Fragroute – A network packet fragmentation & firewall testing tool

Fragroute  intercepts,  modifies,  and rewrites egress traffic destined  for the specified host. Simply frag route fragments packets originating from our(attacker) system to the destination system. Its used by security personnel or hackers for evading firewalls, avoiding IDS/IPS detections & alerts etc. Also pentesters use it to gather information from a highly secured remote host.


fragroute –f <lconfigfile> dst<destination>

-f – Config file on how frag route should work.

Default configuration file is at /etc/fragroute.conf. One can either use this defaut file or write a new configuration file. Custom file requires following rules to be be written.

delay first|last|random <ms>
drop first|last|random <prob-%>
dup first|last|random <prob-%>
echo <string> ...
ip_chaff dup|opt|<ttl>
ip_frag <size> [old|new]
ip_opt lsrr|ssrr <ptr> <ip-addr> ...
ip_ttl <ttl>
ip_tos <tos>
order random|reverse
tcp_chaff cksum|null|paws|rexmit|seq|syn|<ttl>
tcp_opt mss|wscale <size>
tcp_seg <size> [old|new]

Fragroute Homepage:

Lab:1 Fragment large ping packets

This demonstrates large ping packets being fragmented in between 2 hosts, the attacker & target. The attacker has ipaddress & target has

1. In attack machine turn on fragroute

Command : fragroute –f /etc/fragroute.conf<replace with your destination>

Executing fragroute command with default configuration.


2. Open another terminal & ping large sized packet

Command : ping –s 10000<replace with your destination>

Ping output


3. Check terminal in which frag route is running

Fragmented Packets Sent, shown in fragroute terminal


Lab 2: Custom configuration

Suppose we have to increase ttl value & no of tcp segments inorder to evade a firewall.

1. Make a new file.<here it is custconf>

Command: leafpad custconf <yourname here>

2.  In that file, type

tcp_seg 8 new   -    No of tcp segments(default is 4)

ip_frag 32      -    No of ip fragments(default is 24)

ip_chaff dup    -

ip_ttl 10       -    ttl 10

order random


Now the file looks like the following image. Remember not to include my description of what the parameter is, from the above field.

File cotaining the Custom configuration


3. Start frag route with this file & destination


Command: fragroute –f custconf <replace "custconf" with your filename>


4. Now ping using another terminal to the destination  with large packet size.


Commang : ping –s 20000


5. See  terminal on which frag route is running.

Fragroute Terminal showing output


Optionally, check on the destination system with packet analysers like wireshark or tcpdump.

Wireshark on Target machine showing fragmented packets received.


Optionally, if you know nmap scanning, do a ping scan with nmap to the destination and check on both hosts.

Read More :

Facebook Comments

One thought on “Fragroute

  • June 21, 2016 at 7:15 pm

    thank you!
    i tested it on kali 2.0 because of APSolute Vision.


Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: