400 Pieces and Counting With Cross-Platform Net Tester lcrzoex

By Carla Schroder | Sep 11, 2002 | Print this Page
http://www.enterprisenetworkingplanet.com/netos/article.php/1460961/400-Pieces-and-Counting-With-CrossPlatform-Net-Tester-lcrzoex.htm

If you like those big toolsets from Sears that contain hundreds of pieces- and what's not to like, more = better- you'll love lcrzoex, the 400+ piece network testing toolbox. The author calls it "Swiss Knife For Network Developers."

Written by Laurent Constantin, it runs on *nix and Windows. I wish Mr. Constantin had authored a catchier name, but what the heck, it's his program. I quote from the lcrzo docs: "Lcrzo, which means "Laurent Constantin RHZO" (RHZO=network in French), can be pronounced " 'el' 'sea' 'reso'lv". Mr. Constantin was kind enough to provide an English translation of all the documentation.

lcrzoex is based on the freely available lcrzo library- if you've a mind to modify or develop your own utilities, go for it, it is licensed under the GPL. *nix systems also need libpcap, the ubiquitous UNIX packet capturing library. Windows needs the winpcap library, the Windows version of libpcap. Some days I feel more like a librarian than a sysadmin.

A brief list of some of its abilities:

  • sniff
  • spoof
  • configure
  • detect
  • map
  • scan
  • brute force attack

    lcrzoex is powerful and versatile, and can be used for ill as well as for good. I trust you will choose the latter. Using it is easy enough, it comes with a long numbered menu of common functions and abundant documentation. The most basic command syntax is lcrzoex [number].

    Type lcrzoex with no options to bring up a help menu, sample with much snippage shown here:

    [root@windbag src]# lcrzoex
    These tools were created with the network library lcrzo.

    0 - quit lcrzoex
    a - easy tools (new users, start here)
    b - obtains information
    c - sniff and save packets
    d - display and resend saved packets
    e - Ethernet and IP spoof
    j - routers
    m - malicious utilities
    Enter your category (key 0abcdefghijklmn)[a]:

    Let's do m:

    ********** Several sub-categories are available :
    0 + leave lcrzoex
    1 + go back to the main menu
    2 + go back to the previous category
    a - scanning
    b - network attacks
    c - spoofed email
    d - brute force attack

    I am not encouraging you to commit nefarious deeds. The great value of a toolkit like this is probing your own systems for vulnerabilities, monitoring all aspects of your network's activities, and using the information to improve efficiency and security. You can bet that serious crackers already know and use these tools.

    Categories are lettered, actual commands are numbered. If you know the number of the command you want, you can skip navigating the lettered menus:

    # lcrzoex 157

    This shows everything about the local machine- ARP table, routing table, DNS, network devices.

    Print NIC settings:

    [root@windbag src]# lcrzoex 155
    device : eth0
    computer name : unresolved
    ip address : 192.168.1.102/255.255.255.0
    ethernet address : 00:10:6D:00:22:CF

    Many of the commands are interactive, and give help as you go:

    [root@windbag src]# lcrzoex 7 eth0 "host 192.168.1.10"
    Listening on eth0
    Choose the print profile
    1 - header and data in synthetic aspect
    2 - header (without ethernet) and data in synthetic aspect
    3 - header and data in array aspect
    4 - header in array aspect and data in dump
    5 - header in array aspect and data in mixed
    6 - header and data in hexa aspect
    7 - header in hexa aspect and data in dump
    8 - header in hexa aspect and data in mixed
    9 - personalized profile
    Choose the profile (between 1 and 9)[4]:

    Installation
    libpcap/winpcap must already be installed on your system. Then there are three downloads for *nix systems: lcrzo-4.14-src.tgz (install this one first)
    lcrzoex-4.14-src.tgz
    lcrzoex-4.14-doc_html.tgz

    The first two tarballs are necessary, lcrzoex-4.14-doc_html.tgz is exactly the same as the documentation on http://www.laurentconstantin.com/en/lcrzoex/. Man pages are created during installation, this is a singularly well-documented program. Even the source code is well-documented, I was puttering around and successfully making minor changes with no trouble at all. Installation is a little different than usual. Unpack in your selected /src directory (tar xzvf), then cd to the /lcrzo-4.14-src/src directory, (or /lcrzoex-4.14-src/src) and run

    # ./genemake

    to generate the makefile. Now see how helpful this program is, after running genemake it says

    OK - You can now compile with 'make'

    See, it is not wrong to be helpful. Now run make, and make install, and there you are.

    Notice there is no ./config option. It is possible to fine-tune the installation process to a degree. Install the entire package, or individual tools. Compiling individual tools can lead to dependency heck, there are good instructions for those determined to try it. /lcrzo-4.14-src/src/config.dat offers installation options, such as language and platform. The defaults are for Linux. All available options are present, simply uncomment the ones you want.

    Windows installation is more complex, you'll need VC++ 6, and careful attention to the instructions.

    Limitations
    This really is an amazing suite of utilities. Mr. Constantin has documented the unfinished and broken bits, and fixes. The two limitations that I think worth noting are it supports only IPv4. And it runs mainly in a single thread or process, so large repetitive tasks are going to be slow. Most lcrzoex tools are written specifically for Ethernet networks, however the more important and commonly used tools have two versions. For example tool 249 sends icmp ping at Ethernet level, and tool 318 sends icmp ping at the IP level. Tool 318 could be used over a modem line.

    An Education Too
    lcrzoex comes with a raft of links to all manner of excellent tutorials on all aspects of networking. As I refine and lock down my own security yet further, and send yet more emails to clueless admins whose hijacked servers are pounding at mine, I wish this were a mandatory course of study for anyone administering a connected computer.

    Resources
    lcrzoex
    Testing a router or firewall
    TCP/IP Tutorial


    » See All Articles by Columnist Carla Shroder