Packet crafting
Encyclopedia
Packet crafting is a technique that allows network administrator
s or hackers
to probe firewall
rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behaviour, instead of using existing network traffic. Testing may target the firewall, IDS, TCP/IP stack, router or any other component of the network. Packets are usually created by using a packet generator
or packet analyzer which allows for specific options and flags
to be set on the created packets. The act of packet crafting can be broken into four stages: Packet Assembly, Packet Editing, Packet Play and Packet Decoding. Tools exist for each of the stages - some tools are focussed only on one stage while others such as Ostinato try to encompass all stages.
, Nemesis, Ostinato, Cat Karat packet builder, Scapy
and Yersinia
. Packets may be of any protocol
and are designed to test specific rules or situations. For example, a TCP packet may be created with a set of erroneous flags to ensure that the target machine sends a RESET command or that the firewall blocks any response.
files to be replayed later.
format and sending those packets at the original rate or a user-defined rate. Ostinato added support for pcap
files in version 0.4. Some packet analyzers are also capable of packet replay.
and analysis of the network traffic generated during Packet Play. In order to determine the targeted network's response to the scenario created by Packet Play, the response must be captured by a packet analyzer and decoded according to the appropriate specifications. Depending on the packets sent, a desired response may be no packets were returned or that a connection was successfully established, among others.
Network administrator
A network administrator, network analyst or network engineer is a person responsible for the maintenance of computer hardware and software that comprises a computer network...
s or hackers
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
to probe firewall
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behaviour, instead of using existing network traffic. Testing may target the firewall, IDS, TCP/IP stack, router or any other component of the network. Packets are usually created by using a packet generator
Packet generator
A packet generator or packet builder is a type of software that generates random packets or allows the user to construct detailed custom packets. Packet generators utilize raw sockets....
or packet analyzer which allows for specific options and flags
Flag (computing)
In computer programming, flag can refer to one or more bits that are used to store a binary value or code that has an assigned meaning, but can refer to uses of other data types...
to be set on the created packets. The act of packet crafting can be broken into four stages: Packet Assembly, Packet Editing, Packet Play and Packet Decoding. Tools exist for each of the stages - some tools are focussed only on one stage while others such as Ostinato try to encompass all stages.
Packet Assembly
Packet Assembly is the creation of the packets to be sent. Some popular programs used for packet assembly are HpingHping
hping is a free packet generator and analyzer for the TCP/IP protocol distributed by Salvatore Sanfilippo .Hping is one of the de facto tools for security auditing and testing of firewalls and networks, and was used to exploit the idle scan scanning technique , and now implemented in the Nmap...
, Nemesis, Ostinato, Cat Karat packet builder, Scapy
Scapy
Scapy is a packet manipulation tool for computer networks, written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies...
and Yersinia
Yersinia (computing)
Yersinia - is a network security/hacking tool for Unix-like operating systems, designed to take advantage of some weakness in different network protocols. Yersinia is considered a valuable and widely used security tool...
. Packets may be of any protocol
Communications protocol
A communications protocol is a system of digital message formats and rules for exchanging those messages in or between computing systems and in telecommunications...
and are designed to test specific rules or situations. For example, a TCP packet may be created with a set of erroneous flags to ensure that the target machine sends a RESET command or that the firewall blocks any response.
Packet Editing
Packet Editing is the modification of created or captured packets. This involves modifying packets in manners which are difficult or impossible to do in the Packet Assembly stage, such as modifying the payload of a packet. Programs such as Ostinato, Netdude allow a user to modify recorded packets' fields, checksums and payloads quite easily. These modified packets can be saved in packet streams which may be stored in pcapPcap
In the field of computer network administration, pcap consists of an application programming interface for capturing network traffic...
files to be replayed later.
Packet Play
Packet Play or Packet Replay is the act of sending a pre-generated or captured series of packets. Packets may come from Packet Assembly and Editing or from caputed network attacks. This allows for testing of a given usage or attack scenario for the targeted network. Tcpreplay is the most common program for this task since it is capable of taking a stored packet stream in the pcapPcap
In the field of computer network administration, pcap consists of an application programming interface for capturing network traffic...
format and sending those packets at the original rate or a user-defined rate. Ostinato added support for pcap
Pcap
In the field of computer network administration, pcap consists of an application programming interface for capturing network traffic...
files in version 0.4. Some packet analyzers are also capable of packet replay.
Packet Decoding
Packet Decoding is the capturePacket capture
Packet capture is the act of capturing data packets crossing a computer network. Deep packet capture is the act of capturing, at full network speed, complete network packets crossing a network with a high traffic rate...
and analysis of the network traffic generated during Packet Play. In order to determine the targeted network's response to the scenario created by Packet Play, the response must be captured by a packet analyzer and decoded according to the appropriate specifications. Depending on the packets sent, a desired response may be no packets were returned or that a connection was successfully established, among others.
External links
- Packet Crafting for Firewall & IDS Audits (Part 1 of 2) by Don Parker http://www.securityfocus.com/infocus/1787
- Wikiformat article detailing Packet crafting
- Bit-Twist - Libpcap-based Ethernet packet generator http://bittwist.sourceforge.net/