IP Sorcery by Case(phric@legions.org)

Ok IPSorcery is a simple program(simple enough considering the interface), a 
basic knowledge of the IP protocol suite would be nice, but is not needed 
hence the interface, NOW YOU CAN LEARN TOO! GTK+ is no longer required 
for normal operation :) 

Incorporated in the program is IP, TCP, UDP, ICMP, IGMP packet generation,
I will also incorporate DNS packets and maybe even ARP at a later date 
so just hold your panties tight this is plenty to play with right now. 
Big thanks to the guys who wrote tcpdump, helped me alot in debugging. 

Source and Destination can both be specified as either hostname or IP,
if hostname, it will attempt to do a hostname lookup if it fails
well then specify the IP!!

If you are having problems sending packets, please use default settings 
for everything but ports and source and destination address. If it core dumps
please try to recreate the problem and send me an email telling me
what happened, I would appreciate this greatly.

By clicking on defaults it will reset every text field to it's original state
beside sequence number and source port and window size which are randomly
generated. Welp that should be all for now.

The datapayload cability can be taken advantage of in the GTK version by
adding the data to the big text box at the bottom. On the console version
specify the -D option and your data as a string. for example.

./ipmagic -id 209.78.23.4 -ts 10 -td 53 -D "Blah blah blah\r\n"
sends a packet to 209.78.23.4, destination port 53, source port 10
with a datapayload of Blah blah blah\r\n

GTK Version----

I usually use the GTK version for advanced port scanning, network
troubleshooting, firewall rules testing and packet spoofing it can't
really be used to establish a blind or non-blind spoofed connection.... YET.
I want to add DHCP, DNS, and ARP packet generation capabilities.
(DNS is in the works if you look at some of the commented out code)

For all of these I like to use tcpdump, but will probably build in something
to be able to watch the response from packets you send at a later date.

--Port Scanning--
Get tcpdump www.tcpdump.org
run tcpdump
tcpdump -i <device> -v -v -v host <host your sending to>
thats very verbose tcpdump listening on the device you specify, for packets
with host in it, if your sending data try also specifying "-X -s 1000"
which will show the packets in hex and increase the snaplength so you
can see all the data
run IP Sorcery by typing magic or ipmagic for the console version
you can specify TCP flags in the console version by using -tf option
example: ./ipmagic -tf SF
Next send away

TCP--
Usually when you send a SYN packet to an open port it will send
a SYN ACK back to you if it's open, a RST ACK if it's closed
When you send a SYN FIN it will usually send a SYN ACK back if it's open,
or a RST ACK if it's closed.
SYN PSH will send a SYN ACK back if it's open, a RST ACK if it's closed
FIN will send back a RST ACK if it's closed
PSH will send nothing if it's open or RST ACK if it's closed
ACK will usually get a RST back no matter if it's open or closed
No flags will return nothing if it's open, or a RST ACK if it's closed

Now this is if there is no firewall or ipchains or anything of
that nature running. Usually you can tell if a port is denying
access if there is no response to any packets you send at all

Try probing with an ACK to see if the port is blocked. If not
(ie it will return RST if it's alive, it will return nothing
if it's fully blocked, or sometimes an ICMP port unreachable)
If the ACK probe is successful try a No flag probe or a FIN probe


Questions, Comments, Bugs email phric@legions.org

to make gtk version
make gtk; make clean; make gtk-install
for console version
make con; make clean; make con-install

To run gtk type: magic
To run console type: ipmagic

thanks and enjoy,
Case The Cyberspace Cowboy

Note to Reader: Name was formerly IPMagic, but was changed because of trademark
reasons 
