Tcpreplay
   HOME

TheInfoList



Click Here for Items Related To - Tcpreplay
OR:
Tcpreplay on:   [Wikipedia]   [Google]   [Amazon]

Packet crafting is a technique that allows
network administrator A network administrator is a person designated in an organization whose responsibility includes maintaining computer infrastructures with emphasis on local area networks (LANs) up to wide area networks (WANs). Responsibilities may vary between or ...
s to probe
firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...
rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behaviour, instead of using existing network traffic. Testing may target the firewall,
IDS IDS may refer to: Computing * IBM Informix Dynamic Server, a relational database management system * Ideographic Description Sequence, describing a Unihan character as a combination of other characters * Integrated Data Store, one of the first d ...
, TCP/IP stack, router or any other component of the network. Packets are usually created by using a
packet generator A packet generator or packet builder is a type of software that generates random packets or allows the user to construct detailed custom packets. Depending on the network medium and operating system, packet generators utilize raw sockets, NDIS fu ...
or
packet analyzer A packet analyzer (also packet sniffer or network analyzer) is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capt ...
which allows for specific options and
flags A flag is a piece of fabric (most often rectangular) with distinctive colours and design. It is used as a symbol, a signalling device, or for decoration. The term ''flag'' is also used to refer to the graphic design employed, and flags have ...
to be set on the created packets. The act of packet crafting can be broken into four stages: Packet Assembly, Packet Editing, Packet Play and Packet Decoding. Tools exist for each of the stages - some tools are focused only on one stage while others such a
Ostinato
try to encompass all stages.


Packet assembly

Packet Assembly is the creation of the packets to be sent. Some popular programs used for packet assembly are
Hping hping is an open-source packet generator and analyzer for the TCP/IP protocol created by Salvatore Sanfilippo (also known as Antirez). It is one of the common tools used for security auditing and testing of firewalls and networks, and was used ...
,
Nemesis In ancient Greek religion and myth, Nemesis (; ) also called Rhamnousia (or Rhamnusia; ), was the goddess who personified retribution for the sin of hubris: arrogance before the gods. Etymology The name ''Nemesis'' is derived from the Greek ...

OstinatoCat Karat packet builderLibcrafterlibtinsPcapPlusPlus
Scapy Scapy is a packet manipulation tool for computer networks, originally written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanni ...

Wirefloss
and Yersinia. Packets may be of any
protocol Protocol may refer to: Sociology and politics * Protocol (politics) Protocol originally (in Late Middle English, c. 15th century) meant the minutes or logbook taken at a meeting, upon which an agreement was based. The term now commonly refers to ...
and are designed to test specific rules or situations. For example, a
TCP packet The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonl ...
may be created with a set of erroneous flags to ensure that the target machine sends a RESET command or that the firewall blocks any response.


Packet editing

Packet Editing is the modification of created or captured packets. This involves modifying packets in manners which are difficult or impossible to do in the Packet Assembly stage, such as modifying the payload of a packet. Programs such as
Scapy Scapy is a packet manipulation tool for computer networks, originally written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanni ...

Ostinato
Netdude allow a user to modify recorded packets' fields, checksums and payloads quite easily. These modified packets can be saved in packet streams which may be stored in
pcap In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of ''packet capture'', that is not the API's proper name. Unix-like systems ...
files to be replayed later.


Packet play

Packet Play or Packet Replay is the act of sending a pre-generated or captured series of packets. Packets may come from Packet Assembly and Editing or from captured network attacks. This allows for testing of a given usage or attack scenario for the targeted network. Tcpreplay is the most common program for this task since it is capable of taking a stored packet stream in the
pcap In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of ''packet capture'', that is not the API's proper name. Unix-like systems ...
format and sending those packets at the original rate or a user-defined rate.
Scapy Scapy is a packet manipulation tool for computer networks, originally written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanni ...
also supports send functions to replay any saved packets/pcap
Ostinato
added support for
pcap In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of ''packet capture'', that is not the API's proper name. Unix-like systems ...
files in version 0.4. Some packet analyzers are also capable of packet replay.


Packet decoding

Packet Decoding is the
capture Capture may refer to: Arts and entertainment * "Capture", a song by Simon Townshend * Capture (band), an Australian electronicore band previously known as Capture the Crown * ''Capture'' (TV series), a reality show Television episodes * "Chapter ...
and analysis of the network traffic generated during Packet Play. In order to determine the targeted network's response to the scenario created by Packet Play, the response must be captured by a
packet analyzer A packet analyzer (also packet sniffer or network analyzer) is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capt ...
and decoded according to the appropriate specifications. Depending on the packets sent, a desired response may be no packets were returned or that a connection was successfully established, among others. The most famous tools for that task are
Wireshark Wireshark is a Free and open-source software, free and open-source packet analyzer. It is used for computer network, network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, ...
and
Scapy Scapy is a packet manipulation tool for computer networks, originally written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanni ...
.


See also

*
Comparison of packet analyzers Comparison or comparing is the act of evaluating two or more things by determining the relevant, comparable characteristics of each thing, and then determining which characteristics of each are similar to the other, which are different, and t ...
*
Replay attack A replay attack (also known as a repeat attack or playback attack) is a form of network attack in which valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary w ...
*
Packet Sender is an open source utility to allow sending and receiving TCP and UDP packets. It also supports TCP connections using SSL, intense traffic generation, HTTP(S) GET/POST requests, and panel generation. It is available for Windows, Mac, and Linux. ...


References


External links

* Packet Crafting for Firewall & IDS Audits (Part 1 of 2) by Don Parke

* Wikiformat article detailin
Packet crafting
* Bit-Twist - Libpcap-based Ethernet packet generato


Packet Sender
- open source packet generator focused on ease-of-use {{DEFAULTSORT:Packet Crafting Network analyzers ru:Конструктор пакетов