Damon Cortesi's blog

Musings of an entrepreneur.

Packet Mangling

| Comments

I’ve recently had the need to seriously mess with packets on the IP and TCP layer and went on the hunt for some good tools to do so.  A quick search and some general knowledge led me to some of the most useful packeteers out there today - Tcpreplay, Bit-Twist, and of course Scapy.  While I’m being a link whore, I should mention geek00l’s blog, which seems to have posts on quite a bit of packet mangling that have come in very useful.  In any case, here’s a few interesting examples of how I used these:

# Using a sniffed packet and modifying it to generate other traffic # tcpreplay makes a lot of noise! ./bittwiste -I tcpdump_packets.pcap -O mod.pcap -T tcp -s 80:443 -d 80:443 ./bittwiste -I mod.pcap -O mod2.pcap -T ip -s -d mv mod2.pcap mod.pcap tcpreplay -R -i eth0 -l 0 mod.pcap

Or scapy’s awesome ability to read in pcap’s:

# Using scapy to fuzz sniffed traffic a=rdpcap(“tcpdump_packets.pcap”) z=IP(src=””,dst=””)/fuzz(TCP(dport=22,dataofs=5,reserved=0,flags=”PA”,window=65535,chksum=0x23,urgptr=0,options=[]))/Raw(load=a[0].load) send(z,loop=1)

That was way too easy.  Fuzzing with scapy?  Look above…it’s got a FUZZ method?!  It couldn’t be easier.  I love the world we live in.