Packetyzer is a high level library for C++ designed to make easier the forging and decoding of network packets. It has the ability to decode packets of most common network protocols, capture them and send them on the wire. This capability allows construction of tools that can probe, scan or attack networks.
It enables the creation of networking tools in a few lines. A packet is described by its where Fields of each layer have useful default values that you can overload. It has the ability to analyze pcap files or captured packets using Wireshark.
Packetyzer has the ability to capture packets, analyze them and send them over the wire. It analyzes the packets and the connection streams ... from the Ethernet header to the Application layer protocols. Packetyzer is in the form of Dynamic Link Library (DLL) that will help to be included in many tools and projects.
Scapy : Scapy is a packet manipulation tool for computer networks, written in Python by Philippe Biondi. It can forge or decode packets, send them on the wire, capture them, and match requests and replies. It can also handle tasks like scanning, tracerouting, probing, unit tests, attacks, and network discovery.
Scapy provides a Python interface into libpcap, (Winpcap on Windows), in a similar way to that in which Wireshark provides a view and capture GUI. It can interface with a number of other programs to provide visualization including Wireshark for decoding packets, GnuPlot for providing graphs, graphviz or VPython for visualization, etc.
class cFile class cString class cHash
class cPacket class cPcapFile
class cTraffic class cConnection class cTCPReassembler
class cUDPStream class cConStream class cARPStream
class cDNSStream class cTCPStream class cHTTPStream
- It has the ability to decode:
Ethernet, ARP, IP, IP options, IGMP, ICMP, TCP, TCP options, UDP, DNS and HTTP
The cPacket class is an abstract class designed to manage the data structure of any packet, which is the base of all protocols implemented in Packetyzer. All the classes derived from the cPacket class have a set of common methods as following:
Ø Each packet is decoded according its own protocol type.
Ø Packet checksum and TTL are checked to detect if the packet I forged.
Ø Every packet is split into different headers according to its layered protocols starting to Ethernet protocol until the application layer protocol.
Ø Packetyzer it has the ability to recalculate the checksum and correct it in the actual packet.
Ø UDP & TCP data sizes are calculated and their data are parsed out into Character pointers to be used later, Also TCP and IP options are parsed out.
- Extracting packets of the same session and storing them into stream structures.
Supported streams are: IP Streams, ARP Streams, ICMP Streams, TCP Streams, UDP Streams, DNS Streams and HTTP Streams.
- The ability to reassemble TCP Segments and get data buffer from the packets reassembly.
It can be used to extract files from capture files sent or received through HTTP protocol for example.
- Packetyzer can capture packets using Winpcap library and sort each group according to its type in a cTraffic structure.
- Sending raw packets on the wire that have been captured or generated by cPacketGen.
- A Packet Generator that can generate different types of packets. It has powerful options to manipulate and craft specific packets.
§ Implementing SSL , IPv6, IPv6 Options Decoders
§ Adding Layered Service Provider class