Provided by: ptunnel-ng_1.43-1_amd64 
NAME
ptunnel-ng - tunnel TCP connections over ICMP echo request/reply packets.
SYNOPSIS
ptunnel-ng -p <address> -l <port> -r<address> -R<port> [-m <magic>] [-c <connections>] [-v <level>] [-L
<interface>] [-o<file>] [-s] [-P <password>] [--udp] [--unprivileged] [-d<pidfile>] [-S] [-u<user>]
[-g<group>] [-C<directory>] [-e<context>] [-h]
DESCRIPTION
PingTunnel-NG is a fork from the famous PingTunnel with the aim of an improved and refactored code base
and some additional features.
ptunnel is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP
echo request and reply packets, commonly known as ping requests and replies. At first glance, this might
seem like a rather useless thing to do, but it can actually come in handy in some cases. The following
example illustrates the main motivation in creating ptunnel:
Setting: You're on the go, and stumble across an open wireless network. The network gives you an IP
address, but won't let you send TCP or UDP packets out to the rest of the internet, for instance to check
your mail. What to do? By chance, you discover that the network will allow you to ping any computer on
the rest of the internet. With ptunnel, you can utilize this feature to check your mail, or do other
things that require TCP.
OPTIONS
Client options only:
-p
--proxy=proxy_address
Specify the host on which the proxy is running.
-l
--listen=listen_port
Specifies the port on which the client will listen for incoming TCP connections.
-s
--statistics
Enables continuous output of statistics (packet loss, etc.)
Server and Client options:
-m
--magic=magic_value
Sets a different magic value which can be used to bypass Cisco's IPS. It may also work for other
IDS/IPS/Firewalls.
Remember: This value has to be the same on the server and client!
-r
--remote-adr=destination_addr
Specifies the address to which you want your packets tunneled after reaching the proxy when in
client mode, or restricts the destination packets can be forwarded to when in server mode.
-R
--remote-port=destination_port
Specifies/restrict the port that the proxy should tunnel the TCP connection to.
-c
--connections=max_value
Set the maximum of concurrent tunnels.
-v
--verbosity=level
Controls the verbosity level. -1 is no output, 0 shows errors only, 1 shows info messages, 2 gives
more output, 3 provides even more output, level 4 displays debug info and level 5 displays
absolutely everything, including the nasty details of sends and receives.
-L
--libpcap=network_device
Specify the network interface to capture packets from. Note that packet capturing isn't always
necessary, but you should try this if you experience problems with ptunnel.
-o
--logfile=logfile
Specify a file to log to, rather than printing to standard out.
-P
--passwd=secret_password
Set a password (must be same on client and proxy) which will be used for the challenge response
authentication. The program will try to hide the password from `/proc/PID/cmdline` but it may not
work for ld wrapper or debugging/profiling tools like valgrind.
--udp
Enables tunneling over UDP port 53 (DNS) instead of using ICMP. This will only work if your proxy
can accept incoming traffic on port 53, and the client is able to send data to the proxy on port
53. Note that this option does not wrap ptunnel's data in DNS-compliant packets. This option must
be given on both the proxy and client side for things to work correctly.
--unprivileged
Run proxy in unprivileged mode. This causes the proxy to forward packets using standard echo
requests, instead of crafting custom echo replies. Unprivileged mode will only work on some
systems, and is in general less reliable than running in privileged mode.
-d
--daemon=pidfile
(Not available on Windows.)
Run in background, writing PID to a pidfile.
-S
--syslog
(Not available on Windows.)
Changes logging to use the built-in syslog fascility.
-u
--user=username
(Not available on Windows.)
When started in privileged mode (as root), drop down to user's rights as soon as possible.
-g
--group=groupname
(Not available on Windows.)
When started in privileged mode (as root), drop down to group's rights as soon as possible. If you
set --user it is not required to set this option too. The program will use the group associated
with that user.
-C
--chroot=directory
(Not available on Windows.)
When started in privileged mode (as root), restrict file access to the specified directory.
-e
--setcon=context
(Only available on Linux.)
Set SELinux context when all there is left to do are network I/O operations. In order to be able
to combine with --chroot you will have to `mount --bind /proc /chrootdir/proc`.
-h
--help
Displays brief usage information.
EXAMPLES
The following assumes that ptunnel is run as root, both on the proxy and client. To tunnel ssh
connections from the client machine via a proxy running on proxy.pingtunnel.com to the computer
login.domain.com, the following command line would be used:
ptunnel -p proxy.pingtunnel.com -lp 8000 -da login.domain.com -dp 22
An ssh connection to login.domain.com can now be established as follows:
ssh -p 8000 localhost
If ssh complains about potential man-in-the-middle attacks, simply remove the offending key from the
known_hosts file. The warning/error is expected if you have previously ssh'd to your local computer
(i.e., ssh localhost), or you have used ptunnel to forward ssh connections to different hosts.
Of course, for all of this to work, you need to start the proxy on your proxy-computer
(proxy.pingtunnel.com). Doing this is very simple:
ptunnel
If you find that the proxy isn't working, you will need to enable packet capturing on the main network
device. Currently this device is assumed to be an ethernet-device (i.e., ethernet or wireless). Packet
capturing is enabled by giving the -c switch, and supplying the device name to capture packets on (for
instance eth0 or en1). The same goes for the client. On Mac OS X, packet capturing must always be enabled
(both for proxy and client), as resent packets won't be received otherwise.
To protect yourself from others using your proxy, you can protect access to it with a password using the
<tt>-x</tt> switch. The password is never sent in the clear, but keep in mind that it may be visible from
tools like top or ps, which can display the command line used to start an application.
EXIT STATUS
ptunnel-ng does only exit if an invalid command line option is found or a fatal error during the
initialisation process occurred. If this happens the exit value should always be non zero. The program
does not exit until forced to do so by an external SIGNAL or if it crashes.
BUGS
ptunnel-ng currently does not handle packet capturing on network interfaces other than ethernet or
wireless correctly.
AUTHORS AND CONTRIBUTORS
PingTunnel-NG: Toni Uhlig (matzeton@googlemail.com)
PingTunnel: Daniel Stoedle (daniels@cs.uit.no)
Windows port: Mike Miller (mike@mikeage.net)
SELinux support: Sebastien Raveau (sebastien.raveau@epita.fr)
Patches: Joe McKenzie, Steffen Wendzel and StalkR.
LICENSE
ptunnel-ng is licensed under the BSD License.
AVAILABILITY
The ptunnel-ng homepage is currently located here:
https://github.com/lnslbrty/ptunnel-ng
The ptunnel homepage is currently located here:
http://www.cs.uit.no/~daniels/PingTunnel/
The freshmeat project page is located here:
http://freshmeat.net/projects/ptunnel/
Please take the time to rate ptunnel or ptunnel-ng if you find it useful. Thanks!
Version 1.00 December 19, 2017 ptunnel-ng(8)