rain(1)

NAME

rain - a powerful, fully customizable packet builder

SYNOPSIS

rain [ options ] -t <target-host>

DESCRIPTION

rain is a powerful packet builder for stress testing hard
ware and software. Its features include support for all IP pro
tocols, and the ability to fully customize the packets it sends.

DISCLAIMER

This program was written with the intent to help system
administrators discover weaknesses in their services. This pro
gram is not intended to be abused maliciously and the author of
this program will take absolutely no responsibility for any dam
age that this program may cause.
Please be responsible and use this program for testing on
your system only!!

OPTIONS

Options must be seperate. -v -v is recognized while -vv is
not.
Most options can also take hexidecimal arguments, prefixed
with 0x.
Alot of the following options require root priviledges.
Try rain --help as a non-root user to see normal user options.
-v This causes rain to output more verbosely. You may
use it up to three times. It is recommended that you use this
option, and verbose mode may very well be implemented without the
use of -v in the future
-c <count>
When specified, count packets will be sent, rather
than infinite. Default value is 0 (infinite).
-d <delay>
This will cause rain to wait delay microseconds be
tween packet sends. The default value is 10000.
-b Specify this option if the target host is a broad
cast address. If the target address contains "255", rain will
automatically assume it to be a broadcast address, and allow
broadcast messages.
-s <source-hostname>
This sets the source hostname of each packet sends.
The default value will be the IP address of the primary outgoing
interface.
-s 0 will cause the source hostname to be random
with each packet sent.
-t <target-hostname>
This sets the target hostname, where the packets
will be sent.
--size <bytes>
This specifies the size in bytes of each packet
sent. The default is the kernels default maximum TCP segment
size, usually 507. (See macro TCP_MSS in netinet/tcp.h)
-p | --dport | --destination-port <destination-port>
These options specify the destination port on the
target host. Using a value of 0 will cause the destination-port
to be random with each packet. Default value is 138.
--sport | --source-port <source-port>
These options specify the default source port of
each packet. Using a value of 0 will cause the source-port to be
random with each packet. Default value is 420.
--timeout <seconds>
This specifies how many seconds of inactivity to
wait before exiting in TCP streaming showers, such as --stream
and --connect which are described later. The default value is 10
seconds.
--sim <simulation-number>
When specified, rain will simulate one of several
well known DoS attacks.
Here are the possible values:
0 - fawx2.c
1 - bloop.c
2 - jolt2.c
3 - trash2.c
4 - raped.c
--noblock
This sets all socket I/O to be non-blocking. This
will result in faster packet sending with showers such as --con
nect, although it will not wait for the entire TCP handshake be
fore sending the next connection request. If you are not sure
what this is for, don't use it.
--oob When specified, all packets will be sent as Out-of
Band data (MSG_OOB).
--noroute
When specified, rain will bypass any underlying
routing mechanisms (such as the kernel routing table) for direct
sends to local area networks.
--udp This option specifies that you will be sending
UDP/IP packets.
--tcp This option specifies that you will be sending
TCP/IP packets. (Default)

--stream
When specified, rain will use a connection
based, streaming send shower. This means that you cannot spoof
the source address nor customize any aspects of the packets other
than the size, payload, Time to Live, and Type of Service.
--connect
When specified, rain will use a streamed
connection shower (it will call connect() many times). The same
non-spoofing and customization rules apply to --connect as they
do in --stream.
--seq <number>
When specified, the TCP sequence value will
be set to number. The default value is the process id.
--win <number>
When specified, the TCP window-size will be
set to number. The default value is 56.
--urg This will set the TCP URG (urgent) bit.
--ack This will set the TCP ACK (acknowledgement)
bit.
--psh This will set the TCP PSH (push) bit.
--rst This will set the TCP RST (reset) bit.
--syn This will set the TCP SYN (synchronize) bit.
--fin This will set the TCP FIN (finish) bit.
--ack-seq <number>
When specified, rain will set the TCP ac
knowledgement sequence to number. Specifying a value of 0 will
cause the ack sequence field to increase with each packet send,
thus overflowing it in large sends. Default value is 0 (over
flow).
--res <number>
When specified, rain will set the TCP re
served bits to number. This number cannot exceed 15. The default
value is 0. It is highly recommended that you do not touch this
option unless you are confident with what you are doing.
--icmp This option specifies that you will be sending
ICMP/IP packets.

--list-icmp
This will cause rain to list all known ICMP
type/code combinations for your reference.
--icmp-type <number>
This will set the packet's ICMP type to
number. ( see --list-icmp )
--icmp-code <number>
This will set the packet's ICMP code to
number. ( see --list-icmp )
--icmp-id <number>
This will set the packet's ICMP id to
number.
--icmp-seq <number>
This will set the packet's ICMP sequence
value to number.
--icmp-mtu <number>
This will set the packet's ICMP MTU (maximum
transfer unit) value to number.
--icmp-gw | -g <address>
This will set the packet's ICMP gateway ad
dress to address.
--igmp This options specifies that you will be using
IGMP/IP packets.

--list-igmp
This will cause rain to list all known IGMP
type/code combinations for your reference.
--igmp-type <number>
This will set the packet's IGMP type to
number. ( see --list-igmp )
--igmp-code <number>
This will set the packet's IGMP code to
number. ( see --list-igmp )
--igmp-ga | -g <address>
This will set that packet's IGMP group ad
dress to address. This is only effective in non membership
queries.
--frag <number>
This will set the packet's fragmentation offset to
number.
--df When specified, rain will set the appropriate
"Don't Fragment!" bits in each packet, which tells the target
host not to fragment the packets it receives.
--tos <number>
This will set the packet's TOS (Type of Service)
value to number. Use with -v -v to see a description of the Type
of Service you specified.
--ttl <number>
This will set the packet's TTL (Time to Live) value
to number. Default value is 64.
--id <number>
This will set the packet's IP id sequence to
number. Default value is the process id.
--id-of
When specified, rain will increase the value of the
IP ID field by one with each packet, hence overflowing the field
in large sends.
--payload | --pl <string>
This will insert string into each packet's payload.
Note that multi word strings must be quoted.
--fill <ascii-character>
This will initially fill the packet's payload with
ascii-character. This does not conflict with --payload. Default
value is 0xA1.
--version | -V
This will print rains' version information and ex
it.
--help [topic]
This will print rains' help menu. topic is an op
tional argument that will print topic specific information. Such
as --help --tos

EXAMPLES

Here are some examples of using rain.
rain -t localhost -s 0 --tcp --ack -p 0 --sport 0
--size 1024
This will send an infinite amount of 1,024 byte TCP
ACK packets to random ports on localhost, from random ports and
random hosts. (similar to raped.c)
rain -c 10 -t localhost --igmp --igmp-type 0x17
--igmp-code 0 -g 192.168.1.24 -s 192.168.0.4
This will send 10 IGMP "leave group 192.168.1.24"
packets to localhost from 192.168.0.4
rain -t localhost -c 0xA --udp --size 1400 -s lo
calhost --df --tos 0x24 --ttl 255
This will send 10 1,400 byte UDP packets across the
loopback interface with the "Don't Fragment!" bits set, a high
priority Type of Service and the maxmimum Time to Live value of
255.

BUGS

There is an issue with malloc() allocating the wrong
amount of bytes for packet sizes in FreeBSD 4.3-STABLE
In Linux, Kernel 2.4.4, packets will not pass through IP
when a fragmentation offset is specified. This is a bug in the
Linux kernel and not rain.

AUTHOR

Michael - mystic@tenebrous.com

COPYRIGHT

This software is Copyright(c) 2001 by Michael (mys
tic@tenebrous.com) and licensed under the GNU General Public Li
cense.

CONFORMING TO

Posix, 4.4BSD
Version 1.2.8 July 30th, 2001

rain(1)

Copyright © 2010-2025 Platon Technologies, s.r.o.           Home | Man pages | tLDP | Documents | Utilities | About
Design by styleshout