OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Inquiry: packet crafting tools for encapsulated protocols?

From: Cedric Blancher (blanchercartel-securite.fr)
Date: Mon Sep 15 2003 - 17:53:34 CDT


Le lun 15/09/2003 à 02:54, Pera Mis a écrit :
> My question is: I need a packet crafting tool that allows generation
> (and, if possible, detection/dissection ) of the network packets for
> the non-common protocols encapsulated in (TCP|UDP)/IP stack. I.e. the
> packets that I need to analyze and be able to tinker with them (i.e.
> to be able to generate packets of the various malformations in their
> header and body/payload parts) have following structure:
>
> [IP header | TCP or UDP header | YYY protocol header | YYY protocol
> payload]
>
> I read somewhere some time ago (maybe 6 months ago) that there exist
> such a tool that is "intelligent" enough to recalculate the header of
> all lower layer protocols' header-fields upon changes in the length
> of the inner-most encapsulated protocol. However, not I can not
> find/reconstruct a reference to that tool.
>
> I looked through the various tools (hping2, etherpeek, nmap), they
> look like pars of what I need are there, but not all of them. I also
> searched through Google and Usenet, but there is nothing similar to
> what I need.

Maybe you should have a look at Scapy, which is a very versatile
interactive packet manipulation (injection/capture) tool written in
Python :

        http://www.cartel-securite.fr/pbiondi/projects/scapy.html

--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------