Automic VaultAutomic Vault

brew

Install fragroute with Homebrew, MacPorts

Intercepts, modifies and rewrites egress traffic for a specified host. Version 1.2 via Homebrew; verified 2026-06-22.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install fragroute

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install fragroute

MacPorts ports tree · net/fragroute/Portfile · source: api.github.com

overview

Package summary

Intercepts, modifies and rewrites egress traffic for a specified host

Commands and aliases

  • fragroute
  • fragtest

history

Project history and usage

fragroute is a classic network-security test tool by Dug Song for intercepting, modifying, and rewriting outbound traffic to a target host. Its purpose is to reproduce insertion, evasion, and denial-of-service techniques against intrusion-detection systems and TCP/IP stacks in a controlled test setting.

Project history

The official homepage describes fragroute as an implementation of most attacks from the January 1998 Secure Networks paper on eluding network intrusion detection. The bundled license covers 2001 and 2002, and the 1.2 source archive contains README and manpage files dated April 2002.

The project belongs to the same early-2000s packet-manipulation culture as libdnet and libpcap-based security tools. Its author page distributed source tarballs and plain-text manpages rather than a modern public source-control repository.

Adoption history

fragroute's official page documented builds on OpenBSD, FreeBSD, Linux, Solaris, and Windows 2000, with dependencies on libdnet, libpcap, libevent, and platform tunnel drivers. The bundled scripts include notes for attacks reported against Snort 1.8.3 in January 2002, anchoring the tool in IDS regression testing practice.

How it is used

The fragroute executable reads a ruleset and a target host, then applies directives such as delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, TTL, and TOS changes to outbound packets. fragtest complements it by probing a remote host's IP fragment reassembly behavior.

Why package nerds care

For package-history purposes, fragroute is significant because it is a tarball-era security utility that remains packaged long after its original homepage workflow. It preserves a specific moment in IDS testing, before many tools moved to GitHub and before network evasion testing became a routine part of security lab distributions.

Timeline

  • 1998: Secure Networks paper on insertion, evasion, and denial-of-service attacks provides the attack taxonomy fragroute implements.
  • 2001: Copyright period begins for the fragroute source distribution.
  • 2002: fragroute 1.2 source archive, README, manpage, and Snort test notes dated April 2002.
  • 2002: Bundled notes document attacks against Snort 1.8.3 reported January 28, 2002.

Related projects

  • Official dependencies and related tools named by the project include libdnet, libpcap, libevent, fragtest, Snort test scripts, CIPE-Win32, and TUN/TAP drivers. The manpage contrasts fragroute with fragrouter by noting that fragroute affects only local outbound traffic.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 13 platform targets.
  • Installs with 2 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
/usr/local/etc/fragroute.conf

executables

Installed executables

CommandKindExposureNote
fragroutecliglobal executable
fragtestcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.2
manager updated2026-06-22
local dataok
upstreamnot checked
latest detectednot detected

https://www.monkey.org/~dugsong/fragroute/

install metadata

Package metadata

Package keybrew:fragroute
Version1.2
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/fragroute
Homepagehttps://www.monkey.org/~dugsong/fragroute/
Upstream docshttps://www.monkey.org/~dugsong/fragroute
LicenseBSD-3-Clause
Source archivehttps://www.monkey.org/~dugsong/fragroute/fragroute-1.2.tar.gz
Last updated2026-06-22T14:03:22-07:00
Pulseupdated
Dependencieslibdnet, libevent
Uses from macOSlibpcap
Bottleavailable (on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namefragroute
Version Scheme0
Revision2
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

MacPorts95%

fragroute

sudo port install fragroute
  • normalized package name match
  • Matched by: Fragroute
MacPorts ports tree · api.github.com · MacPorts ports tree: net/fragroute/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment