Mausezahn Explained

German: Mausezahn (pronounced as /de/, German for "mouse tooth") is a fast network traffic generator written in C which allows the user to craft nearly every possible and "impossible" packet. Since version 0.31 Mausezahn is open source in terms of the GPLv2. Herbert Haas, the original developer of Mausezahn, died on 25 June 2011.^[1] The project has been incorporated into the netsniff-ng toolkit, and continues to be developed there.^[2]

Typical applications of Mausezahn include:

• Testing or stressing IP multicast networks
• Penetration testing of firewalls and IDS
• Finding weaknesses in network software or appliances
• Creation of malformed packets to verify whether a system processes a given protocol correctly
• Didactical demonstrations as lab utility

Mausezahn allows sending an arbitrary sequence of bytes directly out of the network interface card. An integratedpacket builder provides a simple command line interface for more complicated packets. Since version 0.38, Mausezahn offers a multi-threaded mode^[3] with Cisco-style command line interface.

Features

As of version 0.38 Mausezahn supports the following features:^[4]

• Jitter measurement via Real-time Transport Protocol (RTP) packets
• VLAN tagging (arbitrary number of tags)
• MPLS label stacks (arbitrary number of labels)
• BPDU packets as used by the Spanning Tree Protocol (PVST+ is also supported)
• Cisco Discovery Protocol messages
• Link Layer Discovery Protocol messages
• IGMP version 1 and 2 query and report messages
• DNS messages
• ARP messages
• IP, UDP, and TCP header creation
• ICMP packets
• Syslog messages
• Address, port, and TCP sequence number sweeps
• Random MAC or IP addresses, FQDN addresses
• A very high packet transmission rate (approximately 100,000 packets per second)

Mausezahn only sends exactly the packet the user has specified. Therefore, it is rather less suited for vulnerability audits where additional algorithms are required to detect open ports behind a firewall and to automatically evade intrusion detection systems (IDS). However, a network administrator could implement audit routines via a script that utilizes Mausezahn for creating the actual packets.

Platforms

Mausezahn currently runs only on Linux systems and there are no plans to port it to the Windows operating system.^[5]

See also

• Traffic generation model
• Nessus
• Nmap

External links

• • Official/new website

Notes and References

1. Web site: Personal Webpage of Herbert Haas . https://web.archive.org/web/20170909015307/http://www.perihel.at/ . 9 September 2017 . dead . 31 March 2008 .
2. Web site: Webpage of Netsniff-NG with Mausezahn . 9 September 2012 . https://web.archive.org/web/20160908021235/http://netsniff-ng.org/ . 8 September 2016 . dead .
3. Web site: Introduction to MOPS . 10 March 2010 . https://web.archive.org/web/20120210215251/http://www.perihel.at/sec/mz/mops.html . 10 February 2012 . dead .
4. Web site: Mausezahn User Guide . 31 March 2008 . https://web.archive.org/web/20120210214716/http://www.perihel.at/sec/mz/mzguide.html . 10 February 2012 . dead .
5. Web site: Haas. Herbert. perihel.at/sec/mz/mzguide.html#what-is-mausezahn. 20 November 2011. https://web.archive.org/web/20120210214716/http://www.perihel.at/sec/mz/mzguide.html#what-is-mausezahn. 10 February 2012. dead.