Packet Manipulation


SnmpWalk is a part of the Net-Snmp toolkit, these tools are used to enumerate and perform other information gathering related to snmp.

Traffic IQ Pro

Unrivalled functionality and simplicity combine to provide a highly configurable solution for assessing, auditing and enhancing the recognition and response capabilities of network based intrusion detection and prevention systems.

*Works only on Windows


An easy to use mac address spoofing utility

Session Thief

Session Thief is a session hijacking tool.

T50 Sukhoi PAK FA Mixed Packet Injector

a tool designed to perform "Stress Testing". It is a powerful and an unique packet injection tool, that is capable of:
1. Send sequentially (i.e., ALMOST on the same time) the following protocols:
- ICMP: Internet Control Message Protocol
- IGMP: Internet Group Management Protocol
- TCP: Transmission Control Protocol
- UDP: User Datagram Protocol

2. Send an (quite) incredible amount of packets per second, making it a “second to none” tool:
- More than 1,000,000 pps of SYN Flood (+50% of the network’s uplink) in a 1000BASE-T Network (Gigabit Ethernet).
- More than 120,000 pps of SYN Flood (+60% of the network’s uplink) in a 100BASE-TX Network (Fast Ethernet).

3. Perform “Stress Testing” on a variety of network infrastructure, network devices and security solutions in place.

4. Simulate Denial-of-Service attacks, validating the Firewall rules and Intrusion Detection System/Intrusion Prevention System policies.


FPipe v2.1 - Port redirector.

FPipe is a source port forwarder/redirector. It can create a TCP or UDP stream with a source port of your choice. This is useful for getting past firewalls that allow traffic with source ports of say 23, to connect with internal servers.

Usually a client has a random, high numbered source port, which the firewallpicks off in its filter. However, the firewall might let Telnet traffic through. FPipe can force the stream to always use a specific source port, in this case the Telnet source port. By doing this, the firewall 'sees' the stream as an allowed service and let's the stream through.

FPipe basically works by indirection. Start FPipe with a listening server port, a remote destination port (the port you are trying to reach inside the firewall) and the (optional) local source port number you want. When FPipe starts it will wait for a client to connect on its listening port. When a listening connection is made a new connection to the destination machine and port with the specified local source port will be made - creating the needed stream. When the full connection has been established, FPipe forwards all the data received on its inbound connection to the remote destination port beyond the firewall.

FPipe can run on the local host of the application that you are trying to use to get inside the firewall, or it can listen on a 3rd server somewhere else.

Say you want to telnet to an internal HTTP server that you just compromised with MDAC. A netcat shell is waiting on that HTTP server, but you can't telnet because the firewall blocks it off. Start FPipe with the destination of the netcat listener, a listening port and a source port that the firewall will let through. Telnet to FPipe and you will be forwarded to the NetCat shell. Telnet and FPipe can exist on the same server, or on different servers.



"The goal of Xplico is extract from an Internet traffic capture the applications data contained.
For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT)."

In a nut shell, it's like Wireshark on crack. Rather than digging through the individual packets and putting them back together this will dissect and parse the individual protocols and traffic back out to human readable. Anyone who has ever reassembled emails like this can vouch for the pita it is.

Anyone who works in a industry where captures live from the wire, or from cap file can see the use and abuse of such a product. You can select specific dissectors for the traffic of interest.

I found a good bit of info on configuring this at the link below.

I'd highly advise checking out some screen shots at the following link, the interface is very nice. I like the geomap!


Arping is an ARP level ping utility. It's good for finding out if an IP is taken before you have routing to that subnet. It can also ping MAC addresses directly.


Amap has been designed to correlate the applications that are running on a specific port or ports residing on a host. Amap does this by connecting to the port ( s ) and sending packets that will hopefully trigger an automatic response in reply. These packets typically encompass a standard attempt by an application to carry out a handshake between both hosts. A lot of network daemons only respond to when a connection is attempted utilising an appropriate handshake (i.e. SSL). Amap then correlates this response with its in-built library and verbosely prints to screen.


An unusually fast stateless network service and topology discovery system
Scanrand is a stateless host-discovery and port-scanner similar in design to Unicornscan. It trades off reliability for amazingly fast speeds and uses cryptographic techniques to prevent attackers from manipulating scan results. This utility is a part of a software package called Paketto Keiretsu, which was written by Dan Kaminsky. Scanrand and Paketto are no longer actively maintained, but the latest released version can still be found at DoxPara.Com.

Syndicate content