Re: TCP Header manipulation of the protocol field

From: Don Parker (dparker_at_rigelksecurity.com)
Date: 01/30/04

Next message: Sanjay K. Patel: "RE: Interesting challenge"

Previous message: Steve Goldsby (ICS): "RE: Interesting challenge"
Maybe in reply to: Michael Burns: "TCP Header manipulation of the protocol field"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 30 Jan 2004 16:30:08 -0500 (EST)
To: Mark Wolfgang <moonpie@moonpie.org>, Michael Burns <mburns@sp-uk.com>

Yes if all you want to do is manipulate such tcp/ip metrics like the mss/mtu/tcp_seq #s
among others then hping is for you. See the below noted tutorial on it;
http://www.security-forums.com/forum/viewtopic.php?p=43057#43057 You may also be
interested in looking at nemesis which has also been ported to win32, and will also do
some routing protocols.

Cheers

-------------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
Rigel Kent Security & Advisory Services Inc
www.rigelksecurity.com
ph :613.249.8340
fax:613.249.8319
--------------------------------------------

On Jan 30, Mark Wolfgang <moonpie@moonpie.org> wrote:

I think hping (<a href='http://www.hping.org'>http://www.hping.org>) is what you're
looking for! Not
sure if it compiles and runs under Windows though. It enables you to
modify IP, ICMP, TCP, UDP packets.

-Mark

-- 
Risk accepted by one is imposed on all
<a href='http://moonpie.org'>http://moonpie.org>
On Fri, Jan 30, 2004 at 04:08:32PM -0000, Michael Burns wrote:
> Hi Guys,
> 
> Sorry for this kind of request (well not really, not if I get the
> answer). I need to manipulate the protocol field of a TCP session to
> test for IP protocol filtering across a non-managed link. This is
> predominantly to help test/prove filtering in place when running ESP.
> 
> I simply need to get a pointer to somewhere to look up as I've hit a
> brick wall at the minute.
> 
> Predominantly the test environment will be from Windows platforms but
> can also be from Linux.
> 
> Cheers,
> 
> Mike
> 
> 
> 
> **********************************************************************
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
> 
> This footnote also confirms that this email message has been swept by
> MIMEsweeper for the presence of computer viruses.
> 
> www.mimesweeper.com
> **********************************************************************
> 
> 
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------
> 
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Sanjay K. Patel: "RE: Interesting challenge"

Previous message: Steve Goldsby (ICS): "RE: Interesting challenge"
Maybe in reply to: Michael Burns: "TCP Header manipulation of the protocol field"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]