I’ve recently had the need to seriously mess with packets on the IP and TCP layer and went on the hunt for some good tools to do so. A quick search and some general knowledge led me to some of the most useful packeteers out there today - Tcpreplay, Bit-Twist, and of course Scapy. While I’m being a link whore, I should mention geek00l’s blog, which seems to have posts on quite a bit of packet mangling that have come in very useful. In any case, here’s a few interesting examples of how I used these:
# Using a sniffed packet and modifying it to generate other traffic # tcpreplay makes a lot of noise! ./bittwiste -I tcpdump_packets.pcap -O mod.pcap -T tcp -s 80:443 -d 80:443 ./bittwiste -I mod.pcap -O mod2.pcap -T ip -s 192.168.0.1:192.168.0.86 -d 192.168.0.1:192.168.0.86 mv mod2.pcap mod.pcap tcpreplay -R -i eth0 -l 0 mod.pcap
Or scapy’s awesome ability to read in pcap’s:
# Using scapy to fuzz sniffed traffic a=rdpcap(“tcpdump_packets.pcap”) z=IP(src=”192.168.0.86”,dst=”1.2.3.4”)/fuzz(TCP(dport=22,dataofs=5,reserved=0,flags=”PA”,window=65535,chksum=0x23,urgptr=0,options=[]))/Raw(load=a[0].load) send(z,loop=1)
That was way too easy. Fuzzing with scapy? Look above…it’s got a FUZZ method?! It couldn’t be easier. I love the world we live in.