Packet crafting is a technique that allows

network administrator A network administrator is a person designated in an organization whose responsibility includes maintaining computer infrastructures with emphasis on local area networks (LANs) up to wide area networks (WANs). Responsibilities may vary between org ...

s to probe

firewall Firewall may refer to: * Firewall (computing), a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts * Firewall (construction), a barrier inside a building, designed to limit the spre ...

rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behaviour, instead of using existing network traffic. Testing may target the firewall,

IDS IDS may refer to: Computing * IBM Informix Dynamic Server, a relational database management system * Ideographic Description Sequence, describing a Unihan character as a combination of other characters * Integrated Data Store, one of the first da ...

TCP/IP stack The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suit ...

, router or any other component of the network. Packets are usually created by using a

packet generator A packet generator or packet builder is a type of software that generates random packets or allows the user to construct detailed custom packets. Depending on the network medium and operating system, packet generators utilize raw sockets, NDIS fun ...

packet analyzer A packet analyzer, also known as packet sniffer, protocol analyzer, or network analyzer, is a computer program or computer hardware such as a packet capture appliance, that can intercept and log traffic that passes over a computer network or ...

which allows for specific options and

flags A flag is a piece of fabric (most often rectangular or quadrilateral) with a distinctive design and colours. It is used as a symbol, a signalling device, or for decoration. The term ''flag'' is also used to refer to the graphic design emplo ...

to be set on the created packets. The act of packet crafting can be broken into four stages: Packet Assembly, Packet Editing, Packet Play and Packet Decoding. Tools exist for each of the stages - some tools are focused only on one stage while others such a
Ostinato
try to encompass all stages.

Packet assembly

Packet Assembly is the creation of the packets to be sent. Some popular programs used for packet assembly are

Hping hping is an open-source packet generator and analyzer for the TCP/IP protocol created by Salvatore Sanfilippo (also known as Antirez). It is one of the common tools used for security auditing and testing of firewalls and networks, and was used t ...

Nemesis In ancient Greek religion, Nemesis, also called Rhamnousia or Rhamnusia ( grc, Ῥαμνουσία, Rhamnousía, the goddess of Rhamnous), was the goddess who personifies retribution, a central concept in the Greek world view. Etymology The n ...

OstinatoCat Karat packet builderLibcrafterlibtinsPcapPlusPlus

Scapy Scapy is a packet (information technology), packet manipulation tool for computer networks, originally written in Python (programming language), Python by Philippe Biondi. It can forge or decode Network packet, packets, send them on the wire, cap ...

Wirefloss
and

Yersinia ''Yersinia'' is a genus of bacteria in the family Yersiniaceae. ''Yersinia'' species are Gram-negative, coccobacilli bacteria, a few micrometers long and fractions of a micrometer in diameter, and are facultative anaerobes. Some members of ''Ye ...

. Packets may be of any

protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...

and are designed to test specific rules or situations. For example, a TCP packet may be created with a set of erroneous flags to ensure that the target machine sends a RESET command or that the firewall blocks any response.

Packet editing

Packet Editing is the modification of created or captured packets. This involves modifying packets in manners which are difficult or impossible to do in the Packet Assembly stage, such as modifying the payload of a packet. Programs such as

Ostinato
Netdude allow a user to modify recorded packets' fields, checksums and payloads quite easily. These modified packets can be saved in packet streams which may be stored in

pcap In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of ''packet capture'', that is not the API's proper name. Unix-like system ...

files to be replayed later.

Packet play

Packet Play or Packet Replay is the act of sending a pre-generated or captured series of packets. Packets may come from Packet Assembly and Editing or from captured network attacks. This allows for testing of a given usage or attack scenario for the targeted network. Tcpreplay is the most common program for this task since it is capable of taking a stored packet stream in the

format and sending those packets at the original rate or a user-defined rate.

also supports send functions to replay any saved packets/pcap
Ostinato
added support for

files in version 0.4. Some packet analyzers are also capable of packet replay.

Packet decoding

Packet Decoding is the

capture Capture may refer to: *Asteroid capture, a phenomenon in which an asteroid enters a stable orbit around another body *Capture, a software for lighting design, documentation and visualisation *"Capture" a song by Simon Townshend *Capture (band), an ...

and analysis of the network traffic generated during Packet Play. In order to determine the targeted network's response to the scenario created by Packet Play, the response must be captured by a

and decoded according to the appropriate specifications. Depending on the packets sent, a desired response may be no packets were returned or that a connection was successfully established, among others. The most famous tools for that task are

Wireshark Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education. Originally named Ethereal, the project was renamed Wireshark in May 2006 du ...

and

References

External links