Sniffing & Spoofingvpnlayer2injectionpcaptapudp

tundeep

tundeep is a Layer 2 VPN/injection tool that resides almost entirely in user space on the victim, requiring only pcap. It supports client and server modes for binding or connecting over IP and port.

Description

tundeep provides Layer 2 VPN and injection capabilities, operating primarily in user space except for its pcap dependency. This makes it lightweight and suitable for scenarios where kernel-level access is limited or undesirable. The tool is designed for network tunneling and manipulation at the data link layer.

Use cases include creating VPN tunnels over UDP, injecting traffic via tap interfaces, and handling both IPv4 and IPv6 configurations. It supports compression, checksum disabling, and BPF filtering for precise traffic control. Common applications involve penetration testing, network diagnostics, or bypassing network restrictions through Layer 2 tunneling.

The tool requires root privileges and dependencies like libc6, libpcap0.8t64, and zlib1g. Installed size is 49 KB, making it efficient for Kali Linux environments.

How It Works

tundeep uses pcap for packet capture and injection, binding to network interfaces or tap devices. In server mode (-s), it listens on a specified IP (-h) and port (-p); in client mode (-c), it connects to a remote server. It supports tap interfaces (-t for IPv4, -T for IPv6) with configurable IP (-x), mask/prefixlen (-y), and MAC (-u). UDP mode (-d) enables UDP tunneling with remote peer (-e), optional compression (-C), and checksum disabling (-K). BPF filters (-b) allow selective packet processing. The tool handles Layer 2 traffic encapsulation over IP/UDP, operating mostly in user space.

Installation

bash

sudo apt install tundeep

Flags

-6IPv6 mode

-Ccompress mode

-Kdisable checksum

-aprint all pcap devs

-b"bpf"

-iinterface to bind to

-hIP to bind to/connect to

-pport to bind to/connect to

-cclient mode

-sserver mode

-dudp mode

-eudp peer

-ttap interface

-Tipv6 tap interface

-utap mac

-xif -t mode, set iface ip, if -T mode, set iface ipv6 ip

-yif -t mode, set iface mask, if -T mode, set iface ipv6 prefixlen

Examples

Display help and usage information

tundeep -h

Start server mode binding to eth0, IP 192.168.1.100, port 1234

tundeep -i eth0 -h 192.168.1.100 -p 1234 -s

Start client mode connecting to IP 192.168.1.100 on port 1234 via eth0

tundeep -i eth0 -h 192.168.1.100 -p 1234 -c

Server mode with tap interface tap0, set tap IP 10.0.0.2/24

tundeep -t tap0 -h 10.0.0.1 -p 1234 -s -x 10.0.0.2 -y 24

IPv6 client mode with IPv6 tap interface, set IPv6 IP and prefixlen

tundeep -T tap0 -h 2001:db8::1 -p 1234 -c -x 2001:db8::2 -y 64 -6

Client mode with UDP tunneling to specified peer

tundeep -i eth0 -h 192.168.1.100 -p 1234 -c -d udp -e 192.168.1.101

Print all available pcap devices

tundeep -a

Server with compression, checksum disabled, BPF filter for HTTP traffic

tundeep -t tap0 -h 10.0.0.1 -p 1234 -s -C -K -b "tcp port 80"

Updated 2026-04-16kali.org ↗