The UDPSZ application was designed to be a small command line tool for sending UDP packets with custom size, content, source port and IP address (spoofing, where possible).
It’s options are very useful for more specific tests but not much easy to use, that’s why the -d option is suggested to check if the output packets have really the desired format.
-d, –dry-run –dry-run [options]
Generates output without sending the UDP packet, used for validating the desired output format.
-f, –fake-ip –fake-ip [options]
Specify an fake IP address to use.
-i, –image –image [options]
Specify an image file to load.
-p, –port –port [options]
Specify a port to use.
-t, –timeout –timeout [options]
Specify a timeout in milliseconds for the UDP connection to be established.
–spoof –spoof [options]
Sets the source IP address to [options] (optional, the value can be a single number or a list like 127.0.0.1 0.0.0.0).
-u, –udp –udp [options]
(type: string) Specify a target to send UDP packets to (optional).
Before sending the packet, UDPSZ keeps it to an internal buffer for fast statistics.
Anonymously send UDP packets from localhost, spoofing the source IP.
To get more information about UDPSZ, please refer to the online documentation at:
You can download the actual application for Windows here: UDPSZ.exe (it contains the necessary libs).
You can download the documentation here: docs.udpsz.org
The code is GPL v3.0.
Reverse Engineering & Analysis
Before analyzing the binary, first, we need to find some default settings and examine the code.
The default settings should be:
Fake IP 127.0.0.1
Now, we need to find a function that change those settings, like (for example):
void ChangeSettings(string options);
Also, look for the function that remove the settings (so, change them to default).
The default settings are stored in an array with different flags:2016年11月07日 11時00分 生き物
-d: display all information of the packets sent
-i: input file from STDIN, otherwise use the standard out
-o: output file, use the standard output by default
-R: a range of possible spoofed source ports, use the default range if none are provided
-s: content of the packets to send
-S: source port of the packets to send
-t: random destination IP address to spoof, can be either the real IP or the MAC address
-x: spoofed destination IP address, can be either the real one or the MAC address
-C: custom size of the packets, can be either 0 (use the real size) or a number, the number of bytes where counted in hexadecimal format
-P: send different port
-f: instead of forwarding the output of the ppp daemon, forward the packets and display them.
The “UDPSZ” is very easy to use and to be used in different cases.
This example shows how to use it in the most basic way, to test all parameters of the tool,
just run it as follow:
$ UDPSZ -i input.txt -o output.txt -s sourceAddress -d destination -C 0 -P 1 -R 10000-20000
Check UDPSZ -d and -i options :
$ UDPSZ -d
| 1| 3102| 18.104.22.168 | 1|
| 2| 3102| 22.214.171.124 | 1|
| 3| 3102| | 1|
| 4| 3102| | 1|
4 packets are seen
Check UDPSZ -s option :
$ UDPSZ -s 2.3.4
-d: Show the decoded payload
-p: Show the packet’s headers
-s: Custom size (kbyte)
-a: Show the data to be loaded
-I: Custom IP
-S: Custom source port
-g: Custom destination
-O: Custom OS
-u: Custom UDP payload (useful with.bsh)
-j: Custom Payload to receive
-t: Default UDP size
-x: UDP header size
-m: Define the verbose level
-s: The default size of UDP packet is 512 bytes
-X: Set the standard output to a file
-c: The default source port is 53
-p: The default destination port is 7070
-P: The default destination port is 7070
-u: The default UDP payload
Despite all the possibilities to customize UDPSZ output, I can’t find a way to make an accurate comparison between the different UDP protocols, but it’s easy to compare between the available options.
FlexNetPcap — I use FlexNetPcap to reproduce RDP traffic, so I use the.htl and.pcap files available as RDP.udp packet at FlexNetPcap site, which allows to replay the traffic in real-time and easily to configure it.
In the next benchmark, I’ve used the ‘-x’ option, to show an example of output with the.htl files provided as a template.
In the following benchmark, I use default parameters which doesn’t simulate RDP traffic.
So here are the results obtained by default parameters:
Custom UDP payload
With the ‘-u’ option, I tried to mimic the different options available in FlexNetPcap, so with the.htl files provided as a template I’ve simulated a RDP session with the following options:
I changed the TCP protocol to KATZ, since I’d like to reproduce the traffic with a Nmap scan.
Here are the results:
The ‘-p’ option is very similar to the ‘-c’ option, except for the size of the packet, which is twice more.
The ‘-o’ option does not change the standard output, so it’s similar to the ‘-X’ option.
The ‘-s’ option is different of the other options because it changes the size of the UDP
Create a DNS query of the given type using UDP packets. Also generates and display the DNS query response packets. In the output, the packets are sorted by the key-value of the request.
The query can either be a query with a name (key) and type value (value) or a * query with a name (key) and no type value.
The DNS UDP packet is created with the following format:
A specially crafted UDP packet can be made to receive a spoofed response, which is the desired behavior in some cases where the answer is expected to be formatted.
The -d flag is used with the DNS queries to show the responses:
-d, –dns-dns Create a DNS query using UDP packets. Also generates and display the DNS query response packets.
The DNS UDP packet is created with the following format:
The -x flag can be used to check that the UDP/TCP packet with the same options but with a different source port is created with the correct fields (when the packet is received):
This expansion is designed for higher-end systems with dual graphics cards (e.g. Radeon HD 4800 and GeForce 8800 GTX). However, it is still playable on less powerful systems with one single graphics card.
The minimum requirements for the game are:
OS: Windows 7, Windows 8, Windows 10 (64-bit only)
Windows 7, Windows 8, Windows 10 (64-bit only) Processor: 3.6 GHz
3.6 GHz Memory: 4 GB
4 GB Graphics: DirectX 10 compatible with 2 GB video