Packet Crafting help

[pg94]

I have been tasked with helping develop a packet crafter for a project. Long story short, I have create a packet crafter, explain how it works, and present it to a few professors. From my understanding packet crafting is like MAC spoofing and IP spoofing combined. The basic idea is to take in packets, modify them, send them back out. But appearing that the packets are coming from a different location. I've just started my research but if anyone has any useful links and tips, I'd appreciate your help.

My first question is how would I start creating one?

2) What would be the best language to use?

3) Any suggestions for software?

Thanks!

(If my understanding of the topic is incorrect or off somewhat please correct me but like I mentioned I'm in the early stages of research.) As I progress with this project I will upload my results.

[no42]

Python & Scapy - is good for creating/manipulating packets

Ettercap can manipulate packets based on a series of filters.

Not sure if Netdude can do what you want, but you could capture with wireshark, modify with netdude, and resend with tcp-relay

[Guest spazi]

I'm not really that much into packet crafting, but maybe this can help?

http://www.tech-juice.org/2011/06/18/packet-crafting-on-linux-using-scapy/

http://www.scs.ryerson.ca/~zereneh/cn8001/CN8001-PacketCraftingUsingScapy-WilliamZereneh.pdf

[pg94]

Would I create a UDP server? Then within that add code for specific tasks?

[cooper]

Look at any given piece of software intended to perform a Man In The Middle attack. It eavedrops data from someone and then sends it on, as-is, to its intended recipient. From that point on all you have to do is make it do something a bit more interesting than just 'send on'. Hand-crafting packets means you need to know about an Ethernet, IP, TCP, UDP and, yes, C as in the language. There may be some higher-level language that can also mangle a packet, but what you're doing is just shy of chiseling electrons out of a network cable. It doesn't get much lower level than this. And if you want low level, you're talking C or ASM, pure and simple.

Look at Wireshark. Let it trace some bit of communication you generate. See what it records. Understand what the various bit fields mean. Know what you can change and what would require some work to change (like the need to take checksums into account). Do you know what you _want_ to change? Just the originating address? If so, where in the packet is it? How do you ensure you get it and not the intended recipient?

Think the process through. Draw a diagram with the current flow of information. Decide how you intend to influence this. From this you can determine what information flows you must intercept and what you'll do with them (and, most importantly, WHY you want to do just that in just that way) at which point you can start working out just how you can manouver your hardware in such a way that you do in fact intercept those flows.

How much of this did you work out already?

Edited April 21, 2014 by Cooper

[pg94]

We've haven't meet up as a group anymore, the club isn't meeting anymore due to lack of organization. Currently I am entering exam week and am going to focus on those but this will be my project for this summer. Thanks for all the help guys! Sorry for such a late reply!