Packet crafting involves altering a normal IP packet before transmitting it on a network. Common use cases are to test firewall rules, evade intrusion detection, or cause a denial of service. For example, you could raise unusual TCP flags to see if a firewall allows the packet. Or, you could fragment a packet so that its malicious signature is not recognized by an IDS. If denial of service is your goal, you could create fragmented packets that cannot be reassembled, thus consuming all of a target's CPU time or even causing a kernel panic ("blue screen of death"). The goal in all cases is to use as few packets as possible to achieve the desired result.

Packet crafting involves four stages:

  1. Packet assembly—create the packet to be sent.
  2. Packet editing—modify the contents of a created or captured packet.
  3. Packet play—send/resend a packet on the network.
  4. Packet decoding—capture and analyze traffic generated by Packet Play. Typically, a packet analyzer such as Wireshark is used for this stage.

Depending on the tool you use, the first three stages can all be performed by the same command. You can craft your packet(s) using the command line, GUI, or script options. A number of hacking tools (including Metasploit) use packet crafting techniques as part of the attack. Some popular packet crafting tools include Hping/Hping3, Nping, Ostinato, Scap, Libcrafter, Yersinia, packETH, Colasoft Packet Builder, and Bit-Twist.

Hping3 packet crafting