forked from osmocom/wireshark
a4ad9e9f74
argument to the -F flag for pcap format is "libpcap", not "pcap", we have a problem. Make it "pcap", and add a backwards-compatibility hack to support using "libpcap" as well. Update the man pages to refer to it as pcap as well, and fix the capitalization of "WinPcap" (see http://www.winpcap.org) while we're at it. Also, refer to http://www.tcpdump.org/linktypes.html for the list of link-layer header types for pcap and pcap-ng. svn path=/trunk/; revision=50989
102 lines
3 KiB
Text
102 lines
3 KiB
Text
|
|
=head1 NAME
|
|
|
|
randpkt - Random Packet Generator
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
B<randpkt>
|
|
S<[ B<-b> E<lt>maxbytesE<gt> ]>
|
|
S<[ B<-c> E<lt>countE<gt> ]>
|
|
S<[ B<-t> E<lt>typeE<gt> ]>
|
|
E<lt>filenameE<gt>
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
B<randpkt> is a small utility that creates a B<pcap> trace file
|
|
full of random packets.
|
|
|
|
By creating many randomized packets of a certain type, you can
|
|
test packet sniffers to see how well they handle malformed packets.
|
|
The sniffer can never trust the data that it sees in the packet because
|
|
you can always sniff a very bad packet that conforms to no standard.
|
|
B<randpkt> produces I<very bad> packets.
|
|
|
|
When creating packets of a certain type, B<randpkt> uses a sample
|
|
packet that is stored internally to B<randpkt>. It uses this as the
|
|
starting point for your random packets, and then adds extra random
|
|
bytes to the end of this sample packet.
|
|
|
|
For example, if you choose to create random ARP packets, B<randpkt>
|
|
will create a packet which contains a predetermined Ethernet II header,
|
|
with the Type field set to ARP. After the Ethernet II header, it will
|
|
put a random number of bytes with random values.
|
|
|
|
=head1 OPTIONS
|
|
|
|
=over 4
|
|
|
|
=item -b E<lt>maxbytesE<gt>
|
|
|
|
Default 5000.
|
|
|
|
Defines the maximum number of bytes added to the sample packet.
|
|
If you choose a B<maxbytes> value that is less than the size of the
|
|
sample packet, then your packets would contain only the sample
|
|
packet... not much variance there! B<randpkt> exits on that condition.
|
|
|
|
=item -c E<lt>countE<gt>
|
|
|
|
Default 1000.
|
|
|
|
Defines the number of packets to generate.
|
|
|
|
=item -t E<lt>typeE<gt>
|
|
|
|
Default Ethernet II frame.
|
|
|
|
Defines the type of packet to generate:
|
|
|
|
arp Address Resolution Protocol
|
|
bgp Border Gateway Protocol
|
|
bvlc BACnet Virtual Link Control
|
|
dns Domain Name Service
|
|
eth Ethernet
|
|
fddi Fiber Distributed Data Interface
|
|
giop General Inter-ORB Protocol
|
|
icmp Internet Control Message Protocol
|
|
ip Internet Protocol
|
|
llc Logical Link Control
|
|
m2m WiMAX M2M Encapsulation Protocol
|
|
megaco MEGACO
|
|
nbns NetBIOS-over-TCP Name Service
|
|
ncp2222 NetWare Core Protocol
|
|
sctp Stream Control Transmission Protocol
|
|
syslog Syslog message
|
|
tds TDS NetLib
|
|
tcp Transmission Control Protocol
|
|
tr Token-Ring
|
|
udp User Datagram Protocol
|
|
usb Universal Serial Bus
|
|
usb-linux Universal Serial Bus with Linux specific header
|
|
|
|
=back
|
|
|
|
=head1 EXAMPLES
|
|
|
|
To see a description of the randpkt options use:
|
|
|
|
randpkt
|
|
|
|
To generate a capture file with 1000 DNS packets use:
|
|
|
|
randpkt -b 500 -t dns rand_dns.pcap
|
|
|
|
To generate a small capture file with just a single LLC frame use:
|
|
|
|
randpkt -b 100 -c 1 -t llc single_llc.pcap
|
|
|
|
=head1 SEE ALSO
|
|
|
|
pcap(3), editcap(1)
|