Packet Crafting with Colasoft Packet Builder

In this tutorial we are going to discuss Packet Crafting by using a great tool Colasoft packet builder which is quite useful in testing strength of Firewall and IDS and several servers against malicious Flood of network traffic such as TCP and UDP Dos attack. This tool is very easy to use especially for beginners.

Packet crafting is a technique that allows network administrators to probe firewall rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behavior, instead of using existing network traffic. Testing may target the firewall, IDS, TCP/IP stack, router or any other component of the network. Packets are usually created by using a packet generator or packet analyzer which allows for specific options and flags to be set on the created packets. The act of packet crafting can be broken into four stages: Packet Assembly, Packet Editing, Packet Play and Packet Decoding.

For more detail visit Wikipedia.org

Mode of Operation

Packet Assembly: It is the initial state of packet crafting where tester needs to decide the network that can be compromise easily by creating a packet which can exploit the network by shooting its vulnerability. The packet should be design in a manner that it maintains its ability to being undetectable in target’s network.

Famous Tools for Packet Assembly are: Hping3 and Yersinia   

Packet Editing: In this stage captured packet is edited or modified which cannot be possible to do in Packet Assembly phase. In this phase packet is edited in a manner that it can dump more and more information of target’s network by making small amount of change in it. For example change data length (payload) of packets.

Famous Tool of packet Editing: Colasoft and Scapy   

Packet Playing: In this phase when packet is ready to launch then it sends to target’s network for exploiting its network and collect the information. This is the actual arena where above both actions is tested and if packet is failed to complete its goal of retrieving victim’s information or exploit its vulnerability then again the packet send back to Packet Editing phase for modification.

Packet Analysis: This is the last stage where packet is analysis when it received on targeted network. The captured packet is decoded for further investigating for retrieving its internal details which can speak up its goal for establishing connection on target’s network.

Famous Tool of Packet Analysis: wireshark and Tcpdump

Colasoft Packet Builder enables creating custom network packets; users can use this tool to check their network protection against attacks and intruders. Colasoft Packet Builder includes a very powerful editing feature. Besides common HEX editing raw data, it features a Decoding Editor allowing users to edit specific protocol field values much easier.

Users are also able to edit decoding information in two editors – Decode Editor and Hex Editor. Users can select one from the provided templates Ethernet Packet, ARP Packet, IP Packet, TCP Packet and UDP Packet, and change the parameters in the decoder editor, hexadecimal editor or ASCII editor to create packets. Any changes will be immediately displayed in the other two windows. In addition to building packets, Colasoft Packet Builder also supports saving packets to packet files and sending packets to network.

From:  http://www.colasoft.com/packet_builder/

Let’s start!!!

TCP Packet Crafting

You can download it from above given link, once it get downloaded then run the applictaion as administrator to begin with crafting various Packets. As I had example above a packet crafting involves 4 phases, lets  start it by adding the packet which we will craft for testing our newtork.

Click on ADD given in menu bar.

A small window will pop up to select mode of IP packet to be crafted. Here we are going to choose TCP packet for crafting for example by increasing the size of the packet or by sending the individual flag of the Tcp Protocol to the destination IP address. Well if you will notice given below image then you will observe that I had set delta time 0.1 sec as time elapse for flow of traffic for all crafted packets. The delta time is the time gap between the each packet.

Window is categories into three phases as Decode Editor, Hex Editor and packet List. From given image you can observe following information which I had edited for TCP packet

Decode Editor: This section contains packet information such as protocol, Time to live and etc. Here you need to add source address responsible for sending packet and then add destination address which is responsible for receiving incoming packet traffic.

Source address: 192.168.1.102

Destination address: 192.168.1.107

Hex Editor:  This section displays the raw information (Hexa decimal) releated to the data size of the packet. By typing random string you can increase the size of the packet.

Packet size: 77 bytes

This phase is also known as Packet Editing mode where we can modify our packet.

Packet List: It displays complete information of your packet which contains source address, destination address, time to live and and other information which we had edited.

Click on Adpter  given in the menu bar to select specific adpter from which packets will be sent. From given below image you can observe it, it showning adapter status: LAN Operational.

Note: It is only availabe when you have run the application as adminsitrator.

Click on Send option from menu bar and enable the check box for “Burst Mode” and “Loop sending” and adjust the number of packets to be sent to the Destination Network and the delay time gap between the each packets.

Then click on start to send the TCP packets. This phase is know as Packet playing mode where are ready to sent packet on target netwok.

Using wireshark we can capture packet and traffic between source and destination. So here you can perceive that infinite TCP packet is being transferring to target’s network. This phase is known as packet analysis mode where sent packet is sniff or analysis for identifying sender objectives behind sending the packet.

ARP Packet Crafting

Again repeat the same to choose ARP packet for crafting Packet for ARP protocol on target’s network. Well if you will notice given below image again then you will observe that I had set same delta time 0.1 sec.

Apart from editing source and destination IP here we need to add source and destination physical address also.

Hence this time I had set below information in decoder Editor and Hex editor.

Source MAC: AA:AA:AA:AA:AA:AA

Source address: 192.168.1.102

Destination MAC: BB:BB:BB:BB:BB:BB

Destination address: 192.168.1.107

Packet size: 78 bytes

You can use any method to find destination MAC address.

After editing your packet information verifies that changes through packet list given on right side of window before sending the packet. If you notice given image below then you can read the summary where it is show broadcasting ARP message who is 192.168.1.107?

Click on Adpter  given in menu bar to select specific adpter for network selection. From given below image you can observe it  showning adapter status: LAN Operational.

Click on Send option from menu bar and enable the check box for “Burst Mode” and “Loop sending” and adjust the number of packet to be sent to the Destination network according to your wish.

Then click on start to launch sending process of ARP packet. This action is known as Packet playing.

 

From the given image below you can observe the continue ARP packet making request for who is 192.168.1.107, which meaning our packet playing is gives positive result. From wireshark target is able to analysis the goal of packet received from sender’s network.

 

IPv4 Packet Crafting 

Again repeat the same process to choose IP packet for crafting Packet for IPv4 protocol on target’s network. Again if you will notice given below image again then you will observe that I had set same delta time 0.1 sec.

This time I had set below information in decoder Editor and Hex editor for Editing Packet.

Source address: 192.168.1.102

Destination address: 192.168.1.107

Packet size: 71 bytes

After editing your packet information verifies that changes through packet list given on right side of window before sending the packet.

Click on Adpter  given in menu bar to select specific adpter for sending the packet. From given below image you can observe it  showning adapter status: LAN Operational.

Click on Send option from menu bar and enable the check box for “Burst Mode” and “Loop sending” and adjust the number of packet to be sent to the Destination network according to your wish.

Then click on start to send the IPv4 packet.

You can clearly observe in given below image the flow of traffic of IPv4 packets from senders network to Receivers network in packet analyzing mode.

UDP Packet Crafting

Again repeat the same to choose UDP packet for crafting UDP Packet. If you will notice given below image then you will observe that again I had set delta time 0.1 sec as time elapse for flow of traffic for all packets.

This time I had Editied below information in decoder Editor and Hex editor for desigining my packet.

Source address: 192.168.1.102

Destination address: 192.168.1.107

Packet size: 72 bytes

After editing your packet information verifies that changes through packet list given on right side of window.

Click on Adpter to select specific adpter for sending the packets. From given below image you can observe it  showning adapter status: LAN Operational.

Click on Send option from menu bar and enable the check box for “Burst Mode” and “Loop sending” and adjust the number of packet to be sent to the Destination network according to your wish.

Then click on start button to sending the crafted UDP packet.

You can clearly observe in given below image the flow of traffic of UDP packets from senders network to the Receivers network.

Hence in this tutorial we tried to explain all for mode of operation of crafting a packet for testing a network using colasoft and wireshark.

AuthorRahul Virmani is a Certified Ethical Hacker and the researcher in the field of network Penetration Testing (CYBER SECURITY).    Contact Here

Related Posts Plugin for WordPress, Blogger...

Leave a Reply