Thread: Packet Spoofing using Libnet (Issue)

  1. #1
    Registered User
    Join Date
    Jan 2012
    Posts
    13

    Packet Spoofing using Libnet (Issue)

    I am doing packet spoofing but getting an issue.

    I am capturing packet using SOCK_RAW, working with the TCP packets. doing Ethernet spoofing or just packet spoofing using LIBNET.

    1 - Used RAW socket to start Sniffing
    2 - When receive packet with SYN flag
    - - then send a packet with SYN+ACK flags to complete second way of handshake of TCP connection
    - - it is desirable that the receiver of the SYN+ACK packet must reply with an ACK packet to complete the handshake, but it is rather sending RESET flagged packet.

    I am using following functions of Libnet in given order

    libnet_init();
    libnet_build_tcp_options();
    libnet_build_tcp();
    libnet_build_ipv4();
    libnet_build_ethernet();
    libnet_write();
    libnet_destroy();

    I am using temporary window size say it 500 in libnet_build_tcp(), while I am using some the string "\003\003\012\001\002\004\001\011\010\012\077\077\ 077\077\000\000\000\000\000\000" as tcp options in libnet_build_tcp_options().

    Please tell where the problem is

  2. #2
    Registered User
    Join Date
    Dec 2011
    Posts
    795
    It's not spoofing, it's just forging the packets. I've done similar things before (only without Libnet, just crafting the packets manually).

    Either way, post your code or we can't help.

    EDIT: RAW sockets don't usually work for ethernet header modification. Unless you use a PF_PACKET (linux) or BPF (mac) socket, the ethernet header will already be there.

  3. #3
    Registered User
    Join Date
    Jan 2012
    Posts
    13

    Code Issue

    I have tried this using two ways:

    1-libnet
    2-bsd socket i.e. sendto() function.

    the problem still lies, I am not receiving the ACK flagged packet after sending the SYN+ACK packet.

    the two codes are attached, the second code is rough i.e. too much unnecessary thing in there, I was just testing that, just get the main idea
    Attached Files Attached Files

  4. #4
    Registered User
    Join Date
    Dec 2011
    Posts
    795
    I haven't seen the entire code, but there's two things that look problematic:

    Code:
    ip.ip_src.s_addr = inet_addr("172.17.13.90");
    Using your external IP is a bad idea for two reasons: it's likely to change, and it doesn't work. Instead, use your local IP (and ioctls to find it), and then your router will convert it into the external IP.

    Code:
    if ((size_Buffer = recvfrom(SOCK_RAW, Buffer, MAX_BUFFER_SIZE, 0, NULL, NULL)) < 0){
    You're not receiving from the socket, you're receiving from SOCK_RAW, which isn't anything. Instead, pass the socket.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. How to get packet IP?
    By leetow2003 in forum Linux Programming
    Replies: 6
    Last Post: 07-11-2011, 11:28 AM
  2. bandwidth issue / network issue with wireless device communication
    By vlrk in forum Networking/Device Communication
    Replies: 0
    Last Post: 07-05-2010, 11:52 PM
  3. What libnet libraries to include with compile?
    By failure_to in forum C Programming
    Replies: 3
    Last Post: 06-16-2004, 06:42 AM
  4. TCP/IP packet run-together-ing
    By ygfperson in forum A Brief History of Cprogramming.com
    Replies: 8
    Last Post: 02-10-2003, 04:42 PM