October 14th, 2003, 04:58 PM
Packet altering ???
I want to learn TCP/Ip and interpreting the network traffic in detail. I am using couple of monitors(ethereal, netmon etc.) to watch the packets on the wire.
I want to know if there is a way i can alter the packets, e.g changret he TCP flags/options , change the ip adress stamped on the Ip packet, manually or through some software. I just want to see how these altered packets behave on the network. I am doing this on a testing enviourment strictly for learning. My ultimate goal is to get into network security.
Any suggestions/ help/ links will be appreciated. Thanks in advance.
October 14th, 2003, 05:11 PM
what OS are we running? i just did a goodle search, and the only firewalls that i found to have "mangling" were iptables, etc... check out netfilter.org
yeah, I\'m gonna need that by friday...
October 14th, 2003, 06:01 PM
You could modify those flags using something like Packet Builder from Engage Security. Download the demo here .
Also...check out Nemesis from Packet Factory
These should be able to let you do what you want.
October 14th, 2003, 06:20 PM
Thnks I will check them out.
October 14th, 2003, 07:07 PM
If you want to get into packet manipulation, then I would highly recommend Knoppix STD.
Not only does it have your sniffers, it has several programs (the ones perviously mentioned, such as nemesis) and it also has several other ones, including programs for altering data as it comes in (if I remember correctly). As well you can configure for Cable, Lan, DSL, or Dial-up very very simply and everyone can make use of a bootable linux CD. Unfortunately I don't have the link atm. Can't access google for some damned reason. Anyways I'm sure you can find it rather simply.
IT Blog: .:Computer Defense:.
(Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".