Hui Lin_Searching help for some reconstructing TCP packet


It is probably not related to Bro development but it is a challenge that I met in my research progress.

Right now, I can at least get some different DNP3 traffic from what I had before. I would like to generate some illegal traffic based on this legal traffic set. My plan is to flip a bit values in each bit location of the DNP3 packet and see how my Bro analyzer behave.

For each DNP3 packet, I can use the Bro to extract a byte stream of the TCP payload. I am wondering is there any way to reverse this procedure. For example, I had a byte stream X. I wish to construct a network packet based on TCP protocol and this X will be the payload of TCP packet. If the X is too long, I hope that several TCP packets can be constructed with the correct sequence number being set.

I am taking look at the socket api in Windows at this moment (WSASocket). But I am not quite sure whether it is possible to do this by that API.

Any comments and inputs are welcome.


It might be best to use something like Scapy to modify the packet contents. I think you should be able to load in packets, modify them and write them back out. (don't hold me to that though, I don't know Scapy very well yet)


netdude may work as well: