Hubbry Logo
Packet injectionPacket injectionMain
Open search
Packet injection
Community hub
Packet injection
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Packet injection
Packet injection
Packet injection
View on Wikipedia
from Wikipedia

Packet injection (also known as forging packets or spoofing packets) in computer networking, is the process of interfering with an established network connection by means of constructing packets to appear as if they are part of the normal communication stream. The packet injection process allows an unknown third party to disrupt or intercept packets from the consenting parties that are communicating, which can lead to degradation or blockage of users' ability to utilize certain network services or protocols. Packet injection is commonly used in man-in-the-middle attacks and denial-of-service attacks.

Capabilities

[edit]

By utilizing raw sockets, NDIS function calls, or direct access to a network adapter kernel mode driver, arbitrary packets can be constructed and injected into a computer network. These arbitrary packets can be constructed from any type of packet protocol (ICMP, TCP, UDP, and others) since there is full control over the packet header while the packet is being assembled.

General procedure

[edit]

Uses

[edit]

Packet injection has been used for:

Detecting packet injection

[edit]

Through the process of running a packet analyzer or packet sniffer on both network service access points trying to establish communication, the results can be compared. If point A has no record of sending certain packets that show up in the log at point B, and vice versa, then the packet log inconsistencies show that those packets have been forged and injected by an intermediary access point. Usually TCP resets are sent to both access points to disrupt communication.[2][3][4]

Software

[edit]

See also

[edit]
[edit]

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Packet injection

View on Grokipedia
from Grokipedia
Packet injection is a networking technique in which custom-crafted data packets are deliberately transmitted into an active network to alter, intercept, or analyze communications, often bypassing standard protocol validations. Commonly employed in adversarial contexts, it enables disruptions such as forging TCP reset packets to terminate sessions or injecting spoofed traffic to overload controllers in software-defined networks (SDNs). While capable of legitimate applications like protocol fuzzing and in controlled environments, its primary notoriety stems from exploits including denial-of-service attacks and unauthorized access facilitation, as demonstrated in networks where injected packets accelerate encryption key recovery. Defenses typically involve , via , and protocol hardening, though off-path injection vulnerabilities persist due to inherent TCP/IP assumptions about packet authenticity.

Fundamentals

Definition and Core Principles

Packet injection is a technique in computer networking whereby custom data packets are crafted and transmitted into a network, typically to interfere with established connections, simulate , or test protocol behaviors. This process enables the insertion of forged packets that mimic legitimate communications, often by spoofing source addresses or headers to evade standard filtering. At its core, packet injection operates by bypassing the operating system's standard network , which normally handles packet assembly and transmission automatically. Instead, it requires direct access to the network interface, commonly achieved through raw sockets—specialized interfaces that permit applications to construct packets from raw binary data, including full control over headers such as Ethernet, IP, and transport-layer (e.g., TCP or UDP) fields. The sender must manually compute checksums and other integrity fields to ensure the injected packets appear valid to recipients and intermediate devices. Key principles include precise header manipulation to align with protocol specifications, enabling effects like connection termination via spoofed TCP reset packets or traffic flooding for denial-of-service. Success depends on the injector's proximity to the target , as physical or link-layer access (e.g., via wireless adapters in ) may be necessary to overcome and barriers. Limitations arise from hardware constraints, such as support for raw transmission, and potential detection through anomalies in packet timing or sequence numbers.

Historical Development

The foundational capability for packet injection emerged from advancements in operating system support for low-level network access, particularly the introduction of raw sockets in the Berkeley Software Distribution (BSD) Unix version 4.2, released on August 5, 1983. Raw sockets provided applications with direct control over IP headers and payloads, bypassing the kernel's transport-layer processing to construct and transmit arbitrary packets on shared-medium networks like Ethernet. This interface, part of the broader Berkeley sockets API integrated with the TCP/IP stack, enabled initial experimentation in network protocol testing and diagnostics, though early uses were limited by hardware constraints and lack of specialized software. By the late 1980s, packet capture tools laid groundwork for injection techniques, with —developed by , Craig Leres, and Steven McCanne at —first released around 1988 to analyze traffic via promiscuous-mode interfaces. The subsequent development of libpcap in the early 1990s (with initial versions circa 1994) extended this to a portable library supporting both capture and transmission of raw packets through functions like pcap_sendpacket, facilitating injection in user-space applications across systems. These tools democratized access to packet manipulation, supporting early security research into protocol weaknesses, such as IP spoofing demonstrations in academic and labs during the ARPANET-to-Internet transition. The 1990s saw proliferation of dedicated packet crafting utilities, exemplified by hping, released in 1997 by Salvatore Sanfilippo as an enhancement to ICMP echo requests with customizable TCP, UDP, and IP options for firewall probing and denial-of-service testing. In wireless networking, packet injection gained prominence with the Linux AirJack driver in 2001, which exploited Prism chipset vulnerabilities to enable 802.11 frame injection, pivotal for auditing WEP encryption flaws and catalyzing security standards like WPA. These milestones shifted packet injection from niche diagnostics to a core method in penetration testing, though widespread malicious exploitation, such as ISP-level forging for (e.g., Comcast's 2007 interference), highlighted regulatory scrutiny over network neutrality.

Technical Mechanisms

Packet Construction and Injection Procedure

Packet construction begins with defining the packet's structure according to the OSI model's relevant layers, typically encompassing the (e.g., Ethernet), network (IP), and (TCP or UDP) headers, along with an optional application-layer . The Ethernet header specifies source and destination MAC addresses, ensuring the frame reaches the intended network interface, while the includes fields such as version (IPv4 or ), source and destination IP addresses, protocol type, time-to-live (TTL), and length. Transport headers follow, with TCP requiring sequence numbers, acknowledgment numbers, flags (e.g., , ACK, ), and window size for connection management, or UDP using simpler source/destination ports and length fields. data, if any, is appended last, often padded to meet minimum frame sizes like 46 bytes for Ethernet. Checksum calculations are essential for integrity validation: the checksum is computed over its own fields excluding options, using one's complement arithmetic, while TCP or UDP checksums cover a pseudo-header (including IP addresses, protocol, and length) plus the transport header and . Incorrect checksums result in packet drops by receiving devices adhering to protocol standards, as verified in implementations like processing. Headers must align protocol-specific byte orders (network byte order, big-endian) to avoid misinterpretation. Construction can be manual via memory allocation and field population in languages like , or automated using libraries, but raw manual crafting allows precise manipulation of fields like TTL for simulation or malformed options for testing. Injection requires elevated privileges, typically root access on Unix-like systems, to create a raw socket via system calls such as socket(AF_INET, SOCK_RAW, IPPROTO_RAW) for IP-level injection or socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)) for link-layer control, bypassing the kernel's standard . The fully assembled packet is then transmitted using sendto() or sendmsg(), specifying the target interface (e.g., via struct sockaddr_ll for packet sockets) and ensuring the network interface is in a suitable mode, such as promiscuous for capturing ambient traffic or for wireless injection via drivers like those supporting 802.11 injection frames. On Windows, similar functionality uses Winsock's WSAIoctl for raw IP packets, though with restrictions post-SP2 updates limiting non-admin spoofing. Successful injection confirms via tools monitoring the wire, as kernel buffering or driver limitations can cause silent failures if rates exceed hardware capabilities, such as 1 Gbps Ethernet limits.

Capabilities, Techniques, and Limitations

Packet injection enables the transmission of forged or modified network packets, facilitating capabilities such as source address spoofing, protocol anomaly testing, and disruption of ongoing communications without legitimate . This allows attackers or testers to simulate network faults, probe for vulnerabilities in intrusion detection systems, or execute denial-of-service by overwhelming targets with malformed . In environments, it supports deauthentication attacks by injecting disassociation frames, forcing devices to disconnect from access points. Key techniques involve crafting packets at the IP or using raw sockets, which bypass the operating system's standard processing. On systems, applications create raw sockets via socket(AF_INET, SOCK_RAW, protocol) with privileges, manually assembling headers (e.g., IP, TCP, Ethernet) and computing checksums before transmission via sendto(). Libraries like libnet or libpcap enhance this by providing APIs for packet construction and injection, supporting both IP-layer and link-layer methods such as writing directly to network interfaces. For 802.11 wireless injection, adapters must enter to capture raw frames and injection mode to transmit crafted ones, often requiring driver modifications or specialized firmware. Limitations stem primarily from software and hardware constraints. Raw socket creation demands elevated privileges (e.g., root on via CAP_NET_RAW), and modern operating systems restrict them to prevent unauthorized spoofing—Windows has blocked outbound raw IP packets by default since XP SP2, necessitating third-party drivers like Npcap for circumvention. injection is hardware-dependent, with only specific chipsets (e.g., Atheros AR9271, RT3070) supporting monitor and injection modes; many consumer adapters, including those from , lack this capability or require non-free . Additionally, switched networks limit reach without prior ARP poisoning, kernels may silently drop invalid packets or enforce rate limits, and higher-layer protocols like TCP require manual state management without automatic responses such as ICMP error handling.

Applications

Legitimate and Research Uses

Packet injection serves as a foundational technique in ethical penetration testing, where authorized professionals simulate adversarial network behaviors to evaluate system resilience against potential exploits. For instance, security researchers employ packet crafting to probe firewalls and intrusion detection systems by injecting customized packets that mimic anomalous traffic, thereby identifying configuration weaknesses or unhandled edge cases without causing real harm. This approach is integral to frameworks like those outlined in penetration testing methodologies, ensuring organizations can fortify defenses proactively. In network fuzzing, packet injection facilitates the generation of malformed or randomized packets to stress-test protocol implementations for robustness and hidden vulnerabilities. Tools and scripts leveraging libraries such as enable researchers to systematically alter packet fields—like headers, payloads, or checksums—to observe device responses, uncovering issues such as buffer overflows or denial-of-service triggers in routers, switches, or controllers. Academic and industrial studies, including those on protocol fuzzers, demonstrate its efficacy in revealing flaws in standards like TCP/IP or industrial protocols, with applications dating back to early 2000s research on automated . For protocol development and educational research, developers inject crafted packets to validate , debug implementations, or simulate rare network conditions. In software-defined networks, for example, controlled injection helps verify controller logic against injected flows, aiding in the refinement of specifications since their around 2008. Similarly, in academic settings, it supports dissecting layered protocols by sequences that isolate variables like sequence numbers or options, fostering deeper understanding of behaviors without relying on live production traffic. These applications underscore packet injection's role in advancing secure network architectures, provided they occur in isolated environments or with explicit permissions to mitigate unintended disruptions.

Malicious Uses and Attack Vectors

Packet injection enables attackers to forge and insert malicious data packets into network communications, disrupting legitimate traffic, intercepting sensitive information, or denying service to targets. This technique requires the attacker to operate on the same local or wireless channel, often necessitating tools that support raw packet crafting and transmission in promiscuous or . Common vectors exploit protocol weaknesses, such as the lack of in ARP replies or 802.11 management frames, allowing unauthenticated injection without initial access privileges. A primary attack vector is (also known as ARP poisoning), where the attacker gratuitously sends unsolicited ARP reply packets mapping their own to the of a legitimate host, such as a gateway or victim device. This poisons the ARP caches of affected devices, redirecting traffic through the attacker's interface for man-in-the-middle (MITM) interception, enabling on unencrypted sessions or injection of falsified responses. For instance, in unsecured Ethernet LANs, this can facilitate credential theft or , as demonstrated in practical exploits since the protocol's vulnerabilities were identified in the 1980s but widely abused post-1990s. Attackers often automate this with tools like Ettercap, combining it with traffic relaying to maintain network functionality while covertly modifying payloads. DNS spoofing leverages packet injection to forge authoritative DNS responses, tricking clients into resolving legitimate domains to attacker-controlled IP addresses. By injecting spoofed UDP packets mimicking recursive resolver replies—often after poisoning local ARP tables to intercept queries—the attacker redirects users to sites or hosts. This vector succeeds against non-validating DNS implementations, with historical exploits like the 2008 Kaminsky vulnerability highlighting the risks of predictable transaction IDs in DNS packets, though injection persists via local network control. In denial-of-service (DoS) attacks, packet injection floods targets with crafted packets to exhaust resources, such as injecting incomplete TCP SYN packets to fill connection queues () or overwhelming switches with malformed frames. In (SDN) environments, attackers inject bogus packets simulating new hosts, saturating the controller's processing capacity and disrupting flow table updates, as shown in studies where thousands of injected packets per second caused overload. Wireless variants include injecting excessive probe requests or null data frames to induce channel congestion. Wireless-specific vectors exploit 802.11's open management frame protocol, notably deauthentication (deauth) attacks, where attackers inject spoofed deauth or disassociation frames with forged source addresses to forcibly disconnect clients from access points (APs). This DoS technique, effective against WPA2 networks due to unauthenticated frames, can force clients to rogue APs for further MITM or simply deny connectivity, with tools enabling broadcasts affecting multiple clients simultaneously. The vulnerability stems from the protocol's design assuming physical proximity as security, exploitable within radio range without encryption keys. Protected Management Frames (PMF) in WPA3 mitigate this by requiring authentication, but legacy deployments remain susceptible.

Security and Defense

Detection Methods

Packet injection can be detected through a combination of traffic monitoring, protocol verification, and anomaly analysis, as injected packets often exhibit inconsistencies in headers, timing, or behavioral patterns relative to legitimate traffic. Intrusion detection systems (IDS) such as Snort employ signature-based matching to identify known injection patterns, including forged TCP reset (RST) packets used to terminate connections prematurely. Anomaly-based methods, integrated into network IDS, establish baselines of normal traffic volume, sequence numbers, and inter-packet timings, flagging deviations like sudden bursts of malformed packets or unexpected sequence jumps indicative of injection. Header and Routing Verification Techniques
Techniques targeting spoofed source addresses, a common enabler of injection, include Time-to-Live (TTL) analysis, where discrepancies in expected TTL decrements—typically 1 per hop—reveal packets crafted with incorrect initial values, as authentic packets from a given source maintain consistent hop counts. Reverse Path Forwarding (RPF) checks validate whether incoming packets arrive on the interface consistent with the routing table's path to the claimed source IP; mismatches suggest off-path injection. Ingress filtering at network edges discards packets with invalid source IPs outside allocated ranges, preventing many injection attempts from propagating. Traffic Capture and Comparative Analysis
Packet analyzers like enable real-time capture and inspection, allowing comparison of sent and received packet traces to detect injected elements, such as extraneous RST or packets disrupting sessions—for instance, in ISP interference cases where 13 RST packets were observed versus 5 sent. Tools like pcapdiff automate trace diffs to highlight insertions or modifications, often by disabling offloading features (e.g., TCP offload) for accurate captures on direct public IP connections. Network flow analysis complements this by aggregating metadata (e.g., source/destination IPs, packet sizes) to spot anomalies like high-rate, short-duration flows atypical of benign traffic. Advanced and Protocol-Specific Methods
Cryptographic protocols such as or TLS authenticate packet origins and integrity via digital signatures, rendering undetected injections infeasible without key compromise, as invalid signatures trigger drops. In TCP contexts, delay-based verification—holding packets briefly to check for racing duplicates—counters injection by confirming no unauthorized duplicates precede legitimate ones, though it introduces latency. For software-defined networks (SDN), models, including graph convolutional networks on device flow graphs, achieve up to 91% accuracy in classifying injection as denial-of-service floods by modeling abnormal switch behaviors. Machine learning-enhanced IDS further generalize across protocols, training on labeled datasets to identify subtle injection signatures beyond rule-based thresholds.

Mitigation and Prevention Strategies

Encryption of network traffic using protocols such as or TLS ensures packet authenticity and integrity, rendering injected packets detectable or unusable as they fail cryptographic checks. This approach thwarts man-in-the-middle scenarios where attackers attempt to forge or alter packets, as verified receivers discard non-matching signatures or sequences. Deployment of intrusion detection systems (IDS) and intrusion prevention systems (IPS) enables real-time monitoring for anomalous traffic patterns, such as unexpected packet volumes or malformed structures characteristic of injection attempts. IDS passively alerts on deviations from baseline behavior, while IPS actively drops suspicious packets, with studies in software-defined networks (SDN) demonstrating over 99% accuracy in classifying injectors using machine learning models like graph convolutional neural networks. Firewalls incorporating stateful inspection and filter invalid or unauthorized packets at network edges, complemented by lists (ACLs) to restrict injection vectors. on switches and controllers further mitigates denial-of-service effects from mass injections by capping throughput of unverified flows. isolates segments with tailored security policies, containing potential propagation of injected packets. Regular patching of software, , and protocols addresses exploits enabling injection tools, such as outdated drivers vulnerable to monitor-mode abuse. Continuous via logging and tools identifies injection early, allowing proactive isolation of compromised nodes without disrupting legitimate operations. In and environments, protocols enforcing packet filtering at forwarding nodes discard junk injections with high probability, exposing injectors through identity verification.

Tools and Implementations

Open-Source Software

is a Python-based open-source library designed for interactive packet manipulation, enabling users to forge, decode, send, and capture packets across numerous protocols including IP, TCP, UDP, and Ethernet. It supports layer 2 and layer 3 packet injection, allowing scripted construction of custom packets for network testing and analysis, such as simulating attacks or probing firewalls. Developed initially by Philippe Biondi and maintained under the GPL license, 's flexibility stems from its object-oriented packet representation, where packets are built by stacking layers and fields programmatically, e.g., IP(dst="target")/TCP(dport=80)/"GET / HTTP/1.0\r\n\r\n". hping3, an evolution of the original hping tool, is a command-line utility for generating and transmitting custom TCP/IP packets, supporting modes for floods, ICMP probes, and UDP injection to test network resilience and firewalls. Released under GPL and commonly bundled in distributions like , it facilitates raw socket operations for crafting packets with specified flags, sequences, and payloads, such as --syn --flood -p 80 target for high-volume TCP injection. Its lightweight design makes it suitable for denial-of-service simulations and alternatives, though it lacks the multi-layer protocol depth of . Ettercap provides open-source capabilities for packet injection within man-in-the-middle frameworks, primarily through ARP poisoning and content filtering plugins that allow , modification, and reinjection of live traffic. Licensed under GPL, it operates in active dissection mode to alter packets on-the-fly for protocols like HTTP and DNS, enabling techniques such as credential sniffing or spoofing, as seen in filters that replace packet payloads during transit. While focused on LAN-based attacks, its plugin architecture extends to custom injection scripts, distinguishing it from pure crafters by integrating sniffing with real-time manipulation. Ostinato serves as a cross-platform GUI-driven packet crafter and injector, supporting high-throughput generation of Ethernet, IP, and higher-layer packets for traffic simulation and protocol testing. Available under GPL, it excels in automated stream injection with precise control over rates, delays, and errors, making it valuable for scalability assessments in SDN environments or fuzzing network devices.

Commercial and Specialized Tools

Commercial tools for packet injection are predominantly developed by network testing vendors and are designed for enterprise-grade performance validation, protocol conformance testing, and stress simulation in controlled environments such as data centers and labs. These tools typically integrate software interfaces with dedicated hardware chassis or modules capable of generating and injecting high-volume, customizable packet streams at rates exceeding 100 Gbps per , supporting protocols from Layer 2 Ethernet to Layer 7 applications. Unlike open-source alternatives, commercial implementations emphasize scalability, precision timing, and integration with automation frameworks for repeatable testing scenarios. Spirent TestCenter, a offering from Communications, provides packet generation and injection capabilities through its base package, enabling users to craft streams with deliberate errors such as FCS corruption, IPv4/ checksum mismatches, and TCP checksum anomalies to evaluate device robustness under fault conditions. The platform supports real-time packet capture alongside injection, facilitating immediate analysis of network responses, and is widely deployed for , Ethernet, and IP network validation with hardware modules scaling to 400 Gbps interfaces. Spirent's tools prioritize deterministic latency and control, essential for benchmarking switches and routers against standards like RFC 2544. Keysight Technologies, following its acquisition of , offers IxNetwork as a core component for emulation and injection, generating realistic Layer 4-7 flows that mimic user applications and scenarios across 1G to 800G Ethernet speeds. This software-hardware solution allows injection of synthetic to stress-test QoS mechanisms, application delivery controllers, and appliances, with features for protocol stateful emulation and impairment simulation. Keysight's Elastic Network Generator extends these capabilities via API-driven control, integrating with DPDK for high-throughput injection on commodity servers while supporting custom packet crafting for edge cases like malformed headers. Specialized hardware tools often include modular with application-specific modules, such as 's load modules for multi-port injection or Spirent's high-density ports for massive scale testing. These differ from general-purpose NICs by providing nanosecond-level timing accuracy and hardware offload for complex stateful protocols, reducing CPU overhead in injection tasks. For instance, Ixia-derived modules in systems support full L2-7 protocol stacks, enabling injection of BGP or MPLS traffic for routing . Adoption of these tools is common in and hyperscale environments, where they ensure compliance with carrier-grade requirements, though their high cost—often exceeding $100,000 per —limits them to labs rather than ad-hoc assessments.

Regulatory Frameworks

In the United States, unauthorized packet injection into computer networks is primarily governed by the , codified at 18 U.S.C. § 1030, which prohibits intentional access to protected computers without authorization or exceeding authorized access, with further intent to defraud or cause damage; violations can result in civil penalties or criminal fines and imprisonment ranging from one to twenty years depending on factors like prior offenses and resulting harm. For wireless networks, the regulates under 47 U.S.C. § 333, which bans willful interference with radio communications, treating certain packet injection techniques—such as deauthentication floods that disrupt signals—as prohibited jamming; the FCC has enforced this against entities attempting to block unauthorized hotspots, with penalties including fines up to $144,625 per violation as of 2023. Legitimate uses, such as authorized penetration testing, are exempt provided they occur with explicit permission and do not cause unintended interference. In the , the Directive 2013/40/EU on attacks against information systems mandates that member states criminalize serious disturbances to the functioning of information systems, including denial-of-service actions via packet injection that hinder or transmission; penalties must be effective, proportionate, and dissuasive, often including imprisonment for up to two years for basic offenses escalating with damage or intent. This framework applies to cross-border incidents, supplemented by the Network and Information Systems (NIS2) Directive (EU) 2022/2555, which imposes cybersecurity risk management obligations on operators of to prevent and report interference like packet flooding, with non-compliance fines up to €10 million or 2% of global annual turnover. Authorized research or testing is permitted under national implementations, but requires safeguards against unauthorized impact. Internationally, the Convention on Cybercrime ( Convention), ratified by over 60 countries including the and most members since 2001, establishes minimum standards for criminalizing system interference—defined as intentionally impeding the legitimate use of computer systems via input, transmission, or damage—facilitating and mutual legal assistance for packet injection offenses crossing jurisdictions. No standalone global specifically targets packet injection, but misuse aligns with prohibitions on unauthorized data interference under this convention, with enforcement varying by domestic adoption.

Ethical and Practical Considerations

Packet injection raises significant ethical concerns primarily due to its potential to disrupt network operations and infringe on privacy without consent. In unauthorized scenarios, it enables activities such as traffic manipulation or denial-of-service (DoS) attacks, which can cause real-world harm including service outages or data exposure, violating principles of non-maleficence in cybersecurity practices. Ethical guidelines for penetration testing, where packet injection may be used legitimately, emphasize obtaining explicit written and adhering to predefined to limit scope and mitigate risks of . Failure to secure such permission transforms the technique into illegal hacking, potentially breaching laws like the U.S. , underscoring the need for transparency and accountability in security research. Practically, implementing packet injection demands specialized hardware and software capabilities, such as wireless adapters supporting for 802.11 injection or raw socket access requiring privileges on operating systems like . Challenges include overcoming protocols (e.g., TLS) that prevent effective delivery, synchronizing with protocol states like TCP sequence numbers, and navigating switched network topologies where broadcast domains limit reach without prior techniques like . In software-defined networks (SDNs), experiments using tools like in Mininet environments demonstrate that injecting spoofed packets at rates of 1,600 per second can overload controllers by flooding Packet-In messages, but this requires reactive SDN modes and faces detection via MAC/port validation, adding overhead of under 20 microseconds in defenses like PacketChecker. These factors highlight the technique's feasibility in controlled tests but increased difficulty in production environments with stateful firewalls and , often necessitating hybrid approaches that risk self-exposure or unintended network instability.

References

  1. https://www.twingate.com/blog/glossary/packet%2520injection
  2. https://www.oreilly.com/library/view/applied-network-security/9781786466273/30f87c7a-d5cb-448e-ae8e-fcf57dc8e624.xhtml
  3. https://www.ndss-symposium.org/wp-content/uploads/2017/09/weav.pdf
  4. https://xgao-work.github.io/paper/tifs18.pdf
  5. https://www.igi-global.com/dictionary/wireless-wardriving/21752
  6. https://www.mdpi.com/2076-3417/12/3/1103
  7. https://www.sciencedirect.com/science/article/pii/S1389128623003808
  8. https://dl.acm.org/doi/10.1145/2810103.2813643
  9. https://www.twingate.com/blog/glossary/packet%20injection
  10. https://www.eff.org/wp/detecting-packet-injection
  11. https://learn.microsoft.com/en-us/windows/win32/winsock/tcp-ip-raw-sockets-2
  12. https://www.baeldung.com/cs/raw-sockets
  13. https://www.tcpdump.org/old_releases.html
  14. https://www.eff.org/wp/packet-forgery-isps-report-comcast-affair?language=ja
  15. https://www.wired.com/2013/11/this-is-how-the-internet-backbone-has-been-turned-into-a-weapon/
  16. https://www.valencynetworks.com/blogs/cyber-attacks-explained-packet-crafting/
  17. https://www.opensourceforu.com/2015/03/a-guide-to-using-raw-sockets/
  18. https://twiki.di.uniroma1.it/pub/CSaP/MaterialeCorso/Raw-Sockets.pdf
  19. https://tuprints.ulb.tu-darmstadt.de/6243/1/TR-18.pdf
  20. http://www.gbppr.net/packetfactory/papers/Libnet-primer/libnet-primer.pdf
  21. https://unicminds.com/monitor-and-injection-modes-in-wireless-adapters/
  22. http://s.web.umkc.edu/szb53/cs423_sp16/lectures/CS423_raw_sockets_bw.ppt
  23. https://www.sans.org/white-papers/33249/
  24. https://www2.eecs.berkeley.edu/Pubs/TechRpts/2019/EECS-2019-112.pdf
  25. https://scapy.net/
  26. https://github.com/nccgroup/fuzzowski
  27. https://www.redhat.com/en/blog/test-tcp-python-scapy
  28. https://www.cs.ryerson.ca/~zereneh/cn8001/CN8001-PacketCraftingUsingScapy-WilliamZereneh.pdf
  29. https://www.cisco.com/c/en/us/td/docs/iosxr/cisco8000/system-monitoring/b-system-monitoring-cr-cisco8k/tgen-commands.html
  30. https://www.imperva.com/learn/application-security/arp-spoofing/
  31. https://www.crowdstrike.com/en-us/cybersecurity-101/social-engineering/arp-spoofing/
  32. https://www.invicti.com/learn/mitm-arp-spoofing
  33. https://www.imperva.com/learn/application-security/dns-spoofing/
  34. https://www.veracode.com/security/spoofing-attack/
  35. https://owasp.org/www-community/attacks/Denial_of_Service
  36. https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA10H000000bqRZSAY&lang=en_US
  37. https://www.aircrack-ng.org/doku.php?id=deauthentication
  38. https://aletheatech.com/malicious-packet-injection/
  39. https://www.snort.org/
  40. https://www.ibm.com/think/topics/intrusion-detection-system
  41. https://www.baeldung.com/cs/spoofed-packets-detection
  42. https://www.blackhat.com/docs/us-16/materials/us-16-Nakibly-TCP-Injection-Attacks-in-the-Wild-A-Large-Scale-Study.pdf
  43. https://s2.ist.psu.edu/paper/Gu-IJSN-06.pdf
  44. https://scapy.readthedocs.io/en/latest/introduction.html
  45. https://scapy.readthedocs.io/en/latest/usage.html
  46. https://scapy.net/talks/scapy_lsm2003.pdf
  47. https://www.kali.org/tools/hping3/
  48. https://www.webasha.com/blog/what-is-hping3-tool-features-installation-commands-use-cases-explained
  49. https://www.infosecinstitute.com/resources/network-security-101/15-best-free-packet-crafting-tools/
  50. https://www.ettercap-project.org/
  51. https://www.kali.org/tools/ettercap/
  52. https://github.com/Ettercap/ettercap
  53. https://www.keysight.com/us/en/products/network-test/synthetic-traffic-generators.html
  54. https://www.spirent.com/
  55. https://assets.ctfassets.net/wcxs9ap8i19s/4oEsMdQIACvq2bS6w98Syv/60351a3f7f2661fd40bcefe17c6e38a8/STC_Packet_Generator-Analyzer_BasePackage_datasheet.pdf
  56. https://www.keysight.com/us/en/products/network-test/protocol-load-test/ixnetwork.html
  57. https://ixia-c.dev/
  58. https://www.keysight.com/us/en/assets/7123-1032/catalogs/Layer-4-7-Network-Test-Products.pdf
  59. https://cogwell.com/collections/spirent/data-traffic-generator
  60. https://www.law.cornell.edu/uscode/text/18/1030
  61. https://www.justice.gov/criminal/criminal-ccips/page/file/1252341/dl?inline
  62. https://digital-strategy.ec.europa.eu/en/policies/nis2-directive
  63. https://www.twingate.com/blog/glossary/packet-injection
  64. https://www.pcisecuritystandards.org/documents/Penetration-Testing-Guidance-v1_1.pdf
  65. https://intrix.com.au/articles/ethical-considerations-in-penetration-testing/
  66. https://www.secureideas.com/knowledge/what-are-the-ethical-and-legal-considerations-for-penetration-testing
  67. https://www.secdev.org/projects/scapy/
Add your contribution
Related Hubs
User Avatar
No comments yet.