Fragroute  intercepts,  modifies,  and rewrites egress traffic destined  for the specified host. Simply frag route fragments packets originating from our(attacker) system to the destination system. Its used by security personnel or hackers for evading firewalls, avoiding IDS/IPS detections & alerts etc. Also pentesters use it to gather information from a highly secured remote host.



fragroute –f <lconfigfile> dst<destination>

-f – Config file on how frag route should work.


Default configuration file is at /etc/fragroute.conf. 

Default conf File :

frag Fragroute


One can either use this defaut file or write a new configuration file. Custom file requires following rules to be be written.

delay first|last|random <ms>
drop first|last|random <prob-%>
dup first|last|random <prob-%>
echo <string> ...
ip_chaff dup|opt|<ttl>
ip_frag <size> [old|new]
ip_opt lsrr|ssrr <ptr> <ip-addr> ...
ip_ttl <ttl>
ip_tos <tos>
order random|reverse
tcp_chaff cksum|null|paws|rexmit|seq|syn|<ttl>
tcp_opt mss|wscale <size>
tcp_seg <size> [old|new]


Fragment large ping packets

This demonstrates large ping packets being fragmented in between 2 hosts, the attacker & target. The attacker has ipaddress & target has

1. In attack machine turn on fragroute

Command : fragroute –f /etc/fragroute.conf<replace with your destination>

cyborg@cyborg:~$ sudo fragroute -f /etc/fragroute.conf
[sudo] password for cyborg: 
fragroute: tcp_seg -> ip_frag -> ip_chaff -> order -> print

2. Open another terminal & ping large sized packet

Command : ping –s 10000<replace with your destination>

cyborg@cyborg:~$ ping -s 10000 PING ( 10000(10028) bytes of data.

3. Check terminal in which frag route is running

cyborg@cyborg:~$ sudo fragroute -f /etc/fragroute.conf
[sudo] password for cyborg: 
fragroute: tcp_seg -> ip_frag -> ip_chaff -> order -> print > (frag 3201:[email protected]+) > (frag 3201:[email protected]+) > (frag 3201:[email protected]) > (frag 3305:[email protected]+) > (frag 3305:[email protected]+) > (frag 3305:[email protected]) > (frag 3655:[email protected]+) > (frag 3655:[email protected]+) > (frag 3655:[email protected]) > (frag 4051:[email protected]+) > (frag 4051:[email protected]+) > (frag 4051:[email protected]) > (frag 4381:[email protected]+) > (frag 4381:[email protected]) > (frag 4593:[email protected]+) > (frag 4593:[email protected]+) > (frag 4593:[email protected]) > (frag 4895:[email protected]+) > (frag 4895:[email protected]+) > (frag 4895:[email protected])

Leave a reply


We're are building as a community and a team. Be a part of it.


©2018 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?