. . :. :: :.: ::.::: .:. .: : ::: .. :. .:..: :.. ::

SourceForge Logo

Rate Pixilate at

Rate Pixilate at

FreeBSD Port

  pixilate parses an input file containing Cisco PIX 6.2x (normal mask)
   or Cisco IOS (inverted mask) access-list entries and generates
   the appropriate packets. For further information on writing PIX access-lists,
   look here, for information on writing IOS access-lists, look here.

  pixilate - is currently capable of generating TCP/UDP/ICMP (various ICMP
     types), and IGMP utilizing the Libnet 1.1.x library available from  NOTE: Libnet 1.0.x is NOT compatible."


     pixilate [-f access-list] [-dDfghipqrsSv]

     The options are as follows:
     -d destination ip address
                  Required argument. The Default destination IP address is
                  needed to ensure that the packet reaches the intended target
                  when an Extended ACL with 'any' as a destination or a Simple
                  ACL (0-99) is encountered. This IP should obviously be on
                  the inside of the firewall.

     -D destination port
                  Default destination port to be used when destination port is
                  'any' If omitted, the default destination port is 80.

     -f filename  Required argument. Filename written in PIX 6.2x access-list
                  format to be parsed.

     -g gateway address
                  Optional parameter to specify gateway ip address. This
                  parameter is only used for ICMP redirect packet generation.

     -h           Displays pixilate usage.

     -i ip id     Optional parameter to specify ip id. This is useful when
                  attempting to identify a spoofed address that was generated
                  from pixilate when used in combination with -q sequence

     -p payload   Optional parameter to specify payload.
                  Payloads can also be specified per acl by appending
                  payload "data" to the end of the desired ACL.

     -q sequence number
                  Optional parameter to specify sequence number. This is use-
                  ful when attempting to identify a spoofed address that was
                  generated from pixilate when used in combination with -i
                  ip id

     -r           Input file specified by -f filename is a Cisco IOS formatted
                  access-list (inverted mask) rather than the default Cisco
                  PIX formatted access-list (normal mask).

     -s source ip address
                  Default source IP address to be used when source address is
                  'any'. If omitted, a random source address is chosen.
     -S source port
	          Default source port to be used when source port is 'any'. If omitted,
                  the default source port is 1025.
     -v           Verbose mode. Displays statistics for each packet sent.


     access-list acl_ID {deny | permit} icmp {source_addr | local_addr}
     {source_mask | local_mask} {destination_addr | remote_addr} {destina-
     tion_mask | remote_mask} icmp_type

     access-list id {deny | permit} icmp {source_addr | local_addr}
     {source_mask | local_mask} | object-group network_obj_grp_id
     {destination_addr | remote_addr} {destination_mask | remote_mask} |
     object-group network_obj_grp_id
     [icmp_type | object-group icmp_type_obj_grp_id]

     access-list acl_ID {deny | permit} protocol {source_addr | local_addr}
     {source_mask | local_mask}[operator port [port]
     {destination_addr | remote_addr} {destination_mask | remote_mask}
     [operator port [port]

     access-list id {deny | permit}{protocol | object-group protocol_obj_grp_id
     {source_addr | local_addr} {source_mask | local_mask} |
     object-group network_obj_grp_id [operator port [port] |
     object-group service_obj_grp_id] {destination_addr | remote_addr}
     {destination_mask | remote_mask} | object-group network_obj_grp_id
     [operator port [port] | object-group service_obj_grp_id]}


     acl_ID Name of an access list. You can use either a name or number.
     pixilate uses acl_ID to determine if the ACL is Simple (0-99) where
     where only the source address is known or Extended (100-199) where both
     the source and destination addresses are known. 
     compiled Turbo ACLs are skipped by pixilate

     deny pixilate keeps track of the number of deny acl packets sent for
     informational purposes only. A packet is sent regardless of the acl being
     marked permit or deny.  destination_addr IP address of the network or
     host to which the packet is being sent.

     destination_mask Netmask to be applied to destination_addr, if the desti-
     nation address is a network mask. In this case, a random IP address valid
     for the networkmask/netmask is randomly generated.

     icmp_type pixilate is capable of generating echo-reply(0), unreach-
     able(3), redirect(5), echo(8), time-exceeded(11), timestamp-reply(13),
     timestamp-request(14), mask-request(17), mask-reply(18) packets.
     icmp_type can be referred to by the name or the protocol number. NOTE:
     redirect (icmp_type 5) packets required the -g option.

     local_addr address of network or host local to the Firewall.

     local_mask netmask to be applied to local_addr if the local address is a
     network mask.

     object-group object-group information is ignored by pixilate

     object_grp_id object_group_id is ignored by pixilate operator The opera-
     tor compares the soruce ip address or destination ip address ports. Pos-
     sible operands include lt for less than, gt for greater than, eq of
     equal, neq for not equal, and range for an inclusive range.  pixilate
     will randomly choose a source or destination port based on the operator.

     permit keeps track of the number of permit acl packets sent for informa-
     tional purposes only. A packet is sent regardless of the acl being marked
     permit or deny.

     port services you permit or deny access to. You can specify ports by
     either a literal name or a number in the range or 0 to 65535. If a port
     is not specified one will be generated randomly.  pixilate supports the
     following PIX TCP port literals: bgp, chargen, cmd, citrix-ica, daytime,
     discard, domain, echo, exec, finger, ftp, ftp-data, gopher, h323, host-
     name, http, ident, irc, klogin, kshell, lpd, nntp, pop2, pop3, pptp, rpc,
     smtp, sqlnet, sunrpc, tacacs, talk, telnet, time, uucp, whois, and www.
     pixilate supports the following PIX UDP port literals: biff, bootpc,
     bootps, discard, dnsix, echo, mobile-ip, nameserver, netbios-dgm, net-
     bios-ns, ntp, rip, snmp, snmptrap, sunrpc, syslog, tacacs, talk, tftp,
     time, who, and xdmcp. It is possible to specify a default source port
     with the -S option, and a default destination port of -D If not speci-

     remote_mask netmask to be applied to remote_addr, if the remote address
     is a network mask. In this case, a random IP address valid for the net-
     workmask/netmask is randomly generated.


     Requires libnet 1.1.x available at pixilate
     has been tested on FreeBSD 4.7, Solaris 8, and Linux using automake 1.5 and autoconf


     This manual page was written by Kirby Kuehl

Copyright 1999-2002 Kirby Kuehl