{"id":184,"date":"2018-01-18T00:57:21","date_gmt":"2018-01-18T00:57:21","guid":{"rendered":"https:\/\/www.kuncar.net\/blog\/?p=184"},"modified":"2018-12-03T22:09:09","modified_gmt":"2018-12-03T22:09:09","slug":"packeth-tutorial-part-i-the-interface-and-the-packet-builder-2","status":"publish","type":"post","link":"https:\/\/www.kuncar.net\/blog\/2018\/packeth-tutorial-part-i-the-interface-and-the-packet-builder-2\/","title":{"rendered":"PackEth tutorial part I \u2013 The Interface and The Packet Builder"},"content":{"rendered":"

\"\"In one of my previous posts I have mentioned great piece of software called\u00a0PackEth<\/a>\u00a0and I have also promised that will write up a separate article about it as I just think this amazing tool deserves as much attention as I can give it.\u00a0 So what does this software do? \u00a0Well let me quote the author \u201d\u00a0PackETH is GUI and CLI packet generator tool for Ethernet<\/em>\u2026It\u00a0allows you to create and send any possible packet or sequence of packets on the Ethernet link.\u201d\u00a0<\/em>I would add that that it is the only tool I have found that actually allows you to assemble Ethernet frames and a IP packets that actually does what you would expect it to do while being multi-platform and incredibly stable. I think I have never seen it crashing which speaks for itself. \u00a0This article will focus around version 1.6 as that is the one that has both Linux and Windows versions available. The drawback is that at the time of writing the L3 IPv6 support is not included.<\/span><\/span><\/p>\n

Introduction<\/span><\/strong><\/h3>\n

Getting the package is quite simple as it is a a project hosted on\u00a0sourceforge<\/a>. There are versions available fro r Windows Linux and MacOS. But if you are using Linux then there is a good chance that the package will be in your repository (it is present in Debian stable and \u00a0Ubuntu). Installation is simple \u2013 in windows just unpack the .zip file and run packeth.exe \u2013 And yes it is completely standalone software so no installation no garbage in registry etc. The installation has all libraries included so the folder after unpacking has about 18MB which I think is very reasonable. I would recommend using Linux version as along with Packeth you will be most likely using WireShark as well and that has some issues on L2 in windows. If you are happy with L3 testing only then the OS choice is irrelevant.<\/span><\/p>\n

The Gui will open in the builder mode which is probably the most useful and most interesting mode of all the ones that are offered. Switching between the mode you can on the top left part of the menu.<\/span><\/p>\n

\"GUI-main-controlls\"<\/a><\/span><\/p>\n

In the middle section you can save and load configuration you have made in the past for repeated testing. In the interface button you will have a selection of interface you can use for PackETH \u2013 in Linux it is simple ethX interface. Under windows it is bit more complicated as PackETH doesn\u2019t use the \u201chuman readable\u201d name a.k.a. local network 1 or similar but instead it uses the system name which looks like this<\/span><\/p>\n

\\Device\\NPF_{653EFF5C-E308-4494-A7DC-1C65E8BCE92F}<\/span><\/p><\/blockquote>\n

If you are wondering where is that name coming from it is an ID from WinPcap library and there is no simple way how to find out which ID is which interface but as normally you want to use just one \u2013 you can just disable all the others and read the ID in PackETH. The most important thing is \u2013 if you are not a superuser (or have permitted access to network cards on the machine) the interface list will be empty.<\/span><\/p>\n

The send button is simply sending the frame\/stream from the interface. The stop button us useful only when you are running continuous streams as in all other cases.<\/span><\/p>\n

Builder mode<\/span><\/h3>\n

Is the basic and most interesting for me personally as it allows for complete buildup of a L2 frame\/ L3 packet \/ L4 datagram. It has multiple options and parts which make it incredibly handy.<\/span><\/p>\n

Data Link Layer<\/span><\/h4>\n

Before going into Data Link Layer of the builder \u2013 just a small reminder of how ethernet frame looks like:<\/span><\/p>\n

\"ethernet<\/a><\/span><\/p>\n

In the Link layer section you can choose which standard of Ethernet you want to use for your frame. The majority of Ethernet traffic in networks nowadays is Ethernet Version II (Also known as DIX). In the last data I\u2019ve read about this topic about 5 years ago were showing that Ethernet II is about 95% of all Ethernet traffic. This should be taken in account when you build your frames as the NIC in your PC might not even be able to build 802.3 frame due to driver restrictions. I have seen this on multiple PCs. Also the receiving party might be dropping this type of frames as despite the attempted compatibility not many vendors actually care about this at all.<\/span><\/p>\n

\"ethertype\"<\/a><\/span><\/p>\n

If you chose the Ethernet version II frame format the\u00a0ethertype<\/a>\u00a0field (also known as DIX type) will become available. This field identifies what protocol is encapsulated in the frame. The current options are:<\/span><\/p>\n