Use Nmap to send arbitrary data from spoofed address/port

0

For testing the error and timeout handling of a custom SIP stack, it is sometimes useful to send UDP packets from multiple source addresses (even ones that are assigned to other hosts) to the host running the SIP stack.

Nmap has the ability to spoof it's source address (-S) and port (-g), I now need to specify what data should be sent to the specified address and port as a UDP packet.

It seems possible to do using the Nmap Scripting Engine, but I haven't found out how to use it.

Is there a straight-forward way to do this using Nmap or another tool readily available on UNIX platforms?

Feuermurmel

Posted 2012-01-11T17:26:47.553

Reputation: 115

Answers

5

You can have a look at Scapy tool is very easy to use to craft packets. It is a python based-tool. You can find a basic example here.

http://trac.secdev.org/scapy/wiki/ScapyRecipes http://www.secdev.org/projects/scapy/build_your_own_tools.html

As for spoofing SIP traffic, you can capture actual SIP traffic with wireshark. Export the payload as file and use that file as payload with any of the traffic generation tools.

Other tools available are

http://www.hping.org/ easy , CLI

http://code.google.com/p/ostinato/ easy , GUI

http://nemesis.sourceforge.net/

daya

Posted 2012-01-11T17:26:47.553

Reputation: 2 445

Scapy looks mighty powerful! I'll look into it. – Feuermurmel – 2012-01-15T20:44:38.820

1

netcat can do the job. You can send arbitrary UDP data and spoof the address via -s.

crenate

Posted 2012-01-11T17:26:47.553

Reputation: 245

How can I specify the payload of a UDP packet? BTW, the option to spoof the source address is written with a capital S. – Feuermurmel – 2012-01-15T20:43:41.490

Asked: 2012-01-11T17:26:47.553

Viewed: 2 634 times

Active: 2012-01-11T19:19:18.603