How can I send spoofed packets in Linux

Question

In order to test a firewall, I want to send malformed packets to its interface, regardless of my routing table.

Is there a way to ask linux "send this exact tcp package, to this MAC address, regardless of any network configuration on the system"? I assume I'll need root acccess, but that's OK.

score 4 · Answer 1 · answered Sep 06 '11 at 16:06

4

I would use nmap in root, it can already send quite all advanced spoofed packets with just some flags.

answered Sep 06 '11 at 16:06

shellholic

6,215
1
20
15

score 4 · Answer 2 · answered Sep 06 '11 at 16:10

4

Scapy is commonly used tool for this purpose. It can be used for creating any kind of packets.

answered Sep 06 '11 at 16:10

snap

631
4
6

score 2 · Answer 3 · answered Sep 06 '11 at 17:14

2

hping3 gets cited as a way to do this sort of thing, without having to learn Python.

answered Sep 06 '11 at 17:14

score 2 · Answer 4 · answered Sep 06 '11 at 17:33

2

All previous answers are good, there is a number of very good tools to do that. If you want to take it a step further, writing a simple injector in C is actually quite easy.

Here is a sample of code I wrote a few years back: http://jve.linuxwall.info/ressources/code/forgetcp.c

answered Sep 06 '11 at 17:33

Julien Vehent

226
1
3

Excellent! That worked. Small thing, though, for the `-c` command line option, did you really mean `p.tcp.check = (int)optarg;` or were you thinking of using `p.tcp.check = atoi(optarg);`? – Alexis Wilke Nov 03 '22 at 17:59

How can I send spoofed packets in Linux

4 Answers4