man rain (Commandes) - rain - a powerful, fully customizable packet builder
NAME
rain - a powerful, fully customizable packet builder
SYNOPSIS
rain [ options ] -t <target-host>
DESCRIPTION
rain is a powerful packet builder for stress testing hardware and software. Its features include support for all IP protocols, and the ability to fully customize the packets it sends.
DISCLAIMER
This program was written with the intent to help system administrators discover weaknesses in their services. This program is not intended to be abused maliciously and the author of this program will take absolutely no responsibility for any damage that this program may cause.
Please be responsible and use this program for testing on your system only!!
OPTIONS
Options must be seperate. -v -v is recognized while -vv is not.
Most options can also take hexidecimal arguments, prefixed with 0x.
Alot of the following options require root priviledges. Try rain --help as a non-root user to see normal user options.
- -v
- This causes rain to output more verbosely. You may use it up to three times. It is recommended that you use this option, and verbose mode may very well be implemented without the use of -v in the future
- -c <count>
- When specified, count packets will be sent, rather than infinite. Default value is 0 (infinite).
- -d <delay>
- This will cause rain to wait delay microseconds between packet sends. The default value is 10000.
- -b
- Specify this option if the target host is a broadcast address. If the target address contains "255", rain will automatically assume it to be a broadcast address, and allow broadcast messages.
- -s <source-hostname>
- This sets the source hostname of each packet sends. The default value will be the IP address of the primary outgoing interface.
-s 0 will cause the source hostname to be random with each packet sent.
- -t <target-hostname>
- This sets the target hostname, where the packets will be sent.
- --size <bytes>
- This specifies the size in bytes of each packet sent. The default is the kernels default maximum TCP segment size, usually 507. (See macro TCP_MSS in netinet/tcp.h)
- -p | --dport | --destination-port <destination-port>
- These options specify the destination port on the target host. Using a value of 0 will cause the destination-port to be random with each packet. Default value is 138.
- --sport | --source-port <source-port>
- These options specify the default source port of each packet. Using a value of 0 will cause the source-port to be random with each packet. Default value is 420.
- --timeout <seconds>
- This specifies how many seconds of inactivity to wait before exiting in TCP streaming showers, such as --stream and --connect which are described later. The default value is 10 seconds.
- --sim <simulation-number>
- When specified, rain will simulate one of several well known DoS attacks.
Here are the possible values: 0 - fawx2.c 1 - bloop.c 2 - jolt2.c 3 - trash2.c 4 - raped.c
- --noblock
- This sets all socket I/O to be non-blocking. This will result in faster packet sending with showers such as --connect, although it will not wait for the entire TCP handshake before sending the next connection request. If you are not sure what this is for, don't use it.
- --oob
- When specified, all packets will be sent as Out-of-Band data (MSG_OOB).
- --noroute
- When specified, rain will bypass any underlying routing mechanisms (such as the kernel routing table) for direct sends to local area networks.
- --udp
- This option specifies that you will be sending UDP/IP packets.
- --tcp
- This option specifies that you will be sending TCP/IP packets. (Default)
- --stream
- When specified, rain will use a connection based, streaming send shower. This means that you cannot spoof the source address nor customize any aspects of the packets other than the size, payload, Time to Live, and Type of Service.
- --connect
- When specified, rain will use a streamed connection shower (it will call connect() many times). The same non-spoofing and customization rules apply to --connect as they do in --stream.
- --seq <number>
- When specified, the TCP sequence value will be set to number. The default value is the process id.
- --win <number>
- When specified, the TCP window-size will be set to number. The default value is 56.
- --urg
- This will set the TCP URG (urgent) bit.
- --ack
- This will set the TCP ACK (acknowledgement) bit.
- --psh
- This will set the TCP PSH (push) bit.
- --rst
- This will set the TCP RST (reset) bit.
- --syn
- This will set the TCP SYN (synchronize) bit.
- --fin
- This will set the TCP FIN (finish) bit.
- --ack-seq <number>
- When specified, rain will set the TCP acknowledgement sequence to number. Specifying a value of 0 will cause the ack sequence field to increase with each packet send, thus overflowing it in large sends. Default value is 0 (overflow).
- --res <number>
- When specified, rain will set the TCP reserved bits to number. This number cannot exceed 15. The default value is 0. It is highly recommended that you do not touch this option unless you are confident with what you are doing.
- --icmp
- This option specifies that you will be sending ICMP/IP packets.
- --list-icmp
- This will cause rain to list all known ICMP type/code combinations for your reference.
- --icmp-type <number>
- This will set the packet's ICMP type to number. ( see --list-icmp )
- --icmp-code <number>
- This will set the packet's ICMP code to number. ( see --list-icmp )
- --icmp-id <number>
- This will set the packet's ICMP id to number.
- --icmp-seq <number>
- This will set the packet's ICMP sequence value to number.
- --icmp-mtu <number>
- This will set the packet's ICMP MTU (maximum transfer unit) value to number.
- --icmp-gw | -g <address>
- This will set the packet's ICMP gateway address to address.
- --igmp
- This options specifies that you will be using IGMP/IP packets.
- --list-igmp
- This will cause rain to list all known IGMP type/code combinations for your reference.
- --igmp-type <number>
- This will set the packet's IGMP type to number. ( see --list-igmp )
- --igmp-code <number>
- This will set the packet's IGMP code to number. ( see --list-igmp )
- --igmp-ga | -g <address>
- This will set that packet's IGMP group address to address. This is only effective in non membership queries.
- --frag <number>
- This will set the packet's fragmentation offset to number.
- --df
- When specified, rain will set the appropriate "Don't Fragment!" bits in each packet, which tells the target host not to fragment the packets it receives.
- --tos <number>
- This will set the packet's TOS (Type of Service) value to number. Use with -v -v to see a description of the Type of Service you specified.
- --ttl <number>
- This will set the packet's TTL (Time to Live) value to number. Default value is 64.
- --id <number>
- This will set the packet's IP id sequence to number. Default value is the process id.
- --id-of
- When specified, rain will increase the value of the IP ID field by one with each packet, hence overflowing the field in large sends.
- --payload | --pl <string>
- This will insert string into each packet's payload. Note that multi word strings must be quoted.
- --fill <ascii-character>
- This will initially fill the packet's payload with ascii-character. This does not conflict with --payload. Default value is 0xA1.
- --version | -V
- This will print rains' version information and exit.
- --help [topic]
- This will print rains' help menu. topic is an optional argument that will print topic specific information. Such as --help --tos
EXAMPLES
Here are some examples of using rain.
rain -t localhost -s 0 --tcp --ack -p 0 --sport 0 --size 1024
This will send an infinite amount of 1,024 byte TCP ACK packets to random ports on localhost, from random ports and random hosts. (similar to raped.c)
rain -c 10 -t localhost --igmp --igmp-type 0x17 --igmp-code 0 -g 192.168.1.24 -s 192.168.0.4
This will send 10 IGMP "leave group 192.168.1.24" packets to localhost from 192.168.0.4
rain -t localhost -c 0xA --udp --size 1400 -s localhost --df --tos 0x24 --ttl 255
This will send 10 1,400 byte UDP packets across the loopback interface with the "Don't Fragment!" bits set, a high priority Type of Service and the maxmimum Time to Live value of 255.
BUGS
There is an issue with malloc() allocating the wrong amount of bytes for packet sizes in FreeBSD 4.3-STABLE
In Linux, Kernel 2.4.4, packets will not pass through IP when a fragmentation offset is specified. This is a bug in the Linux kernel and not rain.
AUTHOR
Michael - mystic@tenebrous.com
COPYRIGHT
This software is Copyright(c) 2001 by Michael (mystic@tenebrous.com) and licensed under the GNU General Public License.
CONFORMING TO
Posix, 4.4BSD