Bug#587056: ITP: netexpect -- Network Expect, a framework for manipulating network packets
Network Expect is a framework that allows to easily build tools that
can interact with network traffic. Following a script, traffic can
be injected into the network, and decisions can be taken, and acted
upon, based on received network traffic. An interpreted language (Tcl)
provides branching and high-level control structures to direct the
interaction with the network.
Network Expect was heavily influenced and inspired on the Expect program
written by Don Libes, which allows to "talk" to interactive programs in
a scripted fashion.
The type of things that Network Expect can do are usually very low level
network operations, which usually require writing a custom application
in a language like C.
Some of the things that Network Expect can do include:
* Generate arbitrary network traffic and inject it into a network at
layer 2 or layer 3.
* A wide range of protocols is supported, including 802.1q, ARP, Cisco
VTP and DTP, GRE, IPv4, IPv6, ICMP, UDP, TCP (including options), etc.
This Network Expect functionality is very similar to the functionality
provided by several packet crafting and forging open source tools like
Nemesis, Packit, hping, Scapy, and others.
* Listen for network traffic and take decisions based on the type of
* Open a sniffer trace in PCAP format and replay it after changing some
values in the original packet capture.
* Emulate network protocols to see how they interact with other speakers
of that protocol. For example, emulating a TCP server to investigate
approaches to randomization of TCP Initial Sequence Numbers (ISN) can be
easily done in Network Expect.
Other comments: Network Expect uses libwireshark from the Wireshark
project for packet dissection tasks. I'm working with the wireshark
maintainer on the netexpect/wireshark integration since until now there
are no other packages (to my knowledge) that use libwireshark from the
Wireshark project for packet dissection tasks (package kismet uses
libwiretap also from the Wireshark project for read packet capture
Disclaimer: I am the Network Expect upstream maintainer and have a
biased interest in seeing my project in Debian.