23 April 2013

Packetyzer: A step towards future

Long time I didn't write on the blog, but I am back with my latest and first paper on Packetyzer, my first packet analysis C++ library. 

Packetyzer is a high level library for C++ designed to make easier the forging and decoding of network packets. It has the ability to decode packets of most common network protocols, capture them and send them on the wire. This capability allows construction of tools that can probe, scan or attack networks.

It enables the creation of networking tools in a few lines. A packet is described by its where Fields of each layer have useful default values that you can overload. It has the ability to analyze pcap files or captured packets using Wireshark.

Packetyzer has the ability to capture packets, analyze them and send them over the wire. It analyzes the packets and the connection streams ... from the Ethernet header to the Application layer protocols. Packetyzer is in the form of Dynamic Link Library (DLL) that will help to be included in many tools and projects.

Previous work

Scapy :  Scapy is a packet manipulation tool for computer networks, written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery.

Scapy provides a Python interface into libpcap, (Winpcap on Windows), in a similar way to that in which Wireshark provides a view and capture GUI. It can interface with a number of other programs to provide visualization including Wireshark for decoding packets, GnuPlot for providing graphs, graphviz or VPython for visualization, etc.


            namespace Elements
                        class cFile        class cString    class cHash    

            namespace Generators
                        class cPacketGen
            namespace Analyzers
                        class cPacket               class cPcapFile
            namespace Traffic

                        namespace Connections
                                    class cTraffic               class cConnection      class cTCPReassembler

                        namespace Streams
                                    class cUDPStream       class cConStream       class cARPStream
                                    class cDNSStream      class cTCPStream        class cHTTPStream
class cICMPStream
            namespace Capture
                        class cWinpcapCapture

            namespace Send
                        class cWinpcapSend

What's New?


  •   It has the ability to decode:
Ethernet, ARP, IP, IP options, IGMP, ICMP, TCP, TCP options, UDP, DNS and HTTP

The cPacket class is an abstract class designed to manage the data structure of any packet, which is the base of all protocols implemented in Packetyzer. All the classes derived from the cPacket class have a set of common methods as following:

Ø  Each packet is decoded according its own protocol type.
Ø  Packet checksum and TTL are checked to detect if the packet I forged.
Ø  Every packet is split into different headers according to its layered protocols starting to Ethernet protocol until the application layer protocol.
Ø  Packetyzer it has the ability to recalculate the checksum and correct it in the actual packet.
Ø  UDP & TCP data sizes are calculated and their data are parsed out into Character pointers to be used later, Also TCP and IP options are parsed out.

  • Extracting packets of the same session and storing them into stream structures.
Supported streams are: IP Streams, ARP Streams, ICMP Streams, TCP Streams, UDP Streams, DNS Streams and HTTP Streams.

  • The ability to reassemble TCP Segments and get data buffer from the packets reassembly.
It can be used to extract files from capture files sent or received through HTTP protocol for example.

  • Packetyzer can capture packets using Winpcap library and sort each group according to its type in a cTraffic structure.

  • Sending raw packets on the wire that have been captured or generated by cPacketGen.

  • A Packet Generator that can generate different types of packets. It has powerful options to manipulate and craft specific packets.

To-Do List
§    Enhancing TCP Assembler to be more intelligent.
§    Implementing SSL , IPv6, IPv6 Options Decoders
§ Adding Layered Service Provider class


No comments:

Post a Comment