Sniffing & Spoofingnetworksimulationmalwareserviceshttpdnsftpsmtp

INetSim

INetSim is a software suite for simulating common internet services in a lab environment. It is particularly useful for analyzing the network behavior of unknown malware samples.

Description

INetSim provides a controlled environment to mimic various internet services, allowing security researchers to observe how malware or other software interacts with network services without connecting to real internet infrastructure. This is essential for safely analyzing potentially malicious samples in an isolated lab setting.

The tool supports simulation of multiple protocols including HTTP, SMTP, POP3, DNS, FTP, NTP, TFTP, IRC, Ident, Finger, Syslog, and small servers like Daytime, Time, Echo, Chargen, Discard, and Quotd. Additional features such as Faketime, connection redirection, detailed logging and reports, and TLS/SSL support enhance its utility for comprehensive network behavior analysis.

INetSim is lightweight with an installed size of 1.06 MB and integrates seamlessly into Kali Linux environments.

How It Works

INetSim operates by binding to specified IP addresses and ports to simulate designated internet services. It responds to client connections using predefined service data and behaviors, logging all interactions for analysis. Features like Faketime manipulate time responses, connection redirection routes traffic internally, and TLS/SSL provides encrypted service simulation. Detailed logging captures requests, responses, and connection metadata, while reports summarize activity for forensic review.

Installation

bash

sudo apt install inetsim

Flags

--helpPrint this help message.

--versionShow version information.

--config=<filename>Configuration file to use.

--log-dir=<directory>Directory logfiles are written to.

--data-dir=<directory>Directory containing service data.

--report-dir=<directory>Directory reports are written to.

--bind-address=<IP address>Default IP address to bind services to. Overrides configuration option 'default_bind_address'.

Examples

Displays the help message with available options for INetSim.

inetsim --help

Shows the version information of INetSim (1.3.2).

inetsim --version

Starts INetSim using a specific configuration file.

inetsim --config=/etc/inetsim/inetsim.conf

Binds all services to the specified IP address 192.168.1.100.

inetsim --bind-address=192.168.1.100

Sets the directory for writing logfiles to /var/log/inetsim.

inetsim --log-dir=/var/log/inetsim

Uses /opt/inetsim/data as the directory containing service data.

inetsim --data-dir=/opt/inetsim/data

Directs reports to be written to /var/reports/inetsim.

inetsim --report-dir=/var/reports/inetsim

Updated 2026-04-16kali.org ↗