Sniffing & Spoofingfirewallidstestingevasiontcpspoofingfragmentation

FTester

FTester is a tool for testing firewall filtering policies and Intrusion Detection System (IDS) capabilities. It simulates real TCP connections and employs evasion techniques for stateful inspection firewalls and IDS.

Description

The Firewall Tester (FTester) is designed for testing firewall filtering policies and IDS capabilities. It supports features like firewall testing, IDS testing, simulation of real TCP connections for stateful inspection firewalls and IDS, TCP connection spoofing, IP fragmentation, TCP segmentation, and IDS evasion techniques.

Use cases include evaluating the effectiveness of firewall rules and IDS detection rules against sophisticated attacks. It helps security professionals identify weaknesses in network defenses by attempting to bypass filters through fragmentation, spoofing, and other evasion methods.

FTester operates as a client-server tool with ftest and ftestd components, generating detailed logs for analysis via freport.

How It Works

FTester simulates real TCP connections to test stateful inspection in firewalls and IDS. It supports TCP connection spoofing, IP fragmentation/TCP segmentation, and IDS evasion techniques such as custom TTL values, checksum manipulation, and markers. The tool uses Perl libraries like libnet-pcap-perl, libnet-rawip-perl, and libnetpacket-perl to craft and send packets, with ftest as the client configuring tests via options and ftestd handling server-side operations. Logs are generated for reporting with freport.

Installation

bash

sudo apt install ftester

Flags

-f <conf_file>Specify configuration file

-c <source_ip>:<source_port>:<dest_ip>:<dest_port>:<flags>:<protocol>:<tos>Define connection parameters

-v <verbose>Set verbose level

-d <delay, 0.25 = 250 ms>Set delay between packets

-s <sleep time, 1 = 1 s>Set sleep time

-e <evasion method>Specify evasion method

-t <ids_ttl>Set IDS TTL value

-r <reset connection>Reset connection

-FEnd connection

-g <IP fragments number, es. 4|IP fragments size, es. 16b>Set IP fragments number or size

-p <TCP segments number, es. 4|TCP segments size, es 6b>Set TCP segments number or size

-k <cksum value, es. 60000>Set checksum value

-m <marker>Set marker

Examples

Display help for freport, the reporting tool for ftester logs

freport -h

Generate report from ftest and ftestd logs as shown in usage

freport ftest.log ftestd.log

Display full help and options for ftest client

ftest --help

Run ftest using a specified configuration file

ftest -f conf_file

Test a specific TCP connection with source/dest IP, ports, flags, protocol, TOS

ftest -c 192.168.1.1:1234:10.0.0.1:80:S:TCP:0

Run ftest verbosely with 500ms delay between packets

ftest -v 2 -d 0.5

Apply evasion method, IDS TTL, and 4 IP fragments

ftest -e tiny -t 30 -g 4

Updated 2026-04-16kali.org ↗