HowtoForge

Installing and using Tundeep for network tunnelling and testing on Debian

Installing and using Tundeep for network tunnelling and testing on Debian

Tundeep is a network tunnelling daemon written in C that runs in userspace using libpcap. Tundeep is used as a security testing tool allowing a tester to tunnel through the target network at layer 2. A TAP interface will be brought up on the tester's machine for each level of the network allowing direct interaction with hosts on the network segment through a compromised client device.

Prerequisites

Install the prerequisites using apt-get:

apt-get install make gcc libc6-dev libpcap-dev

Downloading and building Tundeep

wget http://www.iodigitalsec.com/wp-content/tundeep-latest.tgz
tar -xzf tundeep-latest.tgz
cd tundeep_v0.2a_130916
make

The default make configuration is to build on Linux with all options supported. Makefile can be edited however to support Windows or disable options.

Running Tundeep

Tundeep settings are as follows:

Usage: tundeep <-i iface|[-t|-T] tapiface> <-h ip> <-p port> [-6] [-C] <-c|-s> [-x tapip] [-y tapmask] [-u tapmac] [-b bpf] [-d udp mode] [-e udp remote] [-K]

-6 IPv6 mode
-C compress mode
-K disable checksum
-a print all pcap devs
-b "bpf"
-i interface to bind to
-h IP to bind to/connect to
-p port to bind to/connect to
-c client mode
-s server mode
-d udp mode
-e udp peer
-t tap interface
-T ipv6 tap interface
-u tap mac
-x if -t mode, set iface ip, if -T mode, set iface ipv6 ip
-y if -t mode, set iface mask, if -T mode, set iface ipv6 prefixlen
--------------------

DEBUG(2): Usage: Either -s or -c must be specified

On the compromised server, Tundeep can be started in TCP server mode on port 9999 as follows:

./tundeep -s -h 0.0.0.0 -p 9999 -i eth1

On your client, Tundeep would be initialized as follows:

./tundeep -c -h SERVER-IP -p 9999 -t tap0

Tundeep also supports UDP peer mode (-d/-e) should additional speed or firewall evasion be required. Assuming a server IP of 192.168.1.1 and client IP of 192.168.1.2:

./tundeep -d -e 192.168.1.2 -h 192.168.1.1 -p 53 -i eth1

The client would run:

./tundeep -d -e 192.168.1.1 -h 192.168.1.2 -p 53 -t tap0

The client now presents a 'tap0' interface virtually placed on the server's eth1 (private) interface

Further Options

IO Digital Sec

Tundeep documentation

Installing and using Tundeep for network tunnelling and testing on Debian