Packet Manipulation/Crafting

Eildor

What is the best way of manipulating/crafting packets? I want to have full control, including source IP, destination... is that possible? I have no malicious intent, just think it would be pretty interesting to mess around with.

I'm aware that software exists for this, but I want to code it myself.

lsud00d

Scapy--

Scapy

Or if you're good with Python you can script it yourself.

I know the_hutch has some experience with this.

Also obviously use a sniffer like Wireshark to confirm what goes across the wire.

SteveO86

+1 for scapy, it's a nice tool for testing ACLs and Firewalls.

Slight learning curve as you want to understand the packet format you are crafting. It also works over WLANs to.

Eildor

SteveO86 wrote: »

+1 for scapy, it's a nice tool for testing ACLs and Firewalls.

Slight learning curve as you want to understand the packet format you are crafting. It also works over WLANs to.

How does one learn the packet format? If I were to capture packets on Wireshark would that give me what I need?

Also, what would stop me from crafting thousands of CDP packets to do some sort of DoS attack on a local switch? Apart from turning CDP off, of course...

lsud00d

Here's common packets:

Raw Packet Formats

and CDP:

Frame Formats

All just a short google away

Eildor

lsud00d wrote: »

Here's common packets:

Raw Packet Formats

and CDP:

Frame Formats

All just a short google away

Yeah you're right, in fact it's the first thing that comes up! Sorry. Cheers mate.

lsud00d

No problem, just glad to help!

dover

I'm going to throw out hping2 as a simple, easy to use packet crafting tool - although it is not nearly as full featured as Scapy.

Also fun is netdude. It gives you some pretty amazing abilities.

Eildor

Sweet, will try some of these out when I get time. Thanks guys.

the_hutch

lsud00d wrote: »

Scapy--

Scapy

Or if you're good with Python you can script it yourself.

I know the_hutch has some experience with this.

Also obviously use a sniffer like Wireshark to confirm what goes across the wire.

Haha...yep. Scapy is pretty much the coolest scripting library ever. Complete control over ever aspect of the TCP/IP stack when handling raw packets. I've tried to find equivalents in other scripting languages...but there is nothing comparable (at least from what I've found). The only set back is that there is a lack of documentation, so learning it is a lot of trial and error. I'm thinking about producing a video series on using Scapy.

Eildor

the_hutch wrote: »

I'm thinking about producing a video series on using Scapy.

Please do!

dover

Mike Poor and Judy Novak have a good scapy example for crafting overlapping packets at packetstan.com.

Site hasn't been updated in a long time, unfortunately. Still a good example though.

Packetstan

Eildor

dover wrote: »

Mike Poor and Judy Novak have a good scapy example for crafting overlapping packets at packetstan.com.

Site hasn't been updated in a long time, unfortunately. Still a good example though.

Packetstan

Thank you.

How much Python would I need to learn? Never done anything in Python before, looks quite a bit different to Java.

cisco_trooper

I want to say hping3

hping3( - Linux man page

CodeBlox

If you want true control over crafting everything in your packets in C, look up raw sockets. This will do what you want. See below:

The RAW socket C programming tutorial with working program examples tested on Linux OS

Eildor

CodeBlox wrote: »

If you want true control over crafting everything in your packets in C, look up raw sockets. This will do what you want. See below:

The RAW socket C programming tutorial with working program examples tested on Linux OS

Would love to learn C, just don't have the time at the moment. From what I remember it's a rather small language though. I was going through Brian Kernighan's book a few years ago, the exercises are pretty tough. I never got to finish it, or even get halfway (and it's not even a big book!).