Slashdot Mirror

← Back to Stories (view on slashdot.org)

Packet Generation under Linux?

Posted by michael on from the when-ping-f-isn't-enough dept.

Marcus Vollmer writes "I am looking for packet generation tools, or suggestions on how to go about writing one. I need to be able to generate ip packets with specific characteristics and send them to a network appliance, in order to simulate possible scenarios. For example, one appliance we want to test performs layer 7 operations, we want to be able to test splitting requests and responses up across multiple frames, force retransmits, and send different responses back. (eg. if the first request was split over 3 frames, we might want to send a reset and have the client retransmit using only 2 frames). I doubt there are any existing tools to do this, but we were thinking of writing a series of tools using netfilter, and placing a linux box between the client and the appliance running these filters to alter the packets. If there are existing tools to do this thats great, if not, any pointers and resources would be great. There is a good article in the Linux Journal (Feb and March issues), along with the information at netfilter.org, but we would be interested in hearing any ideas and suggestions from the slashdot community."

19 comments

  1. SendIP by MadCamel · · Score: 5, Informative

    SendIP seems to be just what you are looking for:
    http://www.earth.li/projectpurple/progs/send ip.htm l

    Nemesis is also pretty good. There are a variety of "human IP stack" type tools available. I can also reccommend the Net::RawIP PERL module, if you are PERL literate.

  2. You will find LCRZO useful by jquiroga · · Score: 5, Informative

    LCRZO is a network library to do exactly what you need. You can find it here.

    Quoting from Laurent's website:

    Lcrzo is a network library, for network administrators and network hackers.
    Its objective is to easily create network programs. This library provides network functionnalities for Ethernet, IP, UDP, TCP, ICMP, ARP and RARP protocols. It supports spoofing, sniffing, client and server creation. Furthermore, lcrzo contains high level functions dealing with data storage and handling. Using all these functions, you can quickly create a network test program.

    The library lcrzo provides :
    + network functionnalities :
    - address conversion
    - packet encoding/decoding/printing
    - spoofing
    - real/virtual UDP/TCP clients/servers
    - sniffing
    - device(network board) dealing
    - etc.
    + and general functionnalities :
    - data conversion
    - chained list
    - IPC
    - etc.

  3. Check CPAN by grundy · · Score: 5, Informative

    Net::RawIP is pretty awesome, and perl is good for throwing test tools together quick.

  4. LibNet, the packet assembly library by Gruturo · · Score: 5, Informative

    As the subject says. Used as a "packet assembly line", it has any sorts of packet generation facilities. libnet.sf.net

    --

    Vacuum cleaners suck. Kings rule.
  5. Don't let Steve Gibson hear you! by SuiteSisterMary · · Score: 3, Funny

    Don't you know that Steve Gibson, the WORLDS GREATEST HACKER! has decreed that only criminals have need to create their own packets?! For shame! (yes, this is full of sarcasm and contempt directed towards Steve Gibson. Follow the second link. The man is the Jerry Springer of the Internet.)

    --
    Vintage computer games and RPG books available. Email me if you're interested.
    1. Re:Don't let Steve Gibson hear you! by Bishop · · Score: 2

      Man that guy is full of himself. His site was booted of the Internet by the "next generation DOS". He claims that the next generation of DOS is the Distributed Reflection DOS. Just because he hasn't seen one before doesen't make it new, or the next generation. It isen't even that great as the attackers needs almost as much bandwidth as the target.

    2. Re:Don't let Steve Gibson hear you! by Anonymous Coward · · Score: 0
      This reminds me of a press conference Colin Powell (sp?) gave back during the Gulf War. He talked briefly and directly about the issues in the war, and pointed out the most important details.

      One reporter came back, and asked him if he could give details on a specific report that was put out that morning, and Powell gave a brief comment on it. The reporter was not interested in the response, so decided to needle Powell about some additional technical detail in the report...implying that Powell was hiding something.

      "Oh, you want the details?" Powel responded, and proceeded to give all the details on the one report -- no explanation, no attempts at making it easy to grasp, lots of inside-lingo and technical terms, just the facts as stated in the report.

      The reporter stammered that that wasn't what he was looking for so Powell said "Then don't ask a detailed question if you don't want a detailed answer!"

      I know Steve. Not well. Not as a friend. But well enough to know that while he does grandstand, he is unyeilding, he is arogant, he is no dummy.

      He is attempting to make technology issues simple for _his_audience_ (Windows users). He is trying to promote his work using marketing-style speak. He is interested in guiding users who have no chance of knowing what the technical issues are. He attempts to make them understand a small segment of the issue -- but is not interested in making them tune out when it gets too deep.

      In his case, he often intentionally picks a perspective that might be technically wrong if he can get a positive output from it.

      You might not like this emphasis or his tactics. You might think that he is weak technically because he couldn't stop the DOS attacks on his own systems, but it doesn't make him stupid. If you want to go toe-to-toe with Steve on any of these issues, go for it. I know where my money would be even if you both limit yourself to the technical issues. Just let the /. community know if you challenge him and what his response is. I'd like to see it myself.

  6. libnet and libpcap by little_fluffy_clouds · · Score: 2, Informative

    This has to be the best place to start: libnet homepage. This pagehas all the info and links you need.

    --
    What were the skies like when you were young?
  7. Here's the link you need by Anonymous Coward · · Score: 0, Troll

    try doing your own research, you lazy fuck

  8. How to Rewrite Packets? by CaptCosmic · · Score: 2, Interesting

    I have a related Question. I have the need to not only send packets with specific IP headers, I need to generate these headers by rewriting incoming packets.

    Where can I find information on such a task?

    --
    -> Capt Cosmic <-
    1. Re:How to Rewrite Packets? by Anonymous Coward · · Score: 0

      here.

    2. Re:How to Rewrite Packets? by CaptCosmic · · Score: 1

      Thanks for the worthless reply, but I've already done that. I am smart enough to ask Google before I ask Slashdot. After all, Google gives more accurate answers. (As evidenced by this inane reply.)

      --
      -> Capt Cosmic <-
    3. Re:How to Rewrite Packets? by LinuxGeek8 · · Score: 2

      What exactly do you want to rewrite?

      You can use iptables with PREROUTING, to rewrite the destination ip.
      Maybe you can even change more things with it (?), but I'm not sure about that.

      --
      Well, don't worry about that. We can get you back before you leave. (Dr. Who)
    4. Re:How to Rewrite Packets? by Anonymous Coward · · Score: 0

      Dude, the above poster was trying to help you out. You don't deserve a reply if you're going to bite the hands that feed you.

      Pity.

  9. Nemesis by mirabilos · · Score: 1

    On OpenBSD we have Nemesis in the ports tree,
    which can generate "raw" packets of nearly any
    flavour. I am sure it runs under Linux, too.

    --
    My Karma isn't excellent, damn it! (And /. still does not get UTF-8 right in 2012. Wow.)
  10. Try Rain by Anonymous Coward · · Score: 0

    check freshmeat.net for it.