1TCPJUNK(1) Tcpjunk TCPJUNK(1)
2
6 Tcpjunk - TCP protocols testing tool.
7
10 tcpjunk -s [hostname] -p [port] -c [session file] [options]
11 tcpjunk -r -p [port] -c [session file] [options]
13 tcpjunk -x
15
18 Tcpjunk is a TCP protocols testing and hacking utility.
19 Tcpjunk can be used as an IPv4 or IPv6 client or server and uses a pre‐
20 defined session file containing the data to send. Tcpjunk can be used
21 as a general testing tool, a traffic generator or a fuzzer, for proto‐
22 cols such as HTTP, SMTP, etc.
23 Tcpjunk has 3 modes of operation: concurrent client, concurrent server
25 and in GUI mode - iterative client and server.
26
29 General options:
32 -d
36 --debug
37 Force display of raw traffic when using multiple instances or in server
38 mode.
39 -X
42 --hexdump
43 Display raw traffic as hexdump.
44 -v
47 --verbose
48 Display warnings and other information.
49 -h
52 --help
53 Show help and exit.
54 -x
57 --gui
58 Run Tcpjunk in GUI mode, allowing a single client or server testing
59 environment (all other flags are ignored).
60 -a
63 --daemon
64 Run Tcpjunk as a daemon.
65 Session options:
68 -c
71 --file=FILENAME
72 specifies a session file name, containing the data to send.
73 A session file can contain any text or binary data. Tcpjunk tags can
74 be inserted to session files to create dynamic content and to control
75 send and receive operations. See Tags section for more information.
76 -e
79 --seq-file=DIRECTORY
80 With each connection, use a session file from the specified directory
81 sequentially.
82 -f
85 --rand-file=DIRECTORY
86 With each connection, use a random session file from the specified
87 directory.
88 -W
91 --wait-data
92 After connection is established, wait for remote host to send data
93 first, before sending any replies (default: send data immediately).
94 -C
97 --close
98 When no data is left to send, do not wait for remote host to send a
99 reply (default: wait for reply).
100 -T
103 --sess-time=MSECONDS
104 Session timeout (default: 100 milliseconds).
105 Tcpjunk uses this value to determine when to finish waiting for remote
106 host to send data. This timeout is triggered when no data arrives from
107 the remote host and when it expires, Tcpjust will continue with its
108 next task. This option greatly affects session speed and should be set
109 according to connection latency and tested protocol.
110 Client options:
113 -s
116 --host=HOST/IP
117 Hostname or IP address of remote host.
118 -i
121 --instances=NUMBER
122 Number of Tcpjunk client instances to run in parallel continuously.
123 -l
126 --limit-sess=NUMBER
127 Limit the number of sessions for each client instance (default: unlim‐
128 ited).
129 If specified, each Tcpjunk client instance will terminate after per‐
130 forming this many sessions.
131 -P
134 --src-ip=IP
135 Use a specific or random source IP address for client connections.
136 Tcpjunk adds these IP addresses automatically on aliases of a network
137 interface specified with -I. Use the format 192.x.4.x for IPv4 and
138 2001:x:x:x:0:0:0:1 for IPv6, Tcpjunk replaces every 'x' with a random
139 octet/quad.
140 -I
143 --interface=INTERFACE
144 Interface to use when using the -P option.
145 IP forwarding must be enabled on a host running Tcpjunk, if this inter‐
146 face does not lead directly to the destination address. This option
147 needs root privileges.
148 -N
151 --ip-sessions=NUMBER
152 Number of connections to use each source IP address before changing to
153 a different one (default: 10)
154 -O
157 --offset=NUMBER
158 Starting alias offset when using the -I option with IPv4 (default: 0).
159 When using multiple instances (-i) with different source IPv4
160 addresses, each Tcpjunk child process uses its own alias. Another main
161 Tcpjunk processes, must use this option to have their own aliases.
162 -o
165 --src-port=PORT
166 Bind client connections to a specific source port.
167 Server options:
170 -r
173 --server
174 Run TCPJunk in server mode.
175 Tcpjunk will listen to connections on the port specified with -p. A
176 Tcpjunk server can handle multiple connections simultaneously, but is
177 not efficient as servers dedicated to specific protocols. Use -v
178 and/or -d options, to view warnings or incoming connections data.
179 -E
182 --cert=FILENAME
183 SSL server certificate filename
184 -K
187 --key=FILENAME
188 SSL server key filename
189 Connection options:
192 -p
195 --port=PORT
196 TCP port or service name to connect / listen to.
197 -6
200 --ipv6
201 Connect and Accept using IPv6.
202 -S
205 --ssl
206 Use SSL (v3.0) to send data in all TCP connections.
207 Example for generating a private key and self signed SSL certificate:
209 $ openssl genrsa -des3 -out server.key 1024
210 $ openssl req -new -key server.key -out server.csr
211 $ cp server.key server.key.org
212 $ openssl rsa -in server.key.org -out server.key
213 $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out
214 server.crt
215 -t
218 --timeout=SECONDS
219 Connection establishment timeout (default: 2 seconds)
220 -w
223 --wait=MSESONDS
224 Create a delay between connections when using multiple instances
225 (default: none).
226 -k
229 --repeat-sess=NUMBER
230 Repeat session on the same connection without reconnecting (default: 1)
231 -m
234 --send-size=BYTES
235 Set buffer size for send calls (when setting this option, TCP_NODELAY
236 socket option is enabled).
237 -D
240 --send-delay=MSECONDS
241 If -m is used, wait this much between send calls.
242 -z
245 --optimize
246 Enables tw_recycle and tw_reuse TCP settings and sets file descriptor
247 limits to 10240. This option needs root privileges.
248
251 <sect>[data]</sect>
254 Section tag, delimiters for multiple sections in the session flow.
255 When this tag is not used, Tcpjunk sends all data in the session file
256 in one send operation.
257 If data is entered between <sect> tags, Tcpjunk sends each section by
258 itself, and expect a reply from the remote host before sending the next
259 section, for example:
260 <sect>user root
261 </sect>
262 <sect>pass toor
263 </sect>
264 <rep [min] [max]>[data]</rep>
267 Repeat tag, repeat [data], for times specified by the [min] setting.
268 If [max] is specified, repeats a random number of times, in the range
269 of [min]-[max]. Repeat tags can be nested inside other repeat tags,
270 for example:
271 <rep 10>Outer1 <rep 1 5>Nested</rep>Outer2 </rep>
272 <sys>[command]<sys>
275 System tag, inserts the output of a system command into the session.
276 <fuzz [type|last] [min] [max]>
279 Fuzz tag, inserts a buffer of data of the specified type, in the size
280 of [min] bytes.
281 If [max] is specified, insert a randomly sized buffer, in the range of
282 [min]-[max]. Use <fuzz last> to repeat last tag output later in a ses‐
283 sion.
284 Fuzzing types:
286 digit [0-9]
287 alnum [0-9][a-z][A-Z]
288 alpha [a-z][A-Z]
289 cntrl control characters
290 print any printable character
291 special above ASCII 127
292 punct punctuation characters
293 space space characters
294 any any character
295 random random fuzzing type for each instance
296 <tamp [type] [min] [max]>[data]</tamp>
299 Tamper tag, tampers with enclosed data by replacing random characters
300 with ones of the specified type (types are the same as in the fuzz
301 tag).
302 Percentage of tampering is determined by the [min] value (1-100).
303 If [max] is specified, in each connection a random tampering percentage
304 is chosen.
305 <char [hex code] [max]>
308 Char tag, inserts a specific character, specified by [hex code]. Only
309 a single byte is inserted, unless [max] is specified.
310 <enc [prefix] [type] [postfix] [padding]>[data]</enc>
313 Encode tag, encode characters using the following encoding types: dec,
314 hex, HEX or oct. prefix and postfix must be specified, or 'none'.
315 Padding adds leading zeroes to each encoded character.
316 HTML encoding example: <enc &# dec none 4>test</enc> Produces:
318 test
319 <count [dec|hex|last] [min] [max]>
322 Count tag, counts from min to max, in decimal or hexadecimal.
323 The [min] and [max] values must be specified in decimal. Use <count
324 last> to repeat last count output.
325 <charr>[oct, oct,...]</carr>
328 Character Array tag, inserts an array of characters, useful in cases
329 when large amount of binary data is used.
330 <inst>
333 Instance tag, inserts the number of the current Tcpjunk instance.
334 In client mode, this tag inserts the same number for all connections a
335 specific instance creates. In server mode, this tag inserts the number
336 of the current server instance (always increments).
337
340 Written by Ofer Kashayov <oferkv@gmail.com>.
341
344 Copyright (c) 2008 - 2010 Ofer Kashayov
345Tcpjunk September 2010 TCPJUNK(1)