randpkt [ -b <maxbytes> ] [ -c <count> ] [ -t <type> ] <filename>
randpkt is a small utility that creates a pcap trace file full of random packets.
By creating many randomized packets of a certain type, you can test packet sniffers to see how well they handle malformed packets. The sniffer can never trust the data that it sees in the packet because you can always sniff a very bad packet that conforms to no standard. randpkt produces very bad packets.
When creating packets of a certain type, randpkt uses a sample packet that is stored internally to randpkt. It uses this as the starting point for your random packets, and then adds extra random bytes to the end of this sample packet.
For example, if you choose to create random ARP packets, randpkt will create a packet which contains a predetermined Ethernet II header, with the Type field set to ARP. After the Ethernet II header, it will put a random number of bytes with random values.
- -b <maxbytes>
Defines the maximum number of bytes added to the sample packet. If you choose a maxbytes value that is less than the size of the sample packet, then your packets would contain only the sample packet... not much variance there! randpkt exits on that condition.
- -c <count>
Defines the number of packets to generate.
- -t <type>
Default Ethernet II frame.
Defines the type of packet to generate:
arp Address Resolution Protocol bgp Border Gateway Protocol bvlc BACnet Virtual Link Control dns Domain Name Service eth Ethernet fddi Fiber Distributed Data Interface giop General Inter-ORB Protocol icmp Internet Control Message Protocol ip Internet Protocol ipv6 Internet Protocol Version 6 llc Logical Link Control m2m WiMAX M2M Encapsulation Protocol megaco MEGACO nbns NetBIOS-over-TCP Name Service ncp2222 NetWare Core Protocol sctp Stream Control Transmission Protocol syslog Syslog message tds TDS NetLib tcp Transmission Control Protocol tr Token-Ring udp User Datagram Protocol usb Universal Serial Bus usb-linux Universal Serial Bus with Linux specific header
- --log-level <level>
Set the active log level. Supported levels in lowest to highest order are "noisy", "debug", "info", "message", "warning", "critical", and "error". Messages at each level and higher will be printed, for example "warning" prints "warning", "critical", and "error" messages and "noisy" prints all messages. Levels are case insensitive.
- --log-fatal <level>
Abort the program if any messages are logged at the specified level or higher. For example, "warning" aborts on any "warning", "critical", or "error" messages.
- --log-domains <list>
Only print messages for the specified log domains, e.g. "GUI,Epan,sshdump". List of domains must be comma-separated.
- --log-debug <list>
Force the specified domains to log at the "debug" level. List of domains must be comma-separated.
- --log-noisy <list>
Force the specified domains to log at the "noisy" level. List of domains must be comma-separated.
- --log-file <path>
Write log messages and stderr output to the specified file.
To see a description of the randpkt options use:
To generate a capture file with 1000 DNS packets use:
randpkt -b 500 -t dns rand_dns.pcap
To generate a small capture file with just a single LLC frame use:
randpkt -b 100 -c 1 -t llc single_llc.pcap