T50 is a sophisticated multi-protocol packet injector and packet generator for network penetration testing and vulnerability assessment. It generates and injects raw IP packets across multiple protocols (IPv4, ICMP, TCP, UDP, IGMP, EIGRP, GRE, etc.) at high throughput, enabling security professionals to stress-test network infrastructure, discover vulnerabilities, and validate security controls in authorized testing environments. T50 requires root/administrator privileges and should only be used in controlled laboratory settings with explicit authorization.
- Multi-protocol support: IPv4, ICMP, TCP, UDP, IGMP, EIGRP, GRE, and more
- High-throughput injection: Rapid packet generation (millions per second possible)
- Customizable headers: Manipulate source/destination addresses, ports, flags
- Statistical flooding: Stress test with specific attack patterns
- Randomization: Random payload, addresses, ports for evasion testing
- Performance metrics: Real-time statistics and packet counters
- Scriptable: Batch and automated testing capabilities
- Cross-platform: Linux, macOS (with modifications), BSD
# Debian/Ubuntu package manager
sudo apt-get update
sudo apt-get install t50
# From source (GitHub)
git clone https://github.com/fredpereira1/t50.git
cd t50
make
sudo make install
# Or manual compilation
gcc -o t50 t50.c -lm
sudo mv t50 /usr/local/bin/
# Verify installation
sudo t50 --version
# Using Homebrew
brew install t50
# Or compile from source
git clone https://github.com/fredpereira1/t50.git
cd t50
make
sudo make install
# Download latest release
wget https://github.com/fredpereira1/t50/archive/refs/heads/master.zip
unzip master.zip
cd t50-master
# Review configuration
cat Makefile
# Compile
make
# Install
sudo make install
# Verify
t50 --version
# Required tools
sudo apt-get install build-essential
sudo apt-get install libpcap-dev
sudo apt-get install gcc
# Optional for advanced features
sudo apt-get install libnet-dev
sudo apt-get install tcpdump
Layer 7 (Application) - Not direct support in T50
Layer 6 (Presentation) - Not direct support in T50
Layer 5 (Session) - Not direct support in T50
Layer 4 (Transport) - TCP, UDP (supported)
Layer 3 (Network) - IPv4, ICMP, IGMP, EIGRP, GRE (supported)
Layer 2 (Data Link) - Ethernet (implicit)
Layer 1 (Physical) - Raw socket injection
T50 Packet = Ethernet Frame + IP Header + Protocol Header + Payload
│
├─ Ethernet Header (Layer 2)
│ ├─ Source MAC
│ ├─ Destination MAC
│ └─ EtherType
│
├─ IP Header (Layer 3)
│ ├─ Source IP
│ ├─ Destination IP
│ ├─ TTL
│ ├─ Protocol
│ └─ Flags
│
├─ Protocol Header (Layer 4)
│ ├─ TCP: Source Port, Dest Port, Sequence, Flags
│ ├─ UDP: Source Port, Dest Port, Length
│ ├─ ICMP: Type, Code, Checksum
│ └─ Other: Protocol-specific fields
│
└─ Payload (Variable)
└─ Optional data
| Pattern | Purpose | Protocol |
|---|
| Flood | Volume-based DoS | ICMP, UDP, TCP |
| Fragmentation | Network fragmentation | IPv4 |
| Invalid flags | Protocol violation testing | TCP, ICMP |
| Random spoofing | Source address randomization | All protocols |
| Port scanning | Port discovery | TCP, UDP |
# T50 requires root privileges (raw socket access)
sudo t50 --help
# Check if user has capabilities
sudo getcap /usr/local/bin/t50
# Grant capabilities (alternative to sudo)
sudo setcap cap_net_raw=ep /usr/local/bin/t50
sudo setcap cap_net_admin=ep /usr/local/bin/t50
# ICMP echo request (ping)
sudo t50 <target-ip> --icmp --help
# Syntax: t50 TARGET [OPTIONS]
# TARGET = destination IP address
# OPTIONS = protocol and configuration
# Basic ICMP request
sudo t50 192.168.1.100 --icmp
# Basic ICMP flood
sudo t50 192.168.1.100 --icmp --flood
# Basic UDP packet
sudo t50 192.168.1.100 --udp
# Basic TCP SYN packet
sudo t50 192.168.1.100 --tcp
# Simple ICMP echo request
sudo t50 <target-ip> --icmp
# ICMP flood (high-volume)
sudo t50 <target-ip> --icmp --flood
# ICMP with custom sequence
sudo t50 <target-ip> --icmp --id 100 --sequence 1000
# ICMP timestamp request
sudo t50 <target-ip> --icmp --type 13
# ICMP unreachable
sudo t50 <target-ip> --icmp --type 3 --code 1
# ICMP parameter problem
sudo t50 <target-ip> --icmp --type 12
# Basic UDP packet
sudo t50 <target-ip> --udp --dst-port 53
# UDP flood on DNS port
sudo t50 <target-ip> --udp --dst-port 53 --flood
# UDP with random ports
sudo t50 <target-ip> --udp --dst-port random --flood
# UDP with custom source port
sudo t50 <target-ip> --udp --src-port 1234 --dst-port 53
# UDP on multiple ports
sudo t50 <target-ip> --udp --dst-port 53,123,161 --flood
# TCP SYN packet
sudo t50 <target-ip> --tcp --dst-port 80
# TCP SYN flood on port 80
sudo t50 <target-ip> --tcp --dst-port 80 --syn --flood
# TCP with ACK flag
sudo t50 <target-ip> --tcp --dst-port 22 --ack
# TCP FIN scan
sudo t50 <target-ip> --tcp --dst-port 443 --fin
# TCP with random flags
sudo t50 <target-ip> --tcp --dst-port 3306 --flood --rand
# TCP scanning multiple ports
sudo t50 <target-ip> --tcp --dst-port 22,80,443,3306 --syn
# Fragment packets
sudo t50 <target-ip> --udp --dst-port 53 --fragment
# Overlapping fragments (Teardrop variant)
sudo t50 <target-ip> --udp --fragment --offset 8
# Send fragmented ICMP
sudo t50 <target-ip> --icmp --fragment
# Spoof source IP (requires capability)
sudo t50 <target-ip> --tcp --dst-port 80 --src-ip 1.2.3.4
# Randomize source IP
sudo t50 <target-ip> --tcp --dst-port 80 --rand-src-ip --flood
# Specific source range
sudo t50 <target-ip> --tcp --dst-port 80 \
--src-ip 192.168.1.0 --netmask 255.255.255.0
# Send with custom payload
sudo t50 <target-ip> --udp --dst-port 53 \
--payload "custom data here"
# Payload from file
sudo t50 <target-ip> --tcp --dst-port 80 \
--payload "$(cat /tmp/payload.txt)"
# Randomized payload
sudo t50 <target-ip> --udp --dst-port 53 \
--rand-payload --flood
# Packets per second (if supported)
sudo t50 <target-ip> --tcp --dst-port 80 --pps 1000
# Delay between packets (milliseconds)
sudo t50 <target-ip> --icmp --delay 100
# Duration (if supported)
sudo t50 <target-ip> --tcp --dst-port 80 --duration 60
#!/bin/bash
# Test firewall rules with TCP flags
TARGET="192.168.1.1"
PORTS=(22 80 443 3306 5432)
echo "Testing firewall with various TCP flags"
echo "Target: $TARGET"
echo ""
# Test SYN packets (normal connection attempt)
echo "1. Testing SYN packets..."
for port in "${PORTS[@]}"; do
echo -n " Port $port: "
sudo t50 "$TARGET" --tcp --dst-port "$port" --syn --payload "test"
done
echo ""
echo "2. Testing ACK packets (established connection)..."
for port in "${PORTS[@]}"; do
echo -n " Port $port: "
sudo t50 "$TARGET" --tcp --dst-port "$port" --ack --payload "test"
done
echo ""
echo "3. Testing FIN packets (connection termination)..."
for port in "${PORTS[@]}"; do
echo -n " Port $port: "
sudo t50 "$TARGET" --tcp --dst-port "$port" --fin
done
#!/bin/bash
# Test network response to various ICMP types
TARGET="$1"
echo "ICMP Behavior Test for: $TARGET"
echo "================================="
echo ""
# ICMP Type values
declare -A ICMP_TYPES=(
[0]="Echo Reply"
[3]="Destination Unreachable"
[5]="Redirect"
[8]="Echo Request"
[11]="Time Exceeded"
[12]="Parameter Problem"
[13]="Timestamp Request"
[14]="Timestamp Reply"
[17]="Address Mask Request"
[18]="Address Mask Reply"
)
for type in 0 3 5 8 11 12 13 14 17 18; do
echo "Testing ICMP Type $type (${ICMP_TYPES[$type]})..."
sudo t50 "$TARGET" --icmp --type "$type" --flood --duration 5
echo "---"
done
#!/bin/bash
# Test network device protocol support
TARGET="192.168.1.254" # Gateway
echo "Network Device Protocol Support Test"
echo "===================================="
echo ""
# Test different protocols
PROTOCOLS=("icmp" "tcp" "udp" "igmp" "gre")
for proto in "${PROTOCOLS[@]}"; do
echo "Testing protocol: $proto"
case "$proto" in
icmp)
sudo t50 "$TARGET" --icmp --type 8
;;
tcp)
sudo t50 "$TARGET" --tcp --dst-port 80 --syn
;;
udp)
sudo t50 "$TARGET" --udp --dst-port 53
;;
igmp)
sudo t50 "$TARGET" --igmp
;;
gre)
sudo t50 "$TARGET" --gre
;;
esac
sleep 2
echo "---"
done
#!/bin/bash
# Controlled load test with monitoring
TARGET="$1"
PORT="${2:-80}"
DURATION="${3:-30}"
echo "Load Test: Target=$TARGET Port=$PORT Duration=${DURATION}s"
echo "=========================================================="
echo ""
# Start monitoring in background
echo "Starting network monitoring..."
sudo tcpdump -i any -c 100 -n "host $TARGET" > /tmp/capture.pcap &
TCPDUMP_PID=$!
# Wait for tcpdump to start
sleep 1
# Generate traffic
echo "Generating TCP flood on port $PORT..."
sudo t50 "$TARGET" --tcp --dst-port "$PORT" --syn --flood &
T50_PID=$!
# Let test run
sleep "$DURATION"
# Stop flood
kill $T50_PID
sleep 1
# Stop monitoring
kill $TCPDUMP_PID
sleep 1
# Analyze capture
echo ""
echo "Packet Statistics:"
tcpdump -r /tmp/capture.pcap -n | head -20
# Cleanup
rm /tmp/capture.pcap
#!/bin/bash
# Test device response to fragmented packets
TARGET="$1"
echo "Fragmentation Testing: $TARGET"
echo "=============================="
echo ""
# Test 1: Normal fragmentation
echo "1. Normal fragmentation..."
sudo t50 "$TARGET" --udp --dst-port 53 --fragment
# Test 2: Overlapping fragments
echo "2. Overlapping fragments..."
sudo t50 "$TARGET" --udp --dst-port 53 --fragment --offset 8
# Test 3: Invalid fragment offset
echo "3. Invalid fragment offsets..."
for offset in 8 16 24 32 64; do
sudo t50 "$TARGET" --udp --dst-port 53 --fragment --offset "$offset"
done
# Test 4: Zero-size fragment
echo "4. Zero-length fragments..."
sudo t50 "$TARGET" --icmp --fragment
WARNING: Network attack simulation WITHOUT explicit authorization is ILLEGAL
✓ AUTHORIZED TESTING:
- Testing your own infrastructure
- Authorized penetration testing engagement
- Lab environment with written approval
- Security research in isolated environment
✗ UNAUTHORIZED TESTING:
- Testing someone else's network
- DoS/DDoS attacks
- Malicious traffic generation
- Disruptive testing without permission
# 1. Isolated network only
# Test on isolated lab network, NOT production
# 2. Network monitoring
# Monitor test impact in real-time
sudo tcpdump -i eth0 -n "host <target>"
# 3. Limited scope
# Target specific hosts, not entire networks
# 4. Time-limited tests
# Use duration limits to prevent runaway floods
# 5. Rapid shutdown
# Have kill command ready
# Monitor for unexpected behavior
# 6. Documentation
# Log all testing activities
# Record baseline and test results
# Use rate limiting to prevent damage
# (if tool supports these options)
# Conservative approach
sudo t50 <target-ip> --tcp --dst-port 80 \
--pps 100 \
--duration 60
# Moderate load
sudo t50 <target-ip> --tcp --dst-port 80 \
--pps 1000 \
--duration 30
# Note: Always start with lowest rates
# Gradually increase if monitoring shows stability
| Tool | Purpose | Protocol | Flexibility |
|---|
| T50 | Multi-protocol injection | Many | Very high |
| hping3 | ICMP/TCP/UDP | Limited | High |
| Scapy | Packet crafting | All | Highest (Python) |
| iperf | Performance testing | TCP/UDP | Medium |
| netperf | Network performance | TCP/UDP | Medium |
# Target
TARGET # Destination IP address
# Protocols
--icmp # ICMP protocol
--tcp # TCP protocol
--udp # UDP protocol
--igmp # IGMP protocol
--eigrp # EIGRP protocol
--gre # GRE protocol
# Port settings
--dst-port PORT # Destination port
--src-port PORT # Source port
--port-range START-END # Port range
# IP settings
--src-ip IP # Source IP address
--rand-src-ip # Randomize source IP
--netmask MASK # Subnet mask for source
# TCP flags
--syn # Set SYN flag
--ack # Set ACK flag
--fin # Set FIN flag
--rst # Set RST flag
--psh # Set PSH flag
--urg # Set URG flag
# Payload
--payload DATA # Custom payload
--rand-payload # Random payload
# Flooding
--flood # Continuous flooding mode
--rand # Randomize parameters
# Other
--help # Display help
--version # Show version
| Issue | Cause | Solution |
|---|
| Permission denied | Not running as root | Use sudo |
| No output/packets | Firewall dropping | Check firewall rules |
| Target not responding | Network issues | Verify connectivity |
| Invalid option error | Wrong syntax | Check t50 --help |
# Verify raw socket capability
ip addr show
# Check if can create raw sockets
sudo socket AF_INET SOCK_RAW IPPROTO_RAW
# Monitor traffic being generated
sudo tcpdump -i any -n "dst <target-ip>"
# Check system limits
ulimit -a
# Increase max open files if needed
ulimit -n 65536
# 1. Reconnaissance
nmap <target-ip>
# 2. Protocol testing with T50
sudo t50 <target-ip> --tcp --dst-port 80 --syn --flood
# 3. Response analysis
# (Monitor behavior and response patterns)
# 4. Packet capture for analysis
sudo tcpdump -i any -w capture.pcap "host <target-ip>"
# 5. Analyze with Wireshark
wireshark capture.pcap
# Create isolated test network
# Using virtual machines or containers
# VM 1: Attacker (T50 installation)
# VM 2: Target (network device under test)
# Network: Isolated virtual network bridge
# Prevent cross-network traffic
iptables -I OUTPUT -d <external-network> -j DROP
# Run tests safely
sudo t50 <internal-target-ip> --tcp --dst-port 80 --flood
✓ Get written authorization
✓ Test in isolated environment
✓ Monitor all testing activities
✓ Start with low rates
✓ Have immediate shutdown capability
✓ Document baseline and results
✓ Verify no collateral impact
✓ Restore system to baseline afterward
# Log all testing
tee -a test-log.txt << 'EOF'
Date: $(date)
Target: <ip>
Protocol: <protocol>
Duration: <seconds>
Objective: <test-purpose>
Result: <outcome>
EOF
T50 is a powerful multi-protocol packet injector for authorized network testing, vulnerability assessment, and infrastructure validation. Its flexibility in crafting custom packets across multiple protocols makes it invaluable for security professionals conducting authorized penetration tests and network research. Always use responsibly within legal and ethical boundaries, with explicit authorization, in isolated test environments only.
