{"id":26735849,"url":"https://github.com/ddddddO/packemon","last_synced_at":"2025-03-28T02:05:27.491Z","repository":{"id":236294655,"uuid":"792322009","full_name":"ddddddO/packemon","owner":"ddddddO","description":"Packet monster (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) TUI tool for sending packets of arbitrary input and monitoring packets on any network interfaces (default: eth0). ","archived":false,"fork":false,"pushed_at":"2025-03-22T14:59:43.000Z","size":38069,"stargazers_count":154,"open_issues_count":48,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-24T00:53:48.122Z","etag":null,"topics":["ebpf","linux","network","network-programming","networking","observability","packet","packet-analyzer","packet-generator","packet-monitoring","pcap","penetration-testing","pentesting","protocol","routing-protocols","security","socket-programming","sockets","system-programming"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ddddddO.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-26T12:35:59.000Z","updated_at":"2025-03-22T14:59:47.000Z","dependencies_parsed_at":"2024-05-18T12:41:50.944Z","dependency_job_id":"f4342837-d9f6-4683-aa40-a3ca7771efc7","html_url":"https://github.com/ddddddO/packemon","commit_stats":null,"previous_names":["ddddddo/packemon"],"tags_count":30,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ddddddO%2Fpackemon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ddddddO%2Fpackemon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ddddddO%2Fpackemon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ddddddO%2Fpackemon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ddddddO","download_url":"https://codeload.github.com/ddddddO/packemon/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245955255,"owners_count":20699891,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ebpf","linux","network","network-programming","networking","observability","packet","packet-analyzer","packet-generator","packet-monitoring","pcap","penetration-testing","pentesting","protocol","routing-protocols","security","socket-programming","sockets","system-programming"],"created_at":"2025-03-28T02:02:13.327Z","updated_at":"2025-03-28T02:05:27.478Z","avatar_url":"https://github.com/ddddddO.png","language":"Go","funding_links":[],"categories":["windows","Recently Updated","\u003ca name=\"networking\"\u003e\u003c/a\u003eNetworking","Table of Contents"],"sub_categories":["[Mar 25, 2025](/content/2025/03/25/README.md)"],"readme":"# Packémon\n\nPacket monster, or `Packémon` for short! (っ‘-’)╮=͟͟͞͞◒ ヽ( '-'ヽ) \u003cbr\u003e\n\n\u003c!-- ![](./assets/packemon.gif) --\u003e\n\u003c!-- https://github.com/user-attachments/assets/dbb0baeb-a0b8-4e18-8647-ac05020f83d5 --\u003e\nhttps://github.com/user-attachments/assets/69dc501d-8ffd-484a-90e2-dffa0fab373e\n\nTUI tool for generating packets of arbitrary input and monitoring packets on any network interfaces (default: `eth0`). **This tool is not available for Windows and macOS. I have confirmed that it works on Linux (Debian and Ubuntu on WSL2) .**\u003cbr\u003e\n\nI intend to develop it patiently🌴\n\nThe images of Packemon on REDME should be used as reference only, as they may look different from the actual Packemon.\n\n\u003e [!WARNING]\n\u003e This tool is implemented with protocol stacks from scratch and utilizes raw socket.\u003c/br\u003e\n\u003e There may be many bugs. If you find a bug, I would be glad if you raise an issue or give me a pull request!\n\n## Feature\n\nThis TUI tool has two major functions: packet generation and packet monitoring.\n\n|Generated DNS query \u003cbr\u003eand Recieved response| Displayed DNS response detail|Filtered packets|\n|--|--|--|\n|![](./assets/packemon_dns.png)|![](./assets/packemon_dns_response.png)|![](./assets/packemon_filter.png)|\n\nThis image shows packemon running in Generator / Monitor mode.\u003c/br\u003e\nDNS query packet generated by Generator on the left is shown in **56** line of the Monitor. DNS query response packet is shown as **57** line, and a more detailed view of it is shown in the middle image.\u003c/br\u003e\nSee **[here](https://github.com/ddddddO/packemon#sending-dns-query-and-monitoring-dns-response)** for detailed instructions.\n\nPackemon's Monitor allows user to select each packet by pressing `Enter` key. Then, select any line and press `Enter` key to see the details of the desired packet. Pressing `Esc` key in the packet detail screen will return you to the original packet list screen.\nThe rightmost image shows how the packet list is filtered.\n\n### Generator\n\n- Send generated packets to any network interfaces.\n - You can specify network interface with `--interface` flag. Default is `eth0`.\n\n- Packets of various protocols are supported.\n\n \u003cdetails\u003e\u003csummary\u003edetails\u003c/summary\u003e\n\n - [x] Ethernet\n - [x] ARP (WIP)\n - [x] IPv4 (WIP)\n - [x] IPv6 (WIP)\n - [x] ICMPv4 (WIP)\n - [ ] ICMPv6\n - [x] TCP (WIP)\n - [x] UDP (WIP)\n - [x] TLSv1.2 (WIP)\n - This tool is not very useful because the number of cipher suites it supports is still small, but an environment where you can try it out can be found [here](./cmd/debugging/https-server/README.md).\n - TCP 3way handshake ~ TLS handshake ~ TLS Application data (encrypted HTTP)\n - Supported cipher suites include\n - `TLS_RSA_WITH_AES_128_GCM_SHA256`\n - You can check the server for available cipher suites with the following command\n - `nmap --script ssl-enum-ciphers -p 443 \u003cserver ip\u003e`\n - [x] TLSv1.3 (WIP)\n - This tool is not very useful because the number of cipher suites it supports is still small, but an environment where you can try it out can be found [here](./cmd/debugging/https-server/README.md).\n - TCP 3way handshake ~ TLS handshake ~ TLS Application data (encrypted HTTP)\n - Supported cipher suites include\n - `TLS_CHACHA20_POLY1305_SHA256`\n - [x] DNS (WIP)\n - [x] HTTP (WIP)\n - [ ] xxxxx....\n - [ ] Routing Protocols\n - IGP (Interior Gateway Protocol)\n - [ ] OSPF (Open Shortest Path First)\n - [ ] EIGRP (Enhanced Interior Gateway Routing Protocol)\n - [ ] RIP (Routing Information Protocol)\n - EGP (Exterior Gateway Protocol)\n - [ ] BGP (Border Gateway Protocol)\n - [Currently there is only debug mode](./cmd/debugging/bgp/README.md)\n - TCP 3way handshake ~ Open ~ Keepalive ~ Update ~ Notification\n\n \u003c/details\u003e\n\n\u003e[!WARNING]\n\u003e While using Generator mode, TCP RST packets automatically sent out by the kernel are dropped. When this mode is stopped, the original state is restored. Probably😅.\n\u003e Incidentally, dropping RST packets is done by running [the eBPF program](./egress_control/).\n\u003e The background note incorporating the eBPF is the POST of X around [here](https://x.com/ddddddOpppppp/status/1798715056513056881). \n\n### Monitor\n\n- Monitor any network interfaces.\n - You can specify network interface with `--interface` flag. Default is `eth0`.\n\n- Can filter packets to be displayed.\n - You can filter the values for each item (e.g. `Dst`, `Proto`, `SrcIP`...etc.) displayed in the listed packets.\n\n- Specified packets can be saved to pcapng file.\n\n- Packets of various protocols are supported.\n\n \u003cdetails\u003e\u003csummary\u003edetails\u003c/summary\u003e\n\n - [x] Ethernet\n - [x] ARP\n - [x] IPv4 (WIP)\n - [x] IPv6 (WIP)\n - [x] ICMPv4 (WIP)\n - [ ] ICMPv6\n - [x] TCP (WIP)\n - [x] UDP\n - [x] TLSv1.2 (WIP)\n - [ ] TLSv1.3\n - [ ] DNS (WIP)\n - [x] DNS query\n - [x] DNS query response\n - [ ] xxxxx....\n - [ ] HTTP (WIP)\n - [x] HTTP GET request\n - [x] HTTP GET response\n - [ ] xxxxx....\n - [ ] xxxxx....\n - [ ] Routing Protocols\n - IGP (Interior Gateway Protocol)\n - [ ] OSPF (Open Shortest Path First)\n - [ ] EIGRP (Enhanced Interior Gateway Routing Protocol)\n - [ ] RIP (Routing Information Protocol)\n - EGP (Exterior Gateway Protocol)\n - [ ] BGP (Border Gateway Protocol)\n\n \u003c/details\u003e\n\n\u003e[!WARNING]\n\u003e If packet parsing fails, it is indicated by “Proto:ETHER” as shown in the following image. \n\u003e\n\u003e ![](./assets/failed_parse_packet.png)\n\u003e\n\u003e If you want to check the details of the packet, you can select the line, save it to a pcapng file, and import it into Wireshark or other software🙏\n\n## Installation\n\n\u003cpre\u003e\n\n\u003cb\u003egit clone \u0026 Go\u003c/b\u003e\n# Recomended (Clone this repository and require 'Dependencies' section of https://ebpf-go.dev/guides/getting-started/#ebpf-c-program)\n$ cd egress_control/ \u0026\u0026 go generate \u0026\u0026 cd -\n$ go build -o packemon cmd/packemon/*.go\n$ ls | grep packemon\n$ mv packemon /usr/local/bin/\n\n\u003cb\u003eGo\u003c/b\u003e\n# Deprecated (In some environments, RST packets may be sent during TCP 3-way handshake)\n$ go install github.com/ddddddO/packemon/cmd/packemon@latest\n\n\u003cb\u003edeb\u003c/b\u003e\n$ export PACKEMON_VERSION=X.X.X\n$ curl -o packemon.deb -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.deb\n$ dpkg -i packemon.deb\n\n\u003cb\u003erpm\u003c/b\u003e\n$ export PACKEMON_VERSION=X.X.X\n$ yum install https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.rpm\n\n\u003cb\u003eapk\u003c/b\u003e\n$ export PACKEMON_VERSION=X.X.X\n$ curl -o packemon.apk -L https://github.com/ddddddO/packemon/releases/download/v$PACKEMON_VERSION/packemon_$PACKEMON_VERSION-1_amd64.apk\n$ apk add --allow-untrusted packemon.apk\n\n\u003c/pre\u003e\n\n## Usage\n\n- Generator\n ```console\n sudo packemon --send\n ```\n\n- Monitor\n ```console\n sudo packemon\n ```\n\n## Usecase\n### Sending DNS query and Monitoring DNS response\n\n1. setup\n ```sh\n # Generator\n $ sudo packemon --send\n ```\n\n ```sh\n # Monitor\n $ sudo packemon\n ```\n\n ← Generator | Monitor →\n\n ![](./assets/packemon_dns.png)\n\n2. Generator\n - `Lα` \u003e `Ethernet` \u003e `Ether Type` \u003e **IPv4**\n - `Lβ` \u003e `IPv4` \u003e `Protocol` \u003e **UDP**\n - `Lβ` \u003e `IPv4` \u003e `Destination IP Addr` \u003e **1.1.1.1**\n - Enter the address of DNS resolver here. Above is the address of Cloudflare resolver.\n - `Lγ` \u003e `UDP` \u003e `Destination Port` \u003e **53**\n - `Lγ` \u003e `UDP` \u003e `Automatically calculate length ?` \u003e **(Check!)**\n - `Lε` \u003e `DNS` \u003e `Queries Domain` \u003e **go.dev**\n - Enter here the domain for which you want to name resolution.\n\n - `Lε` \u003e `DNS` \u003e Click on **Send!**\n - At this time, DNS query is sent with the contents set so far.\n\n ![](./assets/packemon_dns_response_2.png)\n\n3. Monitor\n\n - Find records where `Proto`: **DNS** and `DstIP` or `SrcIP` is **1.1.1.1**. Select each record to see the packet structure of the DNS query and the packet structure of the DNS response.\n\n - List\n ![](./assets/sending_dns_query_and_monitoring_dns_response/3.png)\n\n - DNS query (`DstIP: 1.1.1.1`)\n ![](./assets/sending_dns_query_and_monitoring_dns_response/4.png)\n\n - DNS response (`SrcIP: 1.1.1.1`)\n ![](./assets/sending_dns_query_and_monitoring_dns_response/5.png)\n\n## Another feature\n\n\u003cdetails\u003e\n\n\u003csummary\u003e⚠️ Might be repealed\u003c/summary\u003e\n\nThe local node's browser can monitor packets from remote nodes or send arbitrary packets from remote nodes.\n\n```\n +-------------------------------------+\n+----------------------+ | REMOTE NODE |\n| LOCAL NODE (Browser) | | $ sudo packemon-api --interface xxx |\n| Monitor \u003c---------|-- WebSocket --|--\u003e HTTP GET /ws \u003c-----+ |\n| Generator ---------|-- POST packet --|--\u003e HTTP POST /packet | |\n+----------------------+ | -\u003e parse packet | | +---------------+\n | -\u003e Network Interface -----|-- Send packet --\u003e| TARGET NODE x |\n +-------------------------------------+ | |\n +---------------+\n```\n\n- Remote node\n ![](./assets/packemon_api_remote.png)\n\n- Local node\n ![](./assets/packemon_api_local.png)\n\n\n\u003e[!WARNING]\n\u003e Please note that the following is dangerous.\n\nThe following procedure is an example of how you can expose packemon-api to the outside world and monitor and send remote node packets on your browser.\n\n1. (REMOTE) Please install `packemon-api` and run.\n ```console\n $ go install github.com/ddddddO/packemon/cmd/packemon-api@latest\n $ sudo packemon-api --interface wlan0\n ```\n1. (REMOTE) Run [`ngrok`](https://ngrok.com/) and note the URL to be paid out.\n ```console\n $ ngrok http 8082\n ```\n1. (LOCAL) Enter the dispensed URL into your browser and you will be able to monitor and send packets to remote node.\n\n\u003c/details\u003e\n\n## Related tools\n- [Wireshark](https://www.wireshark.org/)\n- [tcpdump](https://www.tcpdump.org/)\n- netcat(nc)\n- [Nmap](https://nmap.org/)\n- [Scapy](https://github.com/secdev/scapy)\n- [google/gopacket](https://github.com/google/gopacket) / [gopacket/gopacket](https://github.com/gopacket/gopacket) (maintained)\n\n## Acknowledgment\n- [rivo/tview](https://github.com/rivo/tview)\n - Packemon is using this TUI library.\n\n- [Golangで作るソフトウェアルータ](https://booth.pm/ja/items/5290391)\n - The way Go handles syscalls, packet checksum logic, etc. was helpful. Packemon was inspired by this book and began its development. This is a book in Japanese.\n\n## Document\n- [ネットワークを知りたくて](https://zenn.dev/openlogi/articles/195d07bd9bc5b4)\n\n```\n⌒丶、_ノ⌒丶、_ノ⌒丶、_ノ⌒丶、_ノ⌒丶、_ノ⌒丶、_ノ\n              ○\n            о\n           。\n \n           ,、-、_  __\n     ,、-―、_,、'´    ̄  `ヽ,\n    /       ・    .   l、\n    l,       ヾニニつ    `ヽ、\n     |                  `ヽ,\n     ノ                  ノ\n    /::::                 /\n  /:::::::                ..::l、\n /::::::::::::::::::......:::::::.       ............::::::::::`l,\n l::::::::::::::::::::::::::::::::::::......   ....:::::::::::::::::::::::::::::`l,\n ヽ,:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::ノ\n    ̄ ̄``ヽ、_:::::::::::::::::::::::,、-―´ ̄`ヽ、,、-'\n          `ヽ―-―'´\n ```\n\n## Stargazers over time\n[![Stargazers over time](https://starchart.cc/ddddddO/packemon.svg?variant=adaptive)](https://starchart.cc/ddddddO/packemon)\n\n## Log (japanese)\n\n\u003cdetails\u003e\u003csummary\u003exxx\u003c/summary\u003e\n\n## Links\n- 「Golangで作るソフトウェアルータ」\n - その実装コード: https://github.com/sat0ken/go-curo\n- https://terassyi.net/posts/2020/03/29/ethernet.html\n- 動作確認用コマンドの参考\n - https://zenn.dev/takai404/articles/76d47e944d8e18\n- [Scrapboxメモ書き](https://scrapbox.io/ddddddo/%E3%83%8D%E3%83%83%E3%83%88%E3%83%AF%E3%83%BC%E3%82%AF%E7%B3%BB%E8%AA%AD%E3%81%BF%E7%89%A9)\n\n- WSL2のDebianで動作した。\n\n- 任意の Ethernet ヘッダ / IPv4 ヘッダ / ARP / ICMP を楽に作れてフレームを送信できる\n- 以下はtmuxで3分割した画面に各種ヘッダのフォーム画面を表示している。そして ICMP echo request を送信し、 echo reply が返ってきていることを Wireshark で確認した様子\n ![](./assets/tui_ether_ip_icmp.png)\n ![](./assets/tui_send_icmp_result1.png)\n ![](./assets/tui_send_icmp_result2.png)\n\n- フレームを受信して詳細表示(ARPとIPv4)\n ![](./assets/tui_send_recieve.png)\n\n \u003cdetails\u003e\u003csummary\u003e少し前のUI(`5062561` のコミット)\u003c/summary\u003e\n\n ![](./assets/tui_0428.png)\n ![](./assets/tui_cap_0428.png)\n\n \u003c/details\u003e\n\n- TUIライブラリとして https://github.com/rivo/tview を使わせてもらってる🙇\n\n### 動作確認\n\n#### Raspberry Piで簡易http server\n```console\npi@raspberrypi:~ $ sudo go run main.go\n```\n\n#### パケットキャプチャ\n```console\n$ sudo tcpdump -U -i eth0 -w - | /mnt/c/Program\\ Files/Wireshark/Wireshark.exe -k -i -\n```\n\n- 受信画面\n\n ```console\n $ sudo go run cmd/packemon/main.go\n ```\n\n\n- 送信画面\n\n ```console\n $ sudo go run cmd/packemon/main.go --send\n ```\n\n- 単発フレーム送信コマンド(e.g. ARP request)\n\n ```console\n $ sudo go run cmd/packemon/main.go --debug --send --proto arp\n ```\n\n#### TLS version 指定でリクエスト\n```console\n# TLS v1.2 でリクエスト\n$ curl -k -s -v --tls-max 1.2 https://192.168.10.112:10443\n\n# TLS v1.3 でリクエスト\n$ curl -k -s -v --tls-max 1.3 https://192.168.10.112:10443\n\n# TLS v1.3 で cipher suites を指定してリクエスト(ただし、Client Hello の Cipher Suites のリストが、その指定のみになるわけではなく、一番上(最優先)にくるというもの(パケットキャプチャで確認))\n$ curl -k -s -v --tls-max 1.3 --tls13-ciphers \"TLS_CHACHA20_POLY1305_SHA256\" https://192.168.10.112:10443\n```\n\n#### 手軽にブロードキャスト\n```console\n$ arping -c 1 1.2.3.4\nARPING 1.2.3.4 from 172.23.242.78 eth0\nSent 1 probes (1 broadcast(s))\nReceived 0 response(s)\n```\n\n#### tcpでdns\n```console\n$ nslookup -vc github.com\n```\n\n#### ipv6でping\nどうするか\n\n```console\n$ ip -6 route\n$ ping -c 1 fe80::1\n```\n\n#### 自前実装の tcp 3way handshake\n```console\n$ sudo go run cmd/packemon/main.go --send --debug --proto tcp-3way-http\n```\n\n### 動作確認の様子\n\n\u003cdetails\u003e\u003csummary\u003exxx\u003c/summary\u003e\n\n- Ethernetフレームのみ作って送信(`77c9149` でコミットしたファイルにて)\n\n ![](./assets/Frame.png)\n\n- ARPリクエストを作って送信(`390f266` でコミットしたファイルにて。中身はめちゃくちゃと思うけど)\n\n ![](./assets/ARP.png)\n\n- ARPリクエストを受信してパース(`b6a025a` でコミット)\n\n ![](./assets/ARP_request_console.png)\n ![](./assets/ARP_request.png)\n\n\u003c/details\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FddddddO%2Fpackemon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FddddddO%2Fpackemon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FddddddO%2Fpackemon/lists"}