Using Packet Crafting Tools for Stress and Penetration Testing — Cisco Security Devices

Within most of my Cisco Security classes students get the opportunity (some for the first time!) to use packet crafting tools to probe the simulated real-world networks in the remote labs environment. This post illustrates four of the more popular choices as well as provide examples of where they might best be used. These tools can be used both to probe for weaknesses on switches and routers by spoofing actual device-to-device protocols as well as simulation of a denial-of-service (DoS) attack.

A popular collection of tools and exploits can be found in version 5 of the BackTrack Linux distribution. Included in this distribution is a utility suite that’s especially useful in identifying OSI Layer 2 switching vulnerabilities known as Yersinia, an impressive collection of possible exploits including Spanning Tree manipulation, Cisco Discovery Protocol snooping, Dynamic Trunking Protocol spoofing, and others.

While the Yersinia exploits are bundled in the package with limited options, two other command line tools allow for a wide range of network packet field customizations. Hping can be run under both Windows and Linux. Originally developed to implement an Idle Scan, its functionality was expanded to include many options. As this guide shows, hping can be used as a port scanner, a traceroute network discovery tool, as a simulator of  DoS, an IP spoofing tool, and even as an IPS signature triggering tool!

The third packet crafting tool I want to discuss here is undoubtedly the newest of the lot and is called Scapy. I learned of this by way of a member of the United States Army during a recent training class. This utility is best implemented in Linux with Python in order to more fully visualize the format of the packet to be “crafted”. Once more, some excellent on-line documentation exists which can be found here. As this extensive resource indicates, Scapy has not only the capability for developing customized network “injection” executables, but it also has the ability to utilize a state-dependent automation which could actually simulate the operation of a network protocol!

In this article

Join the Conversation