The Firewall Tester consists of two perl scripts, the client part (ftest) and the listening sniffer (ftestd). The client injects custom marked packets, while the sniffer listens for them. The comparison of the script's log files permit the detection of filtered packets and consequently filtering rules if the two scripts are ran on different sides of a firewall. An IDS (Intrusion Detection System) testing feature is also available and snort rule definition file can parsed instead of the standard configuration syntax, ftest can also use common IDS evasion techniques. Stateful inspection firewall and IDS can be handled by the 'connection spoofing' option. CHANGES: Added fragmentation option, added option for specifying IP fragments and TCP segments numbers and size, added fragmentation related evasion techniques, extended syntax now works also for connection spoofing modes, various bugfixes, see Changelog for details. Requires: Net::RawIP, Net::PcapUtils, NetPacket.
b2e9999f056aca95a6a0edfcd1725b49f7add378b94d6548842ebf084f419695