bash-2.05a# lc
          lc:  Linkcat 1.0:  Low Latency stdio <-> Layer 2 Filtering Bridge
Component of:  Paketto Keiretsu 1.0;    Dan Kaminsky  (dan@doxpara.com)
       Usage:  lc   [options]  [-l sniff->stdout] [-m stdin->spoof]

    Examples:  lc -l00 -p icmp   # sniff icmp packets, dump to stdout in hex
               lc -m00 -r dump   # spoof all hex packets found in file "dump"
     Options:  -l    [device]: Sniff packets from  this interface onto stdout
               -m    [device]: Spoof packets   to  this interface from stdin
               -p    [filter]: Filter interface before dumping to stdout
               -P    [filter]: Filter stdin before dumping to interface
               -w      [file]: Write sniff packets to file instead of stdout
               -r      [file]: Read spoofed packets from file instead of stdin
               -t       [h/p]: Operate on HEX text / Operate on Libpcap Dumps(h)
               -o       [m-n]: In Hex Mode, only emit the mth through nth bytes
               -O       [m-n]: Same as -b, but reverse the byte order
               -e            : Output spoofed bytes to stderr in hex form
               -c            : Limit line length to c characters (76)
 Experiments:  -L       [key]: Verify HMAC-SHA1 hash from Ethernet Trailer
               -M       [key]: Insert HMAC-SHA1 hash into Ethernet Trailer
               -S            : Strip  hash upon successful verification
     WARNING:  Crypto is highly experimental and extremely vulnerable to Replay!
               This is just a basic demo of Ethernet Trailer Crypto.
       Notes:  "00" as an interface will be replaced with any available. 


#we set up some other process somewhere to ping yahoo.

bash-2.05a# lc -l00 -p "icmp and dst host www.yahoo.com"
00 03 e3 00 4e 6b 00 e0 18 02 91 9f 08 00 45 00 00 54 4d 10 00 00 ff 01 d9 5c \
0a 00 01 0b 42 da 47 57 08 00 eb 5a cb 99 00 00 5a 74 d5 3d 20 56 06 00 08 09 \
0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 \
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
00 03 e3 00 4e 6b 00 e0 18 02 91 9f 08 00 45 00 00 54 4d 14 00 00 ff 01 d9 58 \
0a 00 01 0b 42 da 47 57 08 00 d8 20 cb 99 01 00 5b 74 d5 3d 31 90 06 00 08 09 \
0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 \
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
^C
bash-2.05a# tethereal icmp &
[1] 39372
bash-2.05a# Capturing on fxp0

# cut, meet paste.  paste, meet cut.
bash-2.05a# lc -m00
00 03 e3 00 4e 6b 00 e0 18 02 91 9f 08 00 45 00 00 54 4d 10 00 00 ff 01 d9 5c \
0a 00 01 0b 42 da 47 57 08 00 eb 5a cb 99 00 00 5a 74 d5 3d 20 56 06 00 08 09 \
0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 \
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
  0.000000 10.0.1.11 -> w8.scd.yahoo.com ICMP Echo (ping) request
  0.020291 w8.scd.yahoo.com -> 10.0.1.11 ICMP Echo (ping) reply
00 03 e3 00 4e 6b 00 e0 18 02 91 9f 08 00 45 00 00 54 4d 10 00 00 ff 01 d9 5c \
0a 00 01 0b 42 da 47 57 08 00 eb 5a cb 99 00 00 5a 74 d5 3d 20 56 06 00 08 09 \
0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 \
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
  4.508139 10.0.1.11 -> w8.scd.yahoo.com ICMP Echo (ping) request
  4.526786 w8.scd.yahoo.com -> 10.0.1.11 ICMP Echo (ping) reply
00 03 e3 00 4e 6b 00 e0 18 02 91 9f 08 00 45 00 00 54 4d 10 00 00 ff 01 d9 5c \
0a 00 01 0b 42 da 47 57 08 00 eb 5a cb 99 00 00 5a 74 d5 3d 20 56 06 00 08 09 \
0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 \
24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
  8.029739 10.0.1.11 -> w8.scd.yahoo.com ICMP Echo (ping) request
  8.038879 w8.scd.yahoo.com -> 10.0.1.11 ICMP Echo (ping) reply