Raw Sockets Ip Spoofing

#1
Kuto

Posted 14 March 2011 - 07:09 AM

Learning Programmer

Members
49 posts

Hi guys, very long time i'v been trying to learn ip spoofing. Actually it is not that hard but i cannot test my code. This is a big problem right?

Now im looking at some ping programs and they use raw sockets, they work fine. But if i change the source ip address, thats mean if i spoof the source ip, i cant receive ping echo. I check network traffic out with wireshark, i see ping request sent but no answer.

If i dont spoof source ip and if its lan ip of mine, everything is ok, i send request, and have echo back.
So my real question is, how can i make sure if ping request send succesfuly or not after i changed the source ip address.

I mean, i wonder if router accept and send spoofed ping packets to target server. Maybe even source ip is not my lan ip, and even router cannot receive the echo of ping request, maybe still router send this packets.

I wanna make sure about it, for example i send ping requests to my own server, how can i see ping requests i received, if i see a ping request coming from ip which i changed, thats mean is router send spoofed packets anyway.

I hope you get my question correctly, im not sure if this is a C/C++ thread but i should say i use C and my platform is ubuntu.

#2
WingedPanther

Posted 14 March 2011 - 11:55 AM

A spammer's worst nightmare

Moderators
16,831 posts

Location:Upstate, South Carolina
Programming Language:C, C++, PL/SQL, Delphi/Object Pascal, Pascal, Transact-SQL, Others
Learning:Java, C#, PHP, JavaScript, Lisp, Fortran, Haskell, Others

Have a second computer with the spoofed ID and wireshark listening for ping replies.

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

#3
Kuto

Posted 14 March 2011 - 01:19 PM

Learning Programmer

Members
49 posts

I dont have :(, i have only my mobile in same local network, i can ping my phone but i think i can not see ping requests on it.

Anyway its not problem, if you show me the way to see ping requests on pc, i can send my program to my friend and while he send me ping request i check it out.

does wireshark or tcpdump show ping request?

#4
Kuto

Posted 14 March 2011 - 02:14 PM

Learning Programmer

Members
49 posts

EDIT..

#5
Alexander

Posted 14 March 2011 - 04:05 PM

It's Science!

Moderators
4,118 posts

Location:Vancouver, Eh! Cleverness: 200

I believe a router's firewall can be set up (if not by default) to log all incoming ICMP echos, as they are occasionally malicious.

Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.

#6
Upstream

Posted 14 March 2011 - 06:12 PM

Learning Programmer

Members
44 posts

I use XP and then its easy. Disable the firewall on your router or set "dmz host" for your pc in your router settings. Then adjust your windows firewall to accept incoming echo requests and activate the xp firewall log to log all incoming connections. This will show all incoming requests and echo requests received will look like this in your log file:

2011-03-15 03:19:15 OPEN TCP 192.168.0.11 192.67.63.155 6465 22 - - - - - - - - -
2011-03-15 03:19:19 DROP TCP 66.102.13.100 192.168.0.11 80 6444 119 AP 3126238333 141363939 28340 - - - RECEIVE
2011-03-15 03:19:29 DROP TCP 66.102.13.100 192.168.0.11 80 6444 119 AP 3126238333 141363939 28340 - - - RECEIVE
2011-03-15 03:19:33 CLOSE TCP 192.168.0.11 192.67.63.155 6465 22 - - - - - - - - -
2011-03-15 03:19:39 DROP TCP 66.102.13.100 192.168.0.11 80 6444 119 AP 3126238333 141363939 28340 - - - RECEIVE

Of course there is software to make nice logs but this basically works and is proof of concept.

PS. No reply is send.