Mausezahn
Encyclopedia
(ˈmaʊ̯zəˌʦaːn, German
for "mouse tooth") is a fast network traffic generator written in C
which allows the user to craft nearly every possible and "impossible" packet. Since version 0.31 Mausezahn is open source in terms of the GPLv2. Herbert Haas, the original developer of Mausezahn died 25 June 2011.
Typical applications of Mausezahn include:
Mausezahn allows sending an arbitrary sequence of bytes directly out of the network interface card. An integrated
packet builder provides a simple command line interface for more complicated packets. Since version 0.38 Mausezahn offers a multi-threaded mode with Cisco-style command line interface.
A drawback of Mausezahn is that it only sends exactly the packet the user has specified. Therefore it
is rather less suited for vulnerability audits where additional algorithms are required to detect open ports
behind a firewall and to automatically evade intrusion detection systems (IDS). However, a network administrator could implement audit routines via a bash script that utilizes Mausezahn for creating the actual packets.
German language
German is a West Germanic language, related to and classified alongside English and Dutch. With an estimated 90 – 98 million native speakers, German is one of the world's major languages and is the most widely-spoken first language in the European Union....
for "mouse tooth") is a fast network traffic generator written in C
C (programming language)
C is a general-purpose computer programming language developed between 1969 and 1973 by Dennis Ritchie at the Bell Telephone Laboratories for use with the Unix operating system....
which allows the user to craft nearly every possible and "impossible" packet. Since version 0.31 Mausezahn is open source in terms of the GPLv2. Herbert Haas, the original developer of Mausezahn died 25 June 2011.
Typical applications of Mausezahn include:
- Testing or stressing IP multicast networks
- Penetration testing of firewalls and IDS
- Finding weaknesses in network software or appliances
- Creation of malformed packets to verify whether a system processes a given protocol correctly
- Didactical demonstrations as lab utility
Mausezahn allows sending an arbitrary sequence of bytes directly out of the network interface card. An integrated
packet builder provides a simple command line interface for more complicated packets. Since version 0.38 Mausezahn offers a multi-threaded mode with Cisco-style command line interface.
Features
As of version 0.38 Mausezahn supports the following features:- JitterJitterJitter is the undesired deviation from true periodicity of an assumed periodic signal in electronics and telecommunications, often in relation to a reference clock source. Jitter may be observed in characteristics such as the frequency of successive pulses, the signal amplitude, or phase of...
measurement via Real-time Transport ProtocolReal-time Transport ProtocolThe Real-time Transport Protocol defines a standardized packet format for delivering audio and video over IP networks. RTP is used extensively in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications, television services and...
(RTP) packets - VLAN tagging (arbitrary number of tags)
- MPLSMplsMPLS or Mpls can refer to:* Minneapolis, Minnesota, United States* Multiprotocol Label Switching, a data-carrying mechanism in computer networking...
label stacks (arbitrary number of labels) - BPDU packets as used by the Spanning Tree ProtocolSpanning tree protocolThe Spanning Tree Protocol is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and ensuing broadcast radiation...
(PVST+ is also supported) - Cisco Discovery ProtocolCisco Discovery ProtocolThe Cisco Discovery Protocol is a proprietary Data Link Layer network protocol developed by Cisco Systems. It is used to share information about other directly connected Cisco equipment, such as the operating system version and IP address...
messages - Link Layer Discovery ProtocolLink Layer Discovery ProtocolThe Link Layer Discovery Protocol is a vendor-neutral Link Layer protocol in the Internet Protocol Suite used by network devices for advertising their identity, capabilities, and neighbors on a IEEE 802 local area network, principally wired Ethernet...
messages - IGMP version 1 and 2 query and report messages
- DNSDomain name systemThe Domain Name System is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities...
messages - ARPAddress Resolution ProtocolAddress Resolution Protocol is a telecommunications protocol used for resolution of network layer addresses into link layer addresses, a critical function in multiple-access networks. ARP was defined by RFC 826 in 1982. It is Internet Standard STD 37...
messages - IPInternet ProtocolThe Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
, UDPUser Datagram ProtocolThe User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
, and TCPTransmission Control ProtocolThe Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
header creation - ICMPInternet Control Message ProtocolThe Internet Control Message Protocol is one of the core protocols of the Internet Protocol Suite. It is chiefly used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be...
packets - SyslogSyslogSyslog is a standard for computer data logging. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them...
messages - Address, port, and TCP sequence number sweeps
- Random MAC or IP addresses, FQDNFQDNA fully qualified domain name , sometimes also referred as an absolute domain name, is a domain name that specifies its exact location in the tree hierarchy of the Domain Name System . It specifies all domain levels, including the top-level domain and the root domain...
addresses - A very high packet transmission rate (approximately 100,000 packets per second)
A drawback of Mausezahn is that it only sends exactly the packet the user has specified. Therefore it
is rather less suited for vulnerability audits where additional algorithms are required to detect open ports
behind a firewall and to automatically evade intrusion detection systems (IDS). However, a network administrator could implement audit routines via a bash script that utilizes Mausezahn for creating the actual packets.
Platforms
Mausezahn currently runs only on Linux systems and there is no plans to port it to the Windows operating system.See also
- Traffic generation model
- For more advanced audit tools see for example NessusNessus (software)In computer security, Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. For example:...
and NmapNmapNmap is a security scanner originally written by Gordon Lyon used to discover hosts and services on a computer network, thus creating a "map" ofthe network...
.