Jump to content

Packet crafting: Difference between revisions

From Wikipedia, the free encyclopedia
Content deleted Content added
m Packet play: rm self-lk
 
(37 intermediate revisions by 32 users not shown)
Line 1: Line 1:
{{Short description|Network analyzing technique}}
'''Packet crafting''' is a technique that allows [[Network administrator|network administrators]] or [[Hacker (computer security)|hackers]] to probe [[Firewall (computing)|firewall]] rule-sets and find entry points into a targeted system or network. This is done by manually generating [[Packet (information technology)|packets]] to test network devices and behaviour, instead of using existing network traffic.<ref name=zereneh>{{cite web | last = Zereneh | first= William | url = http://www.scs.ryerson.ca/~zereneh/linux/PacketCrafting.pdf | title= Packet Crafting | accessdate = 2010-08-01 }}</ref> Testing may target the firewall, [[Intrusion detection system|IDS]], [[TCP/IP stack]], [[router]] or any other component of the network.<ref name=zereneh /><ref name=poor>{{cite web | last = Poor | first = Mike | url = http://www.inguardians.com/research/docs/packetfoo.pdf | title = Packet Craft for Defense-in-Depth | publisher = InGuardians | accessdate = 2010-08-01 }}</ref> Packets are usually created by using a [[packet generator]] or [[packet analyzer]] which allows for specific options and [[Flag (computing)|flags]] to be set on the created packets. The act of packet crafting can be broken into four stages: Packet Assembly, Packet Editing, Packet Play and Packet Decoding.<ref name=zereneh /><ref name=poor />
==Packet Assembly==
Packet Assembly is the creation of the packets to be sent. Some popular programs used for packet assembly are [[Hping]], [[Nemesis (software)|Nemesis]], [http://ostinato.googlecode.com/ Ostinato], [[Scapy]] and [[Yersinia (computing)|Yersinia]].<ref name=sectools>{{cite web | url = http://sectools.org/packet-crafters.html | title= Top 4 Packet Crafting Tools | publisher = SecTools.org | accessdate = 2010-08-01}}</ref><ref name=poor /><ref name=zereneh />Packets may be of any [[Communications protocol|protocol]] and are designed to test specific rules or situations. For example, a [[TCP packet]] may be created with a set of erroneous flags to ensure that the target machine sends a RESET command or that the firewall blocks any response.<ref name=zereneh /><ref name=poor />


{{Multiple issues|
==Packet Editing==
{{Advert|date=August 2024}}
Packet Editing is the modification of created or captured packets. This involves modifying packets in manners which are difficult or impossible to do in the Packet Assembly stage, such as modifying the payload of a packet.<ref name=poor /> Programs such as [[Netdude]] allow a user to modify recorded packets' fields, checksums and payloads quite easily.<ref name=zereneh /> These modified packets can be saved in packet streams which may be stored in [[pcap]] files to be replayed later.
{{More citations needed|date=August 2024}}
==Packet Play==
}}
Packet Play or Packet Replay is the act of sending a pre-generated or captured series of packets. Packets may come from Packet Assembly and Editing or from caputed network attacks. This allows for testing of a given usage or attack scenario for the targeted network. [[Tcpreplay]] is the most common program for this task since it is capable of taking a stored packet stream in the [[pcap]] format and sending those packets at the original rate or a user-defined rate. Some packet analyzers are also capable of packet replay.
'''Packet crafting''' is a technique that allows [[network administrator]]s to probe [[Firewall (computing)|firewall]] rule-sets and find entry points into a targeted system or network. This is done by manually generating [[Packet (information technology)|packets]] to test network devices and behaviour, instead of using existing network traffic.<ref name=zereneh>{{cite web | last = Zereneh | first= William | url = http://www.scs.ryerson.ca/~zereneh/linux/PacketCrafting.pdf | title= Packet Crafting | accessdate = 2010-08-01 }}</ref> Testing may target the firewall, [[Intrusion detection system|IDS]], [[TCP/IP stack]], [[Router (computing)|router]] or any other component of the network.<ref name=zereneh /><ref name=poor>{{cite web | last = Poor | first = Mike | url = http://www.inguardians.com/research/docs/packetfoo.pdf | title = Packet Craft for Defense-in-Depth | publisher = InGuardians | accessdate = 2010-08-01 }}</ref> Packets are usually created by using a [[packet generator]] or [[packet analyzer]] which allows for specific options and [[Flag (computing)|flags]] to be set on the created packets. The act of packet crafting can be broken into four stages: Packet Assembly, Packet Editing, Packet Play and Packet Decoding.<ref name=zereneh /><ref name=poor /> Tools exist for each of the stages - some tools are focused only on one stage while others such as [http://ostinato.org/ Ostinato] try to encompass all stages.


==Packet Decoding==
==Packet assembly==
Packet Assembly is the creation of the packets to be sent. Some popular programs used for packet assembly are [[Hping]], [[Nemesis (software)|Nemesis]], [http://ostinato.org/ Ostinato], [http://packetbuilder.net/ Cat Karat packet builder], [https://github.com/pellegre/libcrafter Libcrafter], [http://libtins.sourceforge.net libtins], [https://pcapplusplus.github.io/ PcapPlusPlus], [[Scapy]], [http://wirefloss.com Wirefloss] and Yersinia.<ref name=zereneh /><ref name=poor /><ref name=sectools>{{cite web | url = http://sectools.org/packet-crafters.html | title= Top 4 Packet Crafting Tools | publisher = SecTools.org | accessdate = 2010-08-01}}</ref> Packets may be of any [[Communications protocol|protocol]] and are designed to test specific rules or situations. For example, a [[TCP packet]] may be created with a set of erroneous flags to ensure that the target machine sends a RESET command or that the firewall blocks any response.<ref name=zereneh /><ref name=poor />
Packet Decoding is the [[Packet capture|capture]] and analysis of the network traffic generated during Packet Play. In order to determine the targeted network's response to the scenario created by Packet Play, the response must be captured by a [[packet analyzer]] and decoded according to the appropriate specifications. Depending on the packets sent, a desired response may be no packets were returned or that a connection was successfully established, among others.

==References==
==Packet editing==
<references />
Packet Editing is the modification of created or captured packets. This involves modifying packets in manners which are difficult or impossible to do in the Packet Assembly stage, such as modifying the payload of a packet.<ref name=poor /> Programs such as [[Scapy]], [http://ostinato.org/ Ostinato], [[Netdude]] allow a user to modify recorded packets' fields, checksums and payloads quite easily.<ref name=zereneh /> These modified packets can be saved in packet streams which may be stored in [[pcap]] files to be replayed later.

==Packet play==
Packet Play or Packet Replay is the act of sending a pre-generated or captured series of packets. Packets may come from Packet Assembly and Editing or from captured network attacks. This allows for testing of a given usage or attack scenario for the targeted network. Tcpreplay is the most common program for this task since it is capable of taking a stored packet stream in the [[pcap]] format and sending those packets at the original rate or a user-defined rate. [[Scapy]] also supports send functions to replay any saved packets/pcap. [http://ostinato.org/ Ostinato] added support for [[pcap]] files in version 0.4.<ref name=ostcl>{{cite web | url = http://ostinato.org/wiki/ChangeLog | title= Ostinato ChangeLog | accessdate = 2011-04-30 }}</ref> Some packet analyzers are also capable of packet replay.

==Packet decoding==
Packet Decoding is the [[Packet capture|capture]] and analysis of the network traffic generated during Packet Play. In order to determine the targeted network's response to the scenario created by Packet Play, the response must be captured by a [[packet analyzer]] and decoded according to the appropriate specifications. Depending on the packets sent, a desired response may be no packets were returned or that a connection was successfully established, among others. The most famous tools for that task are [[Wireshark]] and [[Scapy]].


== See also ==
== See also ==
*[[Comparison of packet analyzers]]
* [[Comparison of packet analyzers]]
*[[Packetsquare]]
* [[Replay attack]]
*[[Replay attack]]
* [[Packet Sender]]

==References==
<references />


==External links==
==External links==
*Packet Crafting for Firewall & IDS Audits (Part 1 of 2) by Don Parker [http://www.securityfocus.com/infocus/1787]
* Packet Crafting for Firewall & IDS Audits (Part 1 of 2) by Don Parker [http://www.securityfocus.com/infocus/1787]
*Wikiformat article detailing [http://www.wikistc.org/wiki/Packet_crafting Packet crafting]
* Wikiformat article detailing [http://www.wikistc.org/wiki/Packet_crafting Packet crafting]
* Bit-Twist - Libpcap-based Ethernet packet generator [http://bittwist.sourceforge.net/]
* [https://packetsender.com/ Packet Sender] - open source packet generator focused on ease-of-use


{{DEFAULTSORT:Packet Crafting}}
[[Category:Network analyzers]]
[[Category:Network analyzers]]

{{compu-network-stub}}


[[ru:Конструктор пакетов]]
[[ru:Конструктор пакетов]]

Latest revision as of 00:06, 6 September 2024

Packet crafting is a technique that allows network administrators to probe firewall rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behaviour, instead of using existing network traffic.[1] Testing may target the firewall, IDS, TCP/IP stack, router or any other component of the network.[1][2] Packets are usually created by using a packet generator or packet analyzer which allows for specific options and flags to be set on the created packets. The act of packet crafting can be broken into four stages: Packet Assembly, Packet Editing, Packet Play and Packet Decoding.[1][2] Tools exist for each of the stages - some tools are focused only on one stage while others such as Ostinato try to encompass all stages.

Packet assembly

[edit]

Packet Assembly is the creation of the packets to be sent. Some popular programs used for packet assembly are Hping, Nemesis, Ostinato, Cat Karat packet builder, Libcrafter, libtins, PcapPlusPlus, Scapy, Wirefloss and Yersinia.[1][2][3] Packets may be of any protocol and are designed to test specific rules or situations. For example, a TCP packet may be created with a set of erroneous flags to ensure that the target machine sends a RESET command or that the firewall blocks any response.[1][2]

Packet editing

[edit]

Packet Editing is the modification of created or captured packets. This involves modifying packets in manners which are difficult or impossible to do in the Packet Assembly stage, such as modifying the payload of a packet.[2] Programs such as Scapy, Ostinato, Netdude allow a user to modify recorded packets' fields, checksums and payloads quite easily.[1] These modified packets can be saved in packet streams which may be stored in pcap files to be replayed later.

Packet play

[edit]

Packet Play or Packet Replay is the act of sending a pre-generated or captured series of packets. Packets may come from Packet Assembly and Editing or from captured network attacks. This allows for testing of a given usage or attack scenario for the targeted network. Tcpreplay is the most common program for this task since it is capable of taking a stored packet stream in the pcap format and sending those packets at the original rate or a user-defined rate. Scapy also supports send functions to replay any saved packets/pcap. Ostinato added support for pcap files in version 0.4.[4] Some packet analyzers are also capable of packet replay.

Packet decoding

[edit]

Packet Decoding is the capture and analysis of the network traffic generated during Packet Play. In order to determine the targeted network's response to the scenario created by Packet Play, the response must be captured by a packet analyzer and decoded according to the appropriate specifications. Depending on the packets sent, a desired response may be no packets were returned or that a connection was successfully established, among others. The most famous tools for that task are Wireshark and Scapy.

See also

[edit]

References

[edit]
  1. ^ a b c d e f Zereneh, William. "Packet Crafting" (PDF). Retrieved 2010-08-01.
  2. ^ a b c d e Poor, Mike. "Packet Craft for Defense-in-Depth" (PDF). InGuardians. Retrieved 2010-08-01.
  3. ^ "Top 4 Packet Crafting Tools". SecTools.org. Retrieved 2010-08-01.
  4. ^ "Ostinato ChangeLog". Retrieved 2011-04-30.
[edit]
  • Packet Crafting for Firewall & IDS Audits (Part 1 of 2) by Don Parker [1]
  • Wikiformat article detailing Packet crafting
  • Bit-Twist - Libpcap-based Ethernet packet generator [2]
  • Packet Sender - open source packet generator focused on ease-of-use