Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

etherpuppet(1) [debian man page]

ETHERPUPPET(1)						    BSD General Commands Manual 					    ETHERPUPPET(1)

NAME

     etherpuppet -- create a virtual interface from a remote Ethernet interface

SYNOPSIS

     etherpuppet [-s port] [-c target:port] [-B] [-S] [-M filter] [-C] [-i iface]
     etherpuppet [-m] [-s port] [-c target:port] [-I iface]

DESCRIPTION

     etherpuppet is a small program that will create a virtual interface (TUN/TAP) on one machine from the ethernet interface of another machine
     through a TCP connection. Everything seen by the real interface will be seen by the virtual one. Everything sent to the virtual interface
     will be emitted by the real one.

     It has been designed because one often has a small machine as his Internet gateway, and sometimes want to run some big applications that need
     raw access to this interface, for sniffing (Ethereal, etc.)  or for crafting packets that do not survive being reassembled, NATed, etc.

     When launched with the first syntax, etherpuppet is a slave that will send to its master everything that passes on the given interface. With
     the second syntax, etherpuppet is the master and will create the special TAP device (whose default name starts with puppet.  In both modes,
     etherpuppet is able to either connect or listen to its slave/master.

     Traffic seen by the real interface is sent through the TCP connection to the doll interface. Thus, it is important that this connection is
     not seen by the real interface (or else, we'll have a cute infinite traffic loop).

     The options are as follows:

     -s port
	     Listen on the given TCP port.

     -c ip:port
	     Connect to the slave/master on the given IP/port.

     -i iface
	     Vampirize the given interface name.

     -I ifname
	     Choose the name of the virtual interface.

     -m      Master mode.

     -B      Do not use BPF.  With this option, etherpuppet may see its own traffic.

     -S      Build BPF with the content of SSH_CONNECTION environment variable.

     -M src:sp,dst:dp
	     Build manually a BPF filter that will exclude matching traffic in both directions.

     -C      Do not copy real interface parameters to virtual interface.

     The source and destination are by default the TCP connection end points. If you go through SSH tunneling, you can use the -S option to use
     SSH_CONNECTION environment variable content instead, so that you will filter out the SSH connection of your current session and not the con-
     nection to the local SSH tunnel end point (which is pointless). If this still not fit your needs, you can manually specify the connection end
     points with -M.

     If you connect two Etherpuppet instances in master mode, you'll get a TCP tunnel through virtual interfaces.

     If you connect two Etherpuppet instances in slave mode, you may get some kind of inefficient distributed bridge, but more probably, you'll
     get a big mess.

AUTHORS

     The etherpuppet program was written by Philippe Biondi <phil@secdev.org>.

     This manual page was written by Vincent Bernat <bernat@debian.org>, for the Debian project (but may be used by others).

BSD
								  August 7, 2008							       BSD

Check Out this Related Man Page

FAITH(4)						   BSD Kernel Interfaces Manual 						  FAITH(4)

NAME

     faith -- IPv6-to-IPv4 TCP relay capturing interface

SYNOPSIS

     device faith

DESCRIPTION

     The faith interface captures IPv6 TCP traffic, for implementing userland IPv6-to-IPv4 TCP relay like faithd(8).

     Each faith interface is created at runtime using interface cloning.  This is most easily done with the ifconfig(8) create command or using
     the cloned_interfaces variable in rc.conf(5).

     Special action will be taken when IPv6 TCP traffic is seen on a router, and the routing table suggests to route it to the faith interface.
     In this case, the packet will be accepted by the router, regardless of the list of IPv6 interface addresses assigned to the router.  The
     packet will be captured by an IPv6 TCP socket, if it has the IN6P_FAITH flag turned on and matching address/port pairs.  As a result, faith
     will let you capture IPv6 TCP traffic to some specific destination addresses.  Userland programs, such as faithd(8) can use this behavior to
     relay IPv6 TCP traffic to IPv4 TCP traffic.  The program can accept some specific IPv6 TCP traffic, perform getsockname(2) to get the IPv6
     destination address specified by the client, and perform application-specific address mapping to relay IPv6 TCP to IPv4 TCP.

     The IN6P_FAITH flag on a IPv6 TCP socket can be set by using setsockopt(2), with level IPPROTO_IPV6 and optname IPv6_FAITH.

     To handle error reports by ICMPv6, some ICMPv6 packets routed to an faith interface will be delivered to IPv6 TCP, as well.

     To understand how faith can be used, take a look at the source code of faithd(8).

     As the faith interface implements potentially dangerous operations, great care must be taken when configuring it.	To avoid possible misuse,
     the sysctl(8) variable net.inet6.ip6.keepfaith must be set to 1 prior to using the interface.  When net.inet6.ip6.keepfaith is 0, no packets
     will be captured by the faith interface.

     The faith interface is intended to be used on routers, not on hosts.

SEE ALSO

     inet(4), inet6(4), faithd(8)

     Jun-ichiro itojun Hagino and Kazu Yamamoto, An IPv6-to-IPv4 transport relay translator, RFC3142.

HISTORY

     The FAITH IPv6-to-IPv4 TCP relay translator first appeared in the WIDE hydrangea IPv6 stack.

BSD
								  April 10, 1999							       BSD
Man Page