Packet crafting is the process of manually creating or editing the existing data packets on a network to test network devices. Hackers and network admins use this process to test a network, check firewall rules, find entry points and test network device’s behaviors.
Network data packets contain various information include data, source address, destination address, version, length, protocol, and few other things depending on the protocol. In packet crafting, one creates a completely new packet or edits the existing packet to change the information packet contains. Then, this packet is sent to the network to see the response of network firewall. By changing values in packet, attackers try to find the entry point in the network to intrude.
I also want to point out that “packet crafting” and “packet spoofing” are not the same thing.
Packet crafting is not a simple task for beginners. It consists of following steps:
- Packet Assembly: Creating a new network packet or capture a packet going over the wire and edit the information as per requirement.
- Packet Editing: Editing the content of an existing packet
- Packet Re/Play: Send/Resend a packet in a network
- Packet decoding: Decode and analyze the content of the packet
Tools for all these different steps are available. In this post, I will write about tools used in these steps. Few tools are step-specific while few can be used for performing all steps. You can try few or all the given tools to see how these tools work.
I will also recommend you to read our existing article on Packet Crafting. In that article, we have explained packet crafting in detail with explanation of all four steps involved. We have also shown how to use a few packet crafting tools. That article will help you to understand the packet crafting the usage of those tools. Once you understand clearly, you can read this article to see the available packet crafting tools. Some tools are very old but still work fine. Other tools are actively in development, while still others are no longer in development.
I will also recommend you to learn about network packets, packet structure of different protocols and network layers. If you do not know these things, you will not be able to understand how to do packet crafting and how the things work with these tools. For learning purposes, you must understand the basics of networking before proceeding with the list of these tools. You must know about data packets of different protocols, different fields in packets, the meaning or purpose of those packet fields, and how those packets are used in the network communication. Once you know about those things, you will be able to change those values to see desired effect in the network. So, do not try these tools without learning the previously-mentioned skills. You will end up wasting your time and effort.
Pen-Testing Training – Resources (InfoSec)
These are the 15 best but free packet crafting tools.
Hping is one of the most popular and free packet crafting tool available. It lets you assemble and send custom ICMP, UDP, TCP and Raw IP packets. This tool is used by network admins for security auditing and testing of firewalls and networks. Now this tool is also available within Nmap Security Scanner.
HPing is available for wide-range of platforms including Windows, MacOs X, Linux, FreeBSD, NetBSD, OpenBSD and Solaris.
Download Hping: http://www.hping.org/
Ostinato is an open source and cross-platform network packet generator and analyzing tool. It comes with GUI interface that makes it easy to use and understand. It supports Windows, Linux, BSD and Mac OS X platforms. You can also try using it on other platforms.
Best thing about the tool is that it supports most common standard protocols. See the list of supported protocols below
- Ethernet/802.3/LLC SNAP
- VLAN (with QinQ)
- ARP, IPv4, IPv6, IP-in-IP a.k.a IP Tunnelling (6over4, 4over6, 4over4, 6over6)
- TCP, UDP, ICMPv4, ICMPv6, IGMP, MLD
- Any text based protocol (HTTP, SIP, RTSP, NNTP etc.)
- Support to more protocol is also in work.
By using Ostinato, you can modify any field of any protocol easily. This packet crafting tool is also called complementary to Wireshark.
Download Ostinato: http://ostinato.org/
Scapy is another nice interactive packet crafting tool. This tool was written in Python. It can decode or forge packets for wide range of protocols. This makes Scapy a worth to try tool. You can perform various tasks including scanning, tracerouting, probing, unit tests, attacks or network discovery.
Download Scapy: http://www.secdev.org/projects/scapy/
Libcrafter is very similar to Scapy. This tool is written in C++ to make it easier the creation and decoding of network packets. It can create and decode packets for most of the general protocols, capture packets and match request or replies. This library was designed to me multithreaded allowing you to perform various tasks simultaneously.
Download Libcrafer: https://code.google.com/p/libcrafter/
Yersinia is a powerful network penetration-testing tool capable of performing attacks on various network protocols. If you are looking for packet crafting tools, I would like to recommend this nice tool too.
Download yersinia: http://www.yersinia.net/
packETH is another packet crafting tool. It is a Linux GUI tool for ethernet. It lets you create and send sequence of packets quickly. Like other tools in this list, it supports various protocols to create and send packets. You can also set number of packets and delay between packets. You can also configure various things in this tool.
Download packETH: http://packeth.sourceforge.net/
7. Colasoft Packet Builder
Colasoft Packet Builder is also a freeware tool for creating and editing network packets. If you are a network admin, you can use this tool to test your network against attackers and intruders. It comes for all available versions of Windows operating system.
Download Colasoft Packet Builder: http://www.colasoft.com/download/products/download_packet_builder.php
Bit-Twist is a less popular but effective tool for regenerating the captured packets in live traffic. It uses tcpdump trace file (.pcap file) for generating packets in network. It comes with trace file editor that lets you change the any specific field in the captured packet. Network admin can use this tool for testing firewall, IDS, and IPS, and troubleshooting various network problems. There are various other things for which you can try this tool.
Download Bit-Twist: http://bittwist.sourceforge.net/
Libtins is also a nice tool for crafting, sending, sniffing and interpreting network packets easily. This tool was written on C++. By using the source code, C++ developers can extend the functionality of this tool make it more powerful. It performs its task very effectively. Now, it is up to you to use this tool.
Download Libtins: http://libtins.github.io/
Netcat is also a popular tool that can read and write data in TCP or UDP network. This tool is reliable and easy to use. You can also develop other tools that can use this functionality of this tool. Best thing about the tool is that it can create almost any kind of network connection with port binding.
This tool was originally known as Hobbit and was released in 1995.
Download Netcat: http://nc110.sourceforge.net/
WireEdit is a full featured WYSIWYG network packets editor. That means, you can edit all layers of packets in a simple interface. This tool is free to use, but you will have to contact company to obtain the usage right. If you ask about the supported protocols, there is a long list. It supports Ethernet, IPv4, IPv6, UDP, TCP, SCTP, ARP, RARP, DHCP, DHCPv6, ICMP, ICMPv6, IGMP, DNS, LLDP, RSVP, FTP, NETBIOS, GRE, IMAP, POP3, RTCP, RTP, SSH, TELNET, NTP, LDAP, XMPP, VLAN, VXLAN, CIFS/SMB v1 (original), BGP, OSPF, SMB3, iSCSI, SCSI, HTTP/1.1, OpenFlow 1.0-1.3, SIP, SDP, MSRP, MGCP, MEGACO (H.248), H.245, H.323, CISCO Skinny, Q.931/H.225, SCCP, SCMG, SS7 ISUP, TCAP, GSM MAP R4, GSM SM-TP, M3UA, M2UA, M2PA, CAPWAP, IEEE 802.11, more to come.
It is a multi-platform tool. It comes for Windows XP or higher, Ubuntu Desktop and Mac OSX.
Download WireEdit: https://wireedit.com/downloads.html
12. epb – Ethernet Packet Bombardier
Epb, or Ethernet Packet Bombardier, is also a similar kind of tool but with simple working. It lets you send customized Ethernet packages. This tool does not offer any GUI, but it is easy to use.
You can read more about this tool here: http://maz-programmersdiary.blogspot.fi/2012/05/epb-ethernet-package-bombardier.html
Fragroute is a packet crafting tool which can intercept, modify, and rewrite network traffic. You can use this tool to perform most of the network intrusion attacks to check the security of your network. This tool is open source and offers command line interface to work with. It is available for Linux, BSD and Mac OS.
Download Fragroute: http://www.monkey.org/~dugsong/fragroute/
Mausezahn is a fast traffic generator tool that lets you send every possible kind of network packet. This tool is used for penetration testing of firewalls and IDS but you can decide to how to use this tool effectively in your network to find security bugs. You can also use this tool to test if your network is secure against DOS attack. Notable thing about this tool is that it give you full control over NIC card. It supports ARP, BPDU, or PVST, CDP, LLDP, IP, IGMP, UDP, TCP (stateless), ICMP (partly), DNS, RTP optionally RX-mode for jitter measurements and Syslog protocols.
Download Mausezahn: http://www.perihel.at/sec/mz/
This is EIGRP packet generator and sniffer combined. It was developed to test the security of EIGRP routing protocol. To use this tool, you need to know Layer 3 and EIGRP protocol. This tool is also an open source tool with command line interface. It is available for Linux, Mac OS and BSD platforms.
Download EIGRP-tools: http://www.hackingciscoexposed.com/tools/eigrp-tools.tar.gz
These are a few of the best free tools for packet crafting. I will recommend you to try all tools to check how these tools work. As I already mentioned, you must learn about networks, network packet layers, packet structures, headers and other necessary things before using these tools. If you know everything about these, you will be able to perform better attack and create better defenses against these attacks.
Packet crafting is one of the best ways to perform network penetration testing. You can try creating layer of security and then try again to break your own security. In this way, you will be able to prevent hackers to exploiting vulnerabilities in the security mechanism you created. Hackers always try to intrude into the internal network of companies. In recent months, we have seen so many attacks against big companies. In most of the cases, internal network hacked to access confidential information. Therefore, network security is one of the most important tasks in any business. So, learn packet crafting and learn these tools. The more you learn, the better security person you will become. All these tools are created for special purposes. You can try these tools to modify packets to test the firewall rules and break the security.
Note: We do not encourage use of these tools to test the security of a network without getting prior permission. Most businesses use proper security and tracking. If you caught attacking a network, you may be booked under cyber-crime laws in most countries. The purpose of this article make you aware of tools for learning purpose. If you use this for any illegal purpose, author or InfoSec Institute will not hold any responsibility.
If you have anything to ask or suggest, you can comment below. I hope you will find this article useful and informative.