packet injection

By utilizing raw sockets, NDIS function calls, or direct access to a network adapter kernel mode driver, arbitrary packets can be constructed and injected into a computer network. These arbitrary packets can be constructed from any type of packet protocol (ICMP, TCP, UDP, and others) since there is full control over the packet header while the packet is being assembled.

• Create a raw socket
• Create an Ethernet header in memory
• Create an IP header in memory
• Create a TCP header or UDP header in memory
• Create the injected data in memory
• Assemble (concatenate) the headers and data together to form an injection packet
• Compute the correct IP and TCP or UDP packet checksums
• Send the packet to the raw socket

Packet injection has been used for:

• Disrupting certain services (file sharing or HTTP) by Internet service providers and wireless access points{{cite book |last1=Gu |first1=Qijun |last2=Liu |first2=Peng |last3=Zhu |first3=Sencun |last4=Chu |first4=Chao-Hsien |title=GLOBECOM '05. IEEE Global Telecommunications Conference, 2005 |chapter=Defending against packet injection attacks unreliable ad hoc networks |date=November 2005 |volume=3 |pages=5 pp.– |doi=10.1109/GLOCOM.2005.1577966 |isbn=0-7803-9414-3 |s2cid=6631918 |chapter-url=http://s2.ist.psu.edu/paper/cross-TR.pdf |language=en |issn=1930-529X}}{{Cite web|url=https://www.eff.org/ja/wp/packet-forgery-isps-report-comcast-affair|title = Packet Forgery by ISPs: A Report on the Comcast Affair|date = 28 November 2007}}
• Compromising wireless access points and circumventing their security
• Exploiting certain functionality in online games
• Determining the presence of internet censorship
• Allows for custom packet designers to test their custom packets by directly placing them onto a computer network
• Simulation of specific network traffic and scenarios
• Testing of network firewalls and intrusion detection systems
• Computer network auditing and troubleshooting computer network related issues

Through the process of running a packet analyzer or packet sniffer on both network service access points trying to establish communication, the results can be compared. If point A has no record of sending certain packets that show up in the log at point B, and vice versa, then the packet log inconsistencies show that those packets have been forged and injected by an intermediary access point. Usually TCP resets are sent to both access points to disrupt communication.{{Cite web|url=https://www.eff.org/wp/detecting-packet-injection|title = Detecting packet injection: A guide to observing packet spoofing by ISPs|date = 27 November 2007}}{{cite conference |url=http://www.icir.org/vern/papers/reset-injection.ndss09.pdf |title=Detecting forged TCP reset packets |last1=Weaver|first1=Nicolas |last2=Sommer |first2=Robin |last3=Paxson |first3=Vern |date=September 2009 |location=San Diego, California, USA |conference= Proceedings of the Network and Distributed System Security Symposium, NDSS 2009, 8th February - 11th February 2009}}

• lorcon, part of [http://airpwn.sourceforge.net/Airpwn.html Airpwn]
• KisMAC
• pcap
• Winsock
• CommView for WiFi Packet Generator
• Scapy
• Preinstalled software on Kali Linux (BackTrack was the predecessor)
• NetHunter (Kali Linux for Android)
• HexInject

• Packet capture
• Packet generation model
• Raw socket
• Packet crafting
• Packet sniffer

• [https://web.archive.org/web/20071026075404/http://www.security-freak.net/packet-injection/packet-injection.html Packet Injection using raw sockets]

Category:Packets (information technology)