet's requests (ACCEPT or DROP)
compare_mode1
Result:
Packet on line 18 (compare_mode1.fws) : droped (dev 2)
Packet on line 23 (compare_mode1.fws) : droped (dev 1)
Packet on line 34 (compare_mode1.fws) : droped (dev 1)
fasttest
Fasttest regime is used for implementing fast test of packet filter.
Packets in sequence must be different. They will be registered at first, then generated at one moment.
While generation sniffers will work and registrate recieved packets.
Generation is performed from the first interface specified by -d option (main interface).
Requests after SEND command correspond to next opened interfaces (EXCEPT MAIN INTERFACE).
Using extended regime is also allowed.
Imitation of network activity by trace file
convtest1
Imitates SMTP session between client (on interface eth0) and server (on eth1).
Sets request that all the packets must be successfully passed through (eth0 -> eth1 and eth1 -> eth0).
Run as:
anettest -d eth0#0 -d eth1#1 -f this_file.fws
convtest2
Imitates SMTP session between client and server.
NAT must be used between client and server. See file "natConfigSession.fws".
Sets request that all the packets must be successfully passed through.
Run as:
anettest -d eth0#0 -d eth1#1 -d eth2#2 -f this_file.fws
sessionWithNat
Runs conversation test for smtp client and server with NAT between them.
Run as:
anettest -d eth0#0 -d eth1#1 -d eth2#2 -f this_file.fws
0 - public zone
1 - private zone
2 - DMZ
configuration of NAT is in "natDefines" header
Assumed arp table of SSPT-2:
Interface IP-address MAC-address
eth0 192.168.0.254 00:00:00:00:00:03
eth0 192.168.0.2 00:00:00:00:00:04
eth2 192.168.0.5 00:00:00:10:00:00
conversation_test
Simple conversation test. The work of smtp client will be imitated using info from trace file.
rus as:
anettest -d eth0#0 -d eth1#1 -f this_file.fws