Monday, 16 June 2014

Tools for creating TCP/IP packets

hping (http://www.hping.org/)

hping is a command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features

Features include:
    * Firewall testing
    * Advanced port scanning
    * Network testing, using different protocols, TOS, fragmentation
    * Manual path MTU discovery
    * Advanced traceroute, under all the supported protocols
    * Remote OS fingerprinting
    * Remote uptime guessing
    * TCP/IP stacks auditing
    * hping can also be useful to students that are learning TCP/IP

Hping works on the following unix-like systems: Linux, FreeBSD, NetBSD, OpenBSD, Solaris, MacOs X, Windows. 

Nemesis (http://nemesis.sourceforge.net/)

Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.

Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.

Features include:
    * ARP/RARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP protocol support
    * Layer 2 or Layer 3 injection
    * Packet payload from file
    * IP and TCP options from file

Scapy (http://www.secdev.org/projects/scapy/)

Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. 

It can handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery (it can replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, etc.).

Features include:
    * Port Scanning
          o SYN Scan
          o Other TCP Scans
          o UDP Scans
          o IP Scan
    * Host Discovery
          o ARP Ping
          o ICMP Ping
          o TCP Ping
          o UDP Ping
    * OS Fingerprinting
          o ISN
          o nmap_fp
          o p0f
          o queso
    * Sniffer - includes powerful facilities for traffic capture and analysis
    * Wireless - can not only sniff and decode packets but also inject arbitrary packets
    * Traceroute - standard ICMP Traceroute can be emulated
    * Firewall/IDS Testing
          o TCP Timestamp Filtering
          o NAT Detection
          o Firewalking

Yersinia (http://www.yersinia.net)

Yersinia is a framework for performing layer 2 attacks. 

It is designed to take advantage of some weakeness in different network protocols. It pretends to be a solid framework for analyzing and testing the deployed networks and systems.

Features include:
    * Attacks for the following network protocols are supported
          o  Spanning Tree Protocol (STP)
          o Cisco Discovery Protocol (CDP)
          o Dynamic Trunking Protocol (DTP)
          o Dynamic Host Configuration Protocol (DHCP)
          o Hot Standby Router Protocol (HSRP)
          o 802.1q
          o 802.1x
          o Inter-Switch Link Protocol (ISL)
          o VLAN Trunking Protocol (VTP)

SendIP (http://www.earth.li/projectpurple/progs/sendip.html)

SendIP is a command-line tool to send arbitrary IP packets. It has a large number of options to specify the content of every header of a RIP, RIPng, BGP, TCP, UDP, ICMP, or raw IPv4/IPv6 packet. It also allows any data to be added to the packet. Checksums can be calculated automatically, but if you wish to send out wrong checksums, that is supported too.

packETH (http://packeth.sourceforge.net/)

packETH is a Linux GUI packet generator tool for ethernet. It allows you to create and send any possible packet or sequence of packets on the ethernet. 

Features:
 * you can create and send any ethernet packet. Supported protocols:
      o ethernet II, ethernet 802.3, 802.1q, QinQ
      o ARP, IPv4, user defined network layer payload
      o UDP, TCP, ICMP, IGMP, user defined transport layer payload
      o RTP (payload with options to send sin wave of any frequency for G.711)
 * sending sequence of packets
      o delay between packets, number of packets to send
      o sending with max speed, approaching the teoretical boundary
      o change parameters while sending (change IP & mac address, UDP payload, 2 user defined bytes, etc.)
  * saving configuration to a file and load from it - pcap format supported

Mausezahn (http://www.perihel.at/sec/mz/)

Mausezahn is a fast traffic generator which allows you to send nearly every possible and impossible packet. Mausezahn can be used, for example, as a traffic generator to stress multicast networks, for penetration testing of firewalls and IDS, for simulating DoS attacks on networks, to find bugs in network software or appliances, for reconnaissance attacks using ping sweeps and port scans, or to test network behavior under strange circumstances. Mausezahn gives you full control over the network interface card and allows you to send any byte stream you want (even violating Ethernet rules). 

Mausezahn can be used for example:
    * As traffic generator (e. g. to stress multicast networks)
    * To precisely measure jitter (delay variations) between two hosts (e. g. for VoIP-SLA verification)
    * As didactical tool during a datacom lecture or for lab exercises
    * For penetration testing of firewalls and IDS
    * For DoS attacks on networks (for audit purposes of course)
    * To find bugs in network software or appliances
    * For reconnaissance attacks using ping sweeps and port scans
    * To test network behaviour under strange circumstances (stress test, malformed packets, ...)

...and more. Mausezahn is basically a versatile packet creation tool on the command line with a simple syntax and context help. It could also be used within (bash-) scripts to perform combination of tests. 

No comments:

Post a Comment