Solved

Packet Changer

Posted on 2007-03-21
25
758 Views
Last Modified: 2013-12-07
Are there any freeware tools that can create new packets, and modify and delete packets already sent?
0
Comment
Question by:jackmcbarn
  • 10
  • 5
  • 4
  • +1
25 Comments
 
LVL 30

Expert Comment

by:pgm554
ID: 18790146
I think you can do that in Wireshark.
0
 
LVL 4

Author Comment

by:jackmcbarn
ID: 18792378
I looked and didn't see it.  Can you tell me how?
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18793770
tcpdump on linux windump on windows.

1. Capture the traffic using ethereal (wireshark).
2. Save a pcap files.
3. Edit with the above tools.

Also may I ask why do you want to do this?

Cheers,
Rajesh
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Author Comment

by:jackmcbarn
ID: 18794147
I mean "tamper with" packets as they are going over the network.  And don't forget I need a tool to create packets too.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18797435
I believe this question is going against the ethics of this site and these questions won't be answered here... Sorry...

Cheers,
Rajesh
0
 
LVL 30

Expert Comment

by:pgm554
ID: 18797880
What are you trying to accomplish?

I can see need to alter packets to test infrastructure and securiry,so give me an idea of why you want to do this.
0
 
LVL 4

Author Comment

by:jackmcbarn
ID: 18799317
I'm running some network security tests.  I know real hackers get ones they pay for.
0
 
LVL 4

Author Comment

by:jackmcbarn
ID: 18801857
No problem.
0
 
LVL 30

Assisted Solution

by:pgm554
pgm554 earned 20 total points
ID: 18802544
0
 
LVL 4

Author Comment

by:jackmcbarn
ID: 18802812
I don't have GUI access to a Linux system.  BitTwist looks good for making packets from scratch.  I'll try it out.
0
 
LVL 4

Author Comment

by:jackmcbarn
ID: 18803077
BitTwist looks pretty good, but don't forget I wanted to be able to modify packets as they were being sent.
0
 
LVL 2

Accepted Solution

by:
jaredcall earned 65 total points
ID: 18819460
Modifying packets _during_ transmission is called a man-in-the-middle attack.  

To modify packets as they're being sent, you need to modify them somewhere in the routing path of the packet.  The routing path consists of 1) the node sending the packet, 2) any routers/switches that the packet uses to travel to the destination, 3) the node receiving the packet.

In other words, imagine a bunch of people, in a line, all passing a typewritten letter from one person to another from one end of the line to the other.  You have to be one of the people in that line, grab the packet, and replace it with one of your own creation.  If you're sitting on the sidelines, yelling to everyone "Hey!  Disregard that packet!  _MY_ packet is the one you want!' you'll simply get ignored.

If you're using something like sniffer/wireshark/tcpdump to capture and then regenerate the packets, all you're doing is sending near-duplicate packets that will ultimately get dropped anyway.  You're the guy on the sidelines.

What, specifically, are you trying to test?  Are you sure it's mid-transmission alteration?  Man-in-the-middle is hard to do without direct control of hardware in the traffic flow.
0
 
LVL 4

Author Comment

by:jackmcbarn
ID: 18820454
I have access to all the hardware.
>If you're using something like sniffer/wireshark/tcpdump to capture and then regenerate the packets, all >you're doing is sending near-duplicate packets that will ultimately get dropped anyway.  You're the guy on >the sidelines.
A man-in-the-middle attack IS exactly what I'm trying to test.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18821141
Hunt is one good tool to use for testing this purpose.

Just google 'hunt tool' and go for first link.

Cheers,
Rajesh
0
 
LVL 2

Assisted Solution

by:jaredcall
jaredcall earned 65 total points
ID: 18821615
I understand that you have all the hardware.  Even so, the hardware is currently set up to actually route packets from the source to the destination.  The nature of a man-in-the-middle attack is that you intercept the packets, prevent them from going to the destination, and then send your packets instead.  

Even if you are successful in IP spoofing, or TCP hijacking, what you're doing is pretending to be someone you're not.  You're not actually transforming packets as they're being transmitted.

That may be splitting hairs, but I'm not sure if you want to simply _look_ like you're transmitting to node 2 from node 1, or actually capture traffic from node 1 that's going to node 2, alter it, and deliver it to node 2 without either node 1 or node 2 having any idea that there is a problem.  That's harder.  There may be tools out there to do it, but you'd have to either:
1 - run 2 NICs in your PC and run the tool on your PC after having put your PC in the routing path
2 - the software would successfully alter routing tables on other nodes in your network to make them think that they _needed_ to route through your PC.
0
 
LVL 4

Author Comment

by:jackmcbarn
ID: 18833436
>1 - run 2 NICs in your PC and run the tool on your PC after having put your PC in the routing path
This is what I'll probably do.  Can you give me more details?
0
 
LVL 2

Assisted Solution

by:jaredcall
jaredcall earned 65 total points
ID: 18834286
You'd have to turn your PC into a router.  Install a 2nd network card, give it a different IP address, then enable routing on your PC.  Essentially, it would go like this:

PC1:  This is the origin of the traffic you'll be intercepting and man-in-the-middle-ing.
PCrouter:  This is the PC with 2 network cards in it
PC3:  This is the destination of the traffic that PC1 started.

In other words, if PC1 is looking at a web page, PC3 is the web server.  PCrouter is the one intercepting and spoofing the traffic.

PC1:  connects to hub1 (or directly via crossover cable) where NIC1 on PCrouter is connected.
PC3:  connects to hub2 (or directly via a 2nd crossover cable) where NIC2 on PCrouter is connected.

PC1 and PCrouter's NIC1 have IP addresses of 10.0.0.1 and 10.0.0.254, respectively.  PC1's default gateway is 10.0.0.254.

PCrouter's NIC2 and PC3 have IP addresses of 172.20.1.254 and 172.20.1.3, respectively.  PC3's default gateway is 172.20.1.254.

Make sure that PC1 can access the web page on PC3.  If this doesn't work, the networking setup is incorrect.

Once PC1 can access the web page (assuming the test is to access a web page), your task is now to intercept the traffic using PCrouter and make it look like PC1 is actually requesting a different web page.  In other words:
1) PC1 requests page1.html
2) PCrouter intercepts the request, changes the request from page1.html to page2.html
3) PC3 sees the request from PC1 for page2.html (because you've had PCrouter mess with the request) and sends the content to page2.html to PC1.
4) PC1 gets the content for page2.html, having requested page1.html.

If you're running XP, you'll have to turn on "Internet Connection Sharing" but I'm not sure if that'll be enough.  See http://www.practicallynetworked.com/sharing/xp_ics/ for more details on setting up ICS.

You could always use a Live CD router bootable CD (wouldn't touch your hard drive -- all run from the CD) to run Linux as a router on your PC.  If you want to try that route, look at something like http://www.wifi.com.ar/cdrouter.html . I'm sure it's not the only one out there, but it was one of the first Google results.  :)

Have fun!

-jared
0
 
LVL 2

Expert Comment

by:jaredcall
ID: 18834289
I should note that that's how it'd work in theory.  In practice, I'm likely of no use trying to troubleshoot any interception tool you might use on PCrouter.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18834297
Granted that this is a *test attack* on the internal traffic; take a look at hunt.

Hunt works in 2 ways. 1st it poisons arp cache of the victim and the server.

Then the traffic flows through the attack pc and you don't need 2 nic cards on that.

Cheers,
Rajesh
0
 
LVL 4

Author Comment

by:jackmcbarn
ID: 18835784
I can't use Hunt.  I'm running only Windows.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18836361
One of the first thing to realize is that, you need to use linux for such tests as most of the tools are written for this OS.

As well, you could've used google to find out the ones what are written for windows specifically;

http://www.google.com/search?q=tcp+hijacking+tool+for+windows&btnG=Search&hl=en&client=opera&rls=en&hs=jbh

Cheers,
Rajesh
0
 
LVL 4

Author Comment

by:jackmcbarn
ID: 18889597
I will close.  Points split.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A few months ago I attended the Rocky Mountain IPv6 Summit which was a two-day educational event; it was the 3rd annual conference held here in Denver, Colorado that was held at the Hyatt Regency Denver at the Colorado Convention Center. It was an e…
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question