This repository has been archived by the owner on Apr 28, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathncd.1
86 lines (74 loc) · 3.19 KB
/
ncd.1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
.TH ncd 1 "February 16, 2005" "version 1.0"
.SH NAME
ncd - Detect network compression along a route to a host
.SH SYNOPSIS
.B ncd
[\fIOPTION\fR...] \fIHOST\fR
.SH DESCRIPTION
.B ncd
detects compression and other middleboxes that perform more duties than simple routing by sending two trains of UDP packets and measuring the time difference between them. The first train contains packets that can be quickly processed by the middle box, while the second is designed to take much longer. The goal is to yeild a measurable time difference between the first packet train and the second.
For network compression we send an initial train with empty UDP packets, followed by a train whose packets contain random data which should - in genreral - take much longer to compress than a packet containing all 0's.
This behavior can be extended to check for any sort of middlebox processing by tailoring the second packet train to be difficult to process for the targeted behavior. I.E. to detect deep packet inspection make the UDP packets difficlut to inspect and force the inspector to travel far down its descision tree to identify it.
.TP
\fB-p\fR \fIPORT\fR
use destination \fIPORT\fR port (default: 33434)
.TP
\fB-H\fR
set the entropy to high (only second train)
.TP
\fB-L\fR
set the entropy to low (only first train)
.TP
\fB-o\fR
output results and metadata separated by spaces. Useful for parsing data.
.TP
\fB-T\fR
use TCP instead of UDP
.TP
\fB-s\fR \fISIZE\fR
set the size of the UDP payload to SIZE
.TP
\fB-n\fR \fINUM\fR
set the number of packets in the UDP data train to NUM
.TP
\fB-t\fR \fITTL\fR
set the Time To Live for all outgoing packets to TTL
.TP
\fB-c\fR \fICOOLDOWN\fR
set the cooldown period between High and Low Entropy trains for COOLDOWN seconds.
.TP
.B -w \fITAIL_WAIT\fR
set the time between tail ICMP messages to TAIL_WAIT in milliseconds
.TP
\fB-v\fR
enable verbose output
.TP
\fB-r\fR \fINUM_TAIL\fR
set the number of tail ICMP messages to NUM_TAIL
.TP
.B -f \fIFILE\fR
will read SIZE bytes from FILE to fill the UDP payloadad in the second train
(default = /dev/urandom)
.TP
.B -h
display help and usage
.SH AUTHOR
Written by PAul Kirth
.SH COPYRIGHT
The MIT License (MIT)
Copyright (c) 2015 Paul Kirth
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.