|
NAMEptunnel - tunnel TCP connections over ICMP echo request/reply packets.SYNOPSISptunnel -p proxy_address -lp listen_port -da destination_address -dp dest_port [-c network_device] [-v verbosity] [-f file] [-udp] [-syslog]ptunnel [-c network_device] [-v verbosity] [-f file] [-udp] [-syslog] [-daemon file] ptunnel [-u] [-x password] [-setuid user] [-setgid group] [-chroot dir] [-setcon context] ptunnel -h DESCRIPTIONptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies. At first glance, this might seem like a rather useless thing to do, but it can actually come in handy in some cases. The following example illustrates the main motivation in creating ptunnel:Setting: You're on the go, and stumble across an open wireless network. The network gives you an IP address, but won't let you send TCP or UDP packets out to the rest of the internet, for instance to check your mail. What to do? By chance, you discover that the network will allow you to ping any computer on the rest of the internet. With ptunnel, you can utilize this feature to check your mail, or do other things that require TCP. OPTIONSClient options:
Shared options:
EXAMPLESThe following assumes that ptunnel is run as root, both on the proxy and client. To tunnel ssh connections from the client machine via a proxy running on proxy.pingtunnel.com to the computer login.domain.com, the following command line would be used:
An ssh connection to login.domain.com can now be established as follows:
If ssh complains about potential man-in-the-middle attacks, simply remove the offending key from the known_hosts file. The warning/error is expected if you have previously ssh'd to your local computer (i.e., ssh localhost), or you have used ptunnel to forward ssh connections to different hosts. Of course, for all of this to work, you need to start the proxy on your proxy-computer (proxy.pingtunnel.com). Doing this is very simple: ptunnel If you find that the proxy isn't working, you will need to enable packet capturing on the main network device. Currently this device is assumed to be an ethernet-device (i.e., ethernet or wireless). Packet capturing is enabled by giving the -c switch, and supplying the device name to capture packets on (for instance eth0 or en1). The same goes for the client. On Mac OS X, packet capturing must always be enabled (both for proxy and client), as resent packets won't be received otherwise. To protect yourself from others using your proxy, you can protect access to it with a password using the <tt>-x</tt> switch. The password is never sent in the clear, but keep in mind that it may be visible from tools like top or ps, which can display the command line used to start an application. EXIT STATUSptunnel does not exit until forced to do so by an interrupt (Ctrl-C) or if it crashes.BUGSptunnel currently does not handle packet capturing on network interfaces other than ethernet or wireless correctly.AUTHORS AND CONTRIBUTORSDaniel Stoedle (daniels@cs.uit.no)Windows port: Mike Miller (mike@mikeage.net) SELinux support: Sebastien Raveau (sebastien.raveau@epita.fr) Patches: Joe McKenzie, Steffen Wendzel and StalkR. LICENSEptunnel is licensed under the BSD License.AVAILABILITY
Please take the time to rate ptunnel if you find it useful. Thanks!
Visit the GSP FreeBSD Man Page Interface. |