Penetration Testing mailing list archives

Re: TCP Header manipulation of the protocol field

From: "Don Parker" <dparker () rigelksecurity com>
Date: Fri, 30 Jan 2004 16:30:08 -0500 (EST)

Yes if all you want to do is manipulate such tcp/ip metrics like the mss/mtu/tcp_seq #s 
among others then hping is for you. See the below noted tutorial on it;
http://www.security-forums.com/forum/viewtopic.php?p=43057#43057 You may also be 
interested in looking at nemesis which has also been ported to win32, and will also do
some routing protocols. 

Cheers 

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------

On Jan 30, Mark Wolfgang <moonpie () moonpie org> wrote:

I think hping (<a href='http://www.hping.org&apos;>http://www.hping.org</a>) is what you're 
looking for!  Not
sure if it compiles and runs under Windows though.  It enables you to
modify IP, ICMP, TCP, UDP packets.  

-Mark

-- 
Risk accepted by one is imposed on all
<a href='http://moonpie.org&apos;>http://moonpie.org</a>

On Fri, Jan 30, 2004 at 04:08:32PM -0000, Michael Burns wrote:

Hi Guys,

Sorry for this kind of request (well not really, not if I get the
answer). I need to manipulate the protocol field of a TCP session to
test for IP protocol filtering across a non-managed link. This is
predominantly to help test/prove filtering in place when running ESP.

I simply need to get a pointer to somewhere to look up as I've hit a
brick wall at the minute.

Predominantly the test environment will be from Windows platforms but
can also be from Linux.

Cheers,

Mike



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************


---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

TCP Header manipulation of the protocol field Michael Burns (Jan 30)
- Re: TCP Header manipulation of the protocol field Mark Wolfgang (Jan 30)
  - Re: TCP Header manipulation of the protocol field Ranjeet Shetye (Jan 30)
    - Re: TCP Header manipulation of the protocol field Vladimir Parkhaev (Jan 31)
- <Possible follow-ups>
- Re: TCP Header manipulation of the protocol field jvfields (Jan 30)
- Re: TCP Header manipulation of the protocol field Don Parker (Jan 30)