# Install fragroute with Homebrew, MacPorts

Intercepts, modifies and rewrites egress traffic for a specified host. Version 1.2 via Homebrew; verified 2026-06-22.

## Install

```sh
sudo av install brew:fragroute
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install fragroute
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install fragroute
```

  Evidence: MacPorts ports tree: net/fragroute/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:fragroute
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/fragroute>
- **Version:** 1.2
- **Source summary:** Intercepts, modifies and rewrites egress traffic for a specified host
- **Homepage:** <https://www.monkey.org/~dugsong/fragroute/>
- **Upstream docs:** <https://www.monkey.org/~dugsong/fragroute>
- **License:** BSD-3-Clause
- **Source archive:** <https://www.monkey.org/~dugsong/fragroute/fragroute-1.2.tar.gz>
- **Last updated:** 2026-06-22T14:03:22-07:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- fragroute (cli)
- fragtest (cli)
- fragroute (alias)
- fragtest (alias)

## Dependencies

- libdnet
- libevent

## Uses from macOS

- libpcap

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.2
- Package-manager updated: 2026-06-22
- Local data: ok
- Upstream repository: https://www.monkey.org/~dugsong/fragroute/
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

fragroute is a classic network-security test tool by Dug Song for intercepting, modifying, and rewriting outbound traffic to a target host. Its purpose is to reproduce insertion, evasion, and denial-of-service techniques against intrusion-detection systems and TCP/IP stacks in a controlled test setting.

### Project history

The official homepage describes fragroute as an implementation of most attacks from the January 1998 Secure Networks paper on eluding network intrusion detection. The bundled license covers 2001 and 2002, and the 1.2 source archive contains README and manpage files dated April 2002.

The project belongs to the same early-2000s packet-manipulation culture as libdnet and libpcap-based security tools. Its author page distributed source tarballs and plain-text manpages rather than a modern public source-control repository.

### Adoption history

fragroute's official page documented builds on OpenBSD, FreeBSD, Linux, Solaris, and Windows 2000, with dependencies on libdnet, libpcap, libevent, and platform tunnel drivers. The bundled scripts include notes for attacks reported against Snort 1.8.3 in January 2002, anchoring the tool in IDS regression testing practice.

### How it is used

The fragroute executable reads a ruleset and a target host, then applies directives such as delay, duplicate, drop, fragment, overlap, print, reorder, segment, source-route, TTL, and TOS changes to outbound packets. fragtest complements it by probing a remote host's IP fragment reassembly behavior.

### Why package nerds care

For package-history purposes, fragroute is significant because it is a tarball-era security utility that remains packaged long after its original homepage workflow. It preserves a specific moment in IDS testing, before many tools moved to GitHub and before network evasion testing became a routine part of security lab distributions.

### Timeline

- 1998: Secure Networks paper on insertion, evasion, and denial-of-service attacks provides the attack taxonomy fragroute implements.
- 2001: Copyright period begins for the fragroute source distribution.
- 2002: fragroute 1.2 source archive, README, manpage, and Snort test notes dated April 2002.
- 2002: Bundled notes document attacks against Snort 1.8.3 reported January 28, 2002.

### Related projects

- Official dependencies and related tools named by the project include libdnet, libpcap, libevent, fragtest, Snort test scripts, CIPE-Win32, and TUN/TAP drivers. The manpage contrasts fragroute with fragrouter by noting that fragroute affects only local outbound traffic.

### Sources

- <https://www.monkey.org/~dugsong/fragroute>
- <https://www.monkey.org/~dugsong/fragroute/fragroute-1.2.tar.gz>
- <https://www.monkey.org/~dugsong/fragroute/fragroute.8.txt>
- <https://www.monkey.org/~dugsong/fragroute/fragtest.8.txt>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: /usr/local/etc/fragroute.conf
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** fragroute
- **Version Scheme:** 0
- **Revision:** 2
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- MacPorts - fragroute: normalized package name match | MacPorts ports tree: net/fragroute/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Homebrew utility packages](https://www.automicvault.com/pkg/brew-utility-packages/) - Matched Homebrew package provider.
- [libdnet](https://www.automicvault.com/pkg/brew/libdnet/) - Runtime dependency declared by Homebrew.
- [libevent](https://www.automicvault.com/pkg/brew/libevent/) - Runtime dependency declared by Homebrew.
- [arpoison](https://www.automicvault.com/pkg/brew/arpoison/) - Shares av.db curated category or tags: cli, network-security, security.
- [ettercap](https://www.automicvault.com/pkg/brew/ettercap/) - Shares av.db curated category or tags: cli, network-security, security.
- [rshijack](https://www.automicvault.com/pkg/brew/rshijack/) - Shares av.db curated category or tags: cli, network-security, security.
- [suricata](https://www.automicvault.com/pkg/brew/suricata/) - Shares av.db curated category or tags: cli, network-security, security.
- [fwknop](https://www.automicvault.com/pkg/brew/fwknop/) - Shares av.db curated category or tags: cli, network-security, security.
- [bettercap](https://www.automicvault.com/pkg/brew/bettercap/) - Shares av.db curated category or tags: cli, network-security, security.
- [killswitch](https://www.automicvault.com/pkg/brew/killswitch/) - Shares av.db curated category or tags: cli, network-security, security.
- [openssh](https://www.automicvault.com/pkg/brew/openssh/) - Shares av.db curated category or tags: cli, network-security, security.

## Combined YAML source

View the package source record on GitHub. [combined/fragroute.yml](https://github.com/automic-vault/db/blob/main/combined/fragroute.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
