ptunnel - tunnel TCP connections over ICMP echo request/reply packets.
ptunnel -p proxy_address -lp listen_port -da destination_address -dp
dest_port [-c network_device] [-v verbosity] [-f file] [-udp] [-syslog]
ptunnel [-c network_device] [-v verbosity] [-f file] [-udp] [-syslog]
ptunnel [-u] [-x password] [-setuid user] [-setgid group] [-chroot dir]
ptunnel is an application that allows you to reliably tunnel TCP
connections to a remote host using ICMP echo request and reply packets,
commonly known as ping requests and replies. At first glance, this
might seem like a rather useless thing to do, but it can actually come
in handy in some cases. The following example illustrates the main
motivation in creating ptunnel:
Setting: You’re on the go, and stumble across an open wireless network.
The network gives you an IP address, but won’t let you send TCP or UDP
packets out to the rest of the internet, for instance to check your
mail. What to do? By chance, you discover that the network will allow
you to ping any computer on the rest of the internet. With ptunnel, you
can utilize this feature to check your mail, or do other things that
Specify the host on which the proxy is running.
Specifies the port on which the client will listen for incoming
Specifies the address to which you want your packets tunneled
after reaching the proxy when in client mode, or restricts the
destination packets can be forwarded to when in server mode.
Specifies/restrict the port that the proxy should tunnel the TCP
Specify the network interface to capture packets from. Note that
packet capturing isn’t always necessary, but you should try this
if you experience problems with ptunnel.
Controls the verbosity level. -1 is no output, 0 shows errors
only, 1 shows info messages, 2 gives more output, 3 provides
even more output, level 4 displays debug info and level 5
displays absolutely everything, including the nasty details of
sends and receives.
-udp Enables tunneling over UDP port 53 (DNS) instead of using ICMP.
This will only work if your proxy can accept incoming traffic on
port 53, and the client is able to send data to the proxy on
port 53. Note that this option does not wrap ptunnel’s data in
DNS-compliant packets. This option must be given on both the
proxy and client side for things to work correctly.
-syslog (Not available on Windows.)
Changes logging to use the built-in syslog fascility.
-daemon file (Not available on Windows.)
Run in background, writing PID in file.
-u Attempts to run ptunnel without privileges. This doesn’t usually
work! On UNIX systems please consider using the following three
-setuid user (Not available on Windows.)
When started in privileged mode, drop down to user’s rights as
soon as possible.
-setgid group (Not available on Windows.)
When started in privileged mode, drop down to group’s rights as
soon as possible.
-chroot dir (Not available on Windows.)
When started in privileged mode, restrict file access to the
-setcon context (Not available on Windows.)
Set SELinux context when all there is left to do are network I/O
operations. In order to be able to combine with -chroot you
will have to ‘mount --bind /proc /chrootdir/proc‘
Specifies a password or passphrase to use. This will allow you
to protect the proxy from use by others who don’t know the
password. It needs to be specified on both proxy and client.
Specifies a log file. If you specify -syslog, syslog is always
-h Displays brief usage information.
The following assumes that ptunnel is run as root, both on the proxy
and client. To tunnel ssh connections from the client machine via a
proxy running on proxy.pingtunnel.com to the computer login.domain.com,
the following command line would be used:
ptunnel -p proxy.pingtunnel.com -lp 8000 -da login.domain.com -dp 22
An ssh connection to login.domain.com can now be established as
ssh -p 8000 localhost
If ssh complains about potential man-in-the-middle attacks, simply
remove the offending key from the known_hosts file. The warning/error
is expected if you have previously ssh’d to your local computer (i.e.,
ssh localhost), or you have used ptunnel to forward ssh connections to
Of course, for all of this to work, you need to start the proxy on your
proxy-computer (proxy.pingtunnel.com). Doing this is very simple:
If you find that the proxy isn’t working, you will need to enable
packet capturing on the main network device. Currently this device is
assumed to be an ethernet-device (i.e., ethernet or wireless). Packet
capturing is enabled by giving the -c switch, and supplying the device
name to capture packets on (for instance eth0 or en1). The same goes
for the client. On Mac OS X, packet capturing must always be enabled
(both for proxy and client), as resent packets won’t be received
To protect yourself from others using your proxy, you can protect
access to it with a password using the <tt>-x</tt> switch. The password
is never sent in the clear, but keep in mind that it may be visible
from tools like top or ps, which can display the command line used to
start an application.
ptunnel does not exit until forced to do so by an interrupt (Ctrl-C) or
if it crashes.
ptunnel currently does not handle packet capturing on network
interfaces other than ethernet or wireless correctly.
Daniel Stoedle (email@example.com)
Mike Miller (firstname.lastname@example.org)
Sebastien Raveau (email@example.com)
ptunnel is licensed under the BSD License.
The ptunnel homepage is currently located here:
The freshmeat project page is located here:
Please take the time to rate ptunnel if you find it useful. Thanks!