The Web Local





Eigrp-tools is a custom EIGRP packet generator and sniffer combined.  It was developed to test the security and overall operation quality of the EIGRP routing protocol.  Using this tool requires you to have the requisite background knowledge of EIGRP, packets structure/types, alongside a good working background of the Layer 3 topology of the network you wish to audit.




It is available from here.


It requires various Perl modules to be installed before it is able to be utilised.  These can be obtained by searching CPAN

Net::RawIP - A search comes up with Net-RawIP-0.2.tar.gz

tar -zxvf Net-RawIP-0.2.tar.gz



Errors are reported in the file RawIP.xs, the problem lies in the fact that the (u=char *) variable has been declared both sides and the first such reference to this needs to be removed.  The error output to screen will mention the lvalue and assignment being wrong.  Record the line numbers outputted and it is on these lines that you must remove the duplicate variables.


vi RawIP.xs

At lines 762, 788, 821, 861, 895, 1287 and 1309 you should find the syntax (u=char*) delete the first entry of this as it is not required, the script should now run.


make install


NetPacket:Ethernet - A search comes up with NetPacket-0.04.tar.gz

NetPacket::IP - A search comes up with  the same package as above.


tar -zxvf NetPacket-0.04.tar.gz



make install

tar -zxvf eigrp-tools.tar.gz


Execution [--sniff] [ --iface=interface ] [--timeout=i]



    --sniff Sniff eigrp packets

    --iface Listen on an interface

    --iflist List all available network interfaces

    --source Source IP address

    --dest Packet destination IP. Default multicast IP -

    --timeout=n pcap init timeout (500 default)

    --hello Send EIGRP HELLO

    --update Update route

    --query Send [Query] (Unreachable destination )

    --external External route

    --internal Internal route

    --ipgoodbye=s IP to [Goodbye message] Authentication replay not implemented

    --file2ip=s Send raw sniffed eigrp data from file to IP

    --payback Sniff the UPDATE packet, change [Delay] and send it back (PoC)

    --op=n EIGRP opcode no. to trigger, capture a pkt defined by the trigger onto a disk

    --sn=n EIGRP sequence number to trigger

    --auth Authentication data for the reply attack (copy past hex from sniff)

    --opcode Custom opcode for hello packets fuzzing

    --flags=n EIGRP flags (0,1 or 2)

    --version=n EIGRP version [8 bit integer] Default = 2

    --as=n Autonomous system number, Default = 1

    --k1=n Metric K1 Default 1

    --k2=n Mertic K2 Default 0

    --k3=n Mertic K3 Default 1

    --k4=n Mertic K4 Default 0

    --k5=n Mertic K4 Default 0

    --mtu=n MTU

    --nms=n Add NMS (Next multicast message) to Hello packet

    --eigrpv=s EIGRP release version

    --ios=s IOS version

    --hopcount=n Hop count

    --reliability=n Reliability

    --load=n Load

    --delay=n Delay

    --sequence=n Sequence (32bit sequence) Default = 0

    --ack=n Acknowledge (32bit sequence) Default = 0

    --nexthop=s Next Hop

    --bandwidth=n Bandwidth

    --routedest=s Route destination

    --origrouter=s Originating router

    --origas=n Originating Autonomous system number

    --arbitatag=n Arbitrary tag

    --metric=n protocol metric (external EIGRP metric for the external


    --extproto=n External protocol

            ID IGRP(1)


            Static Route(3)








            Connected link(11)

    --hold=n Hold time in seconds

    --hellotime=n Hello send retries timeout . Default = 5 sec

    --hellodos=s IP subnet. Nasty DOS attack! Send HELLO EIGRP Argument from IP range.

    --retries=n Packet send retries Default = 1;



./ --sniff --iface eth0

./ --ipgoodbye --source

./ --file2ip update.dat --source

./ --update --external --as 65534 --source

./ --hello --auth 00020010000000020000000000000000000000000efe07403446c77a9697fe5753f79e52

--source --nms 1

./ --help This message



IT Security News:


Pen Testing Framework:


Latest Tool Reviews: