Packet Manipulation

Nemesis

Nemesis is a command-line network packet crafting and injection utility for UNIX-like and Windows systems. Nemesis, is well suited for testing Network Intrusion Detection Systems, firewalls, IP stacks and a variety of other tasks. As a command-line driven utility, Nemesis is perfect for automation and scripting.

Nemesis can natively craft and inject ARP, DNS, ETHERNET, ICMP, IGMP, IP, OSPF, RIP, TCP and UDP packets. Using the IP and the Ethernet injection modes, almost any custom packet can be crafted and injected.

Hping

Hping is a command-line TCP/IP assembler that supports TCP, ICMP, UDP and RAW-IP protocols.

also works on Unix systems, Windows, Sun and MacOS's.

See hping3 for latest info.
https://www.soldierx.com/tools/Hping-3

Nmap

Written by Fyodor of insecure.org, nmap is one of the most common and most popularly noted tools in any hackers arsenal.
It's common abilities are port scanning host on a network to determine which ports are open and which services are running.
It has a very wide feature set of determining what device is being scanned whether it's cisco, juniper, windows98, windows 2003 server, red hat, debian, suse/novell, etc...

It does support 64bit processing now, it does support ipv4 & v6, it does support tcp & udp, it does support mac, linux, bsd, solaris, windows, and a whole bunch of other operating systems that you may pray to never have to work with.
From personal experiences it runs on my ps3, so just about anything out there.

Nmap has the ability to not only obtain information about a host by querying that host, but can also obtain information about a host by querying information for it, from it's peers on the network.
By using Nmap's TCP Idle Scanning technique it has been deemed possible to bypass filters such as access list, ip tables, and intrusion prevention systems under certain circumstances.

For more information about about Nmap please go to http://nmap.org/
For more information regarding the TCP Idle scan the link is http://nmap.org/book/idlescan.html

Netcat

Netcat is a computer networking service for reading from and writing network connections using TCP or UDP. Netcat is designed to be a dependable “back-end” device that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of correlation you would need and has a number of built-in capabilities.

In 2000, according to www.insecure.org, Netcat was voted the second most functional network security tool. Also, in 2003 and 2006 it gained fourth place in the same category. Netcat is often referred to as a "Swiss-army knife for TCP/IP." Its list of features includes port scanning, transferring files, and port listening, and it can be used as a backdoor.

Some of netcat's major features are:
* Outbound or inbound connections, TCP or UDP, to or from any ports
* Full DNS forward/reverse checking, with appropriate warnings
* Ability to use any local source port
* Ability to use any locally-configured network source address
* Built-in port-scanning capabilities, with randomization
* Built-in loose source-routing capability
* Can read command line arguments from standard input
* Slow-send mode, one line every N seconds
* Hex dump of transmitted and received data
* Optional ability to let another program service established connections
* Optional telnet-options responder
* Featured tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.

Examples
Opening a raw connection to port 25 (like telnet)

nc mail.server.net 25

Setting up a one-shot webserver on port 8080 to present a file

{ echo -ne "HTTP/1.0 200 OK\r\n\r\n"; cat some.file; } | nc -l 8080

Syndicate content