General Interests & Hobbies > General Programming

Packet Spoofing

Pages: (1/3) >>>

PaulT:

Does anybody know about spoofing packets? For example, using python to write a script that sends out packets with a fake origin IP address?

Just wondering if anybody has any experience with implementing such things. Just looking for the Mopar-perspective.

Davidi2:

I don't think you can fake the origin IP address, can you? Not without a proxy at least. Doesn't that just come through the network trace?

RSCShadow:


--- Quote from: PaulT on September 27, 2014, 11:55:32 AM ---Does anybody know about spoofing packets? For example, using python to write a script that sends out packets with a fake origin IP address?

Just wondering if anybody has any experience with implementing such things. Just looking for the Mopar-perspective.

--- End quote ---
I don't believe it's possible to do practically. There's a handshake process that needs to communicate between both parties (your IP and the server's). If you're spoofing your IP, it's not going to be able to perform a handshake (with TCP anyway).

May I ask what you're doing this for? There might be another solution.

PaulT:

So you have Debian Linux, you have the tcpreplay package. You record a packet in wireshark so you have the pcap capture file. Then you modify it with tcprewrite to have a new source IP. Then you use tcpreplay to send the packet back out on the network. I guess you could just write a python script to do this?

RSCShadow:


--- Quote from: PaulT on September 27, 2014, 12:16:50 PM ---So you have Debian Linux, you have the tcpreplay package. You record a packet in wireshark so you have the pcap capture file. Then you modify it with tcprewrite to have a new source IP. Then you use tcpreplay to send the packet back out on the network. I guess you could just write a python script to do this?

--- End quote ---
A program I found less annoying to use than Wireshark:


--- Code: ---NAME
       tcpflow - TCP flow recorder

SYNOPSIS
       tcpflow [-aBcCDhpsvVZ] [-b max_bytes] [-d debug_level] [-[eE] scanner] [-f max_fds] [-F[ctTXMkmg]] [-i iface] [-L semlock]
       [-m min_bytes] [-o outdir] [-r file1.pcap] [-R file0.pcap] [-Sname=value] [-T[filename template]] [-wfile] [-x scanner]
       [-X file.xml] [expression]

DESCRIPTION
       tcpflow is a program that captures data transmitted as part of TCP connections (flows), and stores the data in a way that is
       convenient for protocol analysis or debugging.  Rather than showing packet-by-packet information, tcpflow reconstructs the
       actual data streams and stores each flow in a separate file for later analysis.  tcpflow understands TCP sequence numbers and
       will correctly reconstruct data streams regardless of retransmissions or out-of-order delivery. tcpflow provides control over
       filenames for automatic binning of connections by protocol, IP adress or connection number, and has a sophisticated plug-in
       system for decompressing compressed HTTP connections, undoing MIME encoding, or calling user-provided programs for post-pro?
       cessing.

       By default tcpflow stores all captured data in files that have names of the form:

            192.168.101.102.02345-010.011.012.013.45103

       ...where the contents of the above file would be data transmitted from host 192.168.101.102 port 2345, to host 10.11.12.13
       port 45103.

--- End code ---


Pages: (1/3) >>>

Go to full version