Packet injection (also known as forging packets or spoofing packets) in

computer network A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must be connected by wired media like copper cables, optical fibers, or b ...

ing, is the process of interfering with an established network connection by means of constructing packets to appear as if they are part of the normal communication stream. The packet injection process allows an unknown third party to disrupt or intercept packets from the consenting parties that are communicating, which can lead to degradation or blockage of users' ability to utilize certain

network service In computer networking, a network service is an application running at the network layer and above, that provides data storage, manipulation, presentation, communication or other capability which is often implemented using a client–server or pe ...

s or

protocols Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...

. Packet injection is commonly used in

man-in-the-middle attack In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communi ...

s and

denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...

Capabilities

By utilizing raw sockets, NDIS function calls, or direct access to a

network adapter A network interface controller (NIC, also known as a network interface card, network adapter, LAN adapter and physical network interface) is a computer hardware component that connects a computer to a computer network. Early network interface ...

kernel mode driver, arbitrary packets can be constructed and injected into a

. These arbitrary packets can be constructed from any type of packet

protocol Protocol may refer to: Sociology and politics * Protocol (politics) Protocol originally (in Late Middle English, c. 15th century) meant the minutes or logbook taken at a meeting, upon which an agreement was based. The term now commonly refers to ...

(

ICMP The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when com ...

, TCP, UDP, and others) since there is full control over the

packet header In information technology, header is supplemental data placed at the beginning of a block of data being stored or transmitted. In data transmission, the data following the header is sometimes called the '' payload'' or '' body''. It is vital that ...

while the packet is being assembled.

General procedure

* Create a raw socket * Create an Ethernet header in memory * Create an

IP header An IP header is header information at the beginning of an Internet Protocol (IP) packet. An IP packet is the smallest message entity exchanged via the Internet Protocol across an IP network. IP packets consist of a header for addressing and rout ...

in memory * Create a

TCP header The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is common ...

or UDP header in memory * Create the injected data in memory * Assemble (concatenate) the headers and data together to form an injection packet * Compute the correct IP and TCP or UDP packet

checksums A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify data ...

* Send the packet to the raw socket

Uses

Packet injection has been used for: * Disrupting certain services (

file sharing File sharing is the practice of distributing or providing access to digital media, such as computer programs, multimedia (audio, images and video), documents or electronic books. Common methods of storage, transmission and dispersion include ...

HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...

) by

Internet service provider An Internet service provider (ISP) is an organization that provides a myriad of services related to accessing, using, managing, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, no ...

s and

wireless access point In Computer networking device, computer networking, a wireless access point (WAP) (also just access point (AP)) is a networking hardware device that allows other Wi-Fi devices to connect to a wired network or wireless network. As a standalone ...

s * Compromising

wireless access points In computer networking, a wireless access point (WAP) (also just access point (AP)) is a networking hardware device that allows other Wi-Fi devices to connect to a wired network or wireless network. As a standalone device, the AP may have a wi ...

and circumventing their security * Exploiting certain functionality in online games * Determining the presence of

internet censorship Internet censorship is the legal control or suppression of what can be accessed, published, or viewed on the Internet. Censorship is most often applied to specific internet domains (such as ''Wikipedia.org'', for example) but exceptionally may ...

* Allows for custom packet designers to test their custom packets by directly placing them onto a

* Simulation of specific

network traffic Network traffic or data traffic is the amount of data moving across a network at a given point of time. Network data in computer networks is mostly encapsulated in network packets, which provide the load in the network. Network traffic is the main ...

and scenarios * Testing of network firewalls and

intrusion detection system An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collec ...

s *

Computer network A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must be connected by wired media like copper cables, optical fibers, or b ...

auditing and troubleshooting

related issues

Detecting packet injection

Through the process of running a

packet analyzer A packet analyzer (also packet sniffer or network analyzer) is a computer program or computer hardware such as a packet capture appliance that can analyze and log traffic that passes over a computer network or part of a network. Packet capt ...

packet sniffer A packet analyzer (also packet sniffer or network analyzer) is a computer program or computer hardware such as a packet capture appliance that can Traffic analysis, analyze and Logging (computing), log traffic that passes over a computer netwo ...

on both network service access points trying to establish communication, the results can be compared. If point A has no record of sending certain packets that show up in the log at point B, and vice versa, then the packet log inconsistencies show that those packets have been forged and injected by an intermediary access point. Usually TCP resets are sent to both access points to disrupt communication.{{cite conference , url=http://www.icir.org/vern/papers/reset-injection.ndss09.pdf , title=Detecting forged TCP reset packets , last1=Weaver, first1=Nicolas , last2=Sommer , first2=Robin , last3=Paxson , first3=Vern , date=September 2009 , location=San Diego, California, USA , conference= Proceedings of the Network and Distributed System Security Symposium, NDSS 2009, 8th February - 11th February 2009

Software

* lorcon, part o
Airpwn
* KisMAC *

pcap In the field of computer network administration, pcap is an application programming interface (API) for capturing network traffic. While the name is an abbreviation of ''packet capture'', that is not the API's proper name. Unix-like systems ...

Winsock In computing, the Windows Sockets API (WSA), later shortened to Winsock, is an application programming interface (API) that defines how Windows network application software should access network services, especially TCP/IP. It defines a standar ...

* CommView for WiFi Packet Generator * Scapy * Preinstalled software on

Kali Linux Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security. The software is based on the Debian''Testing'' branch: most packages Kali uses are imported from the De ...

( BackTrack was the predecessor) * NetHunter (Kali Linux for Android) *HexInject

External links

Packet Injection using raw sockets

References

Packets (information technology)