Wireshark-users: [Wireshark-users] Packet Injection Software

From: "Troy Curtis Jr" <troycurtisjr@xxxxxxxxx>
Date: Tue, 25 Jul 2006 22:48:32 -0500
Hello list, I figured that this list would have subscribers who are active in LAN protocol creation/analysis and therefore the perfect audience to pose my question.  I am looking for a software package that I can use to rapidly generate LAN messages with an arbitrary structure.  Of course it is pretty easy to whip up a C program to simply generate some packet, so I'd also want it to have some decent interface to go along with it.  In the archives of this list I did find a couple of suggestions (nemesis, packETH) but they are still not what I am looking for.

Basically, in my job I find that my co-workers and I end up making many small special-purpose "simulators" for communicating with remote hosts.  These really amount to message generators that have at most a basic response logic (get some message type, response with some other type).   There is a lot of copy-paste going on, but it is still a pain to add some new packet structure (require changes in 3-4 places, plus a little bit of debug).  It seemed to me that this should be a pretty widespread issue and I thought that there must be some program already floating around.  I have been poking around with Google, but I get programs that are less than ideal.  I don't want binary payload files because I want an easy way to alter the values at runtime.

Ultimately I may end up scratching my own itch unless there is a sufficient tool out there.  I am going to describe how I would like to see a tool like this to work and I would like any suggestions of software that will fit that need and/or comments on whether you think my "design" would be useful. 

I would want everything based on ASCII configuration files (not binary "payload" files, you'll see why in a bit).  The layout would be such that you could pretty much define any field in a packet (mac address, ip address, ports, etc.) but for certain values like source mac address/port/ip address some sane values could be used as defaults by the program.  The "payload" of the packet would be built up using (optionally named) tags such as <byte>, <word>, <string>.  A simple example:

<packet id="Status Request" type="udp">
  <header>
        <host type="destination">target</host>
        <port type="destination">1234</port>
  </header>
  <payload>
        <dblword id="Message Type"> 23 </dblword>
        <ascii id="Friendly Message"> What is your status? </ascii>
  </payload>
</packet>

Then you could point the program to this file (which would contain multiple defined packets) and it would present the user with an ability to chose the packet id they want and create an interface with named fields (based on the id parameter of the tag) that the user can then change before sending the packet on.

So what do ya'll think?


--
"Beware of spyware. If you can, use the Firefox browser." - USA Today
Download now at http://getfirefox.com
Registered Linux User #354814 ( http://counter.li.org/)