Pass binary directly through the nic linux

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite
1












I do a lot of fuzzer creation for my job (sending random data to frequently "unknown" old protocols). Sometimes I have to "bit bang" this with a saleae analyzer with a python template that works for me. I'm trying to get some deeper knowledge though. I am comfortable in Bash and with what I do I'm very experienced with sending information directly over a TCP socket



echo "whatever" > /dev/tcp/[ip]/[port]



I've been playing with reverse shell calls and some of them seem to call a lower level socket function directly and I'm not sure how to utilize that. Here is my question:



How do I send binary data directly out of a NIC? Don't care if it is not in a format that is tcp/ip recognizable... I can handle that in scripts. How do I just dump binary straight out of the card? Anyone know?



Dumping binary in bash is a bit tricky and it's making my testing difficult. It is frequently "interpreted" so programs and the shell output itself handles all differently. I can hex dump ascii converted to text and the shell auto-converts back, which can be confusing when you're looking for 1/0 info. (echo "hex" |xxd -r -p) so closest I can get is:



To create hexdump of actual network traffic:



tcpdump -nni eth0 -e -xx -XX > newfile



This file has lots of "metadata", like a description preceding the hex, for example:



20:20:16.122740 80:2a:a8:8e:c4:56 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.1.10.26 tell 10.1.10.1, length 46



Then a test of nic output with wireshark running:



cat newfile | xxd -r -p > /dev/tcp/8.8.8.8/53



but wireshark does strange things. Recognizes broadcast packet ASCII but not what I can see in the "cat newfile | xxd -r -p" data that bash auto converts...



I get this is a pretty big subject.



Any help is appreciated! For all clarity my question is "how can I dump hex data directly out of a nic. Preferably like when doing "echo [whatever] > /dev/tcp/"







share|improve this question
















  • 1




    Read about netcat or dive into socket programming with e.g. Python.
    – yeti
    Mar 16 at 3:21










  • Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
    – dirkt
    Mar 16 at 13:22










  • Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
    – bashCypher
    Mar 19 at 15:53














up vote
0
down vote

favorite
1












I do a lot of fuzzer creation for my job (sending random data to frequently "unknown" old protocols). Sometimes I have to "bit bang" this with a saleae analyzer with a python template that works for me. I'm trying to get some deeper knowledge though. I am comfortable in Bash and with what I do I'm very experienced with sending information directly over a TCP socket



echo "whatever" > /dev/tcp/[ip]/[port]



I've been playing with reverse shell calls and some of them seem to call a lower level socket function directly and I'm not sure how to utilize that. Here is my question:



How do I send binary data directly out of a NIC? Don't care if it is not in a format that is tcp/ip recognizable... I can handle that in scripts. How do I just dump binary straight out of the card? Anyone know?



Dumping binary in bash is a bit tricky and it's making my testing difficult. It is frequently "interpreted" so programs and the shell output itself handles all differently. I can hex dump ascii converted to text and the shell auto-converts back, which can be confusing when you're looking for 1/0 info. (echo "hex" |xxd -r -p) so closest I can get is:



To create hexdump of actual network traffic:



tcpdump -nni eth0 -e -xx -XX > newfile



This file has lots of "metadata", like a description preceding the hex, for example:



20:20:16.122740 80:2a:a8:8e:c4:56 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.1.10.26 tell 10.1.10.1, length 46



Then a test of nic output with wireshark running:



cat newfile | xxd -r -p > /dev/tcp/8.8.8.8/53



but wireshark does strange things. Recognizes broadcast packet ASCII but not what I can see in the "cat newfile | xxd -r -p" data that bash auto converts...



I get this is a pretty big subject.



Any help is appreciated! For all clarity my question is "how can I dump hex data directly out of a nic. Preferably like when doing "echo [whatever] > /dev/tcp/"







share|improve this question
















  • 1




    Read about netcat or dive into socket programming with e.g. Python.
    – yeti
    Mar 16 at 3:21










  • Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
    – dirkt
    Mar 16 at 13:22










  • Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
    – bashCypher
    Mar 19 at 15:53












up vote
0
down vote

favorite
1









up vote
0
down vote

favorite
1






1





I do a lot of fuzzer creation for my job (sending random data to frequently "unknown" old protocols). Sometimes I have to "bit bang" this with a saleae analyzer with a python template that works for me. I'm trying to get some deeper knowledge though. I am comfortable in Bash and with what I do I'm very experienced with sending information directly over a TCP socket



echo "whatever" > /dev/tcp/[ip]/[port]



I've been playing with reverse shell calls and some of them seem to call a lower level socket function directly and I'm not sure how to utilize that. Here is my question:



How do I send binary data directly out of a NIC? Don't care if it is not in a format that is tcp/ip recognizable... I can handle that in scripts. How do I just dump binary straight out of the card? Anyone know?



Dumping binary in bash is a bit tricky and it's making my testing difficult. It is frequently "interpreted" so programs and the shell output itself handles all differently. I can hex dump ascii converted to text and the shell auto-converts back, which can be confusing when you're looking for 1/0 info. (echo "hex" |xxd -r -p) so closest I can get is:



To create hexdump of actual network traffic:



tcpdump -nni eth0 -e -xx -XX > newfile



This file has lots of "metadata", like a description preceding the hex, for example:



20:20:16.122740 80:2a:a8:8e:c4:56 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.1.10.26 tell 10.1.10.1, length 46



Then a test of nic output with wireshark running:



cat newfile | xxd -r -p > /dev/tcp/8.8.8.8/53



but wireshark does strange things. Recognizes broadcast packet ASCII but not what I can see in the "cat newfile | xxd -r -p" data that bash auto converts...



I get this is a pretty big subject.



Any help is appreciated! For all clarity my question is "how can I dump hex data directly out of a nic. Preferably like when doing "echo [whatever] > /dev/tcp/"







share|improve this question












I do a lot of fuzzer creation for my job (sending random data to frequently "unknown" old protocols). Sometimes I have to "bit bang" this with a saleae analyzer with a python template that works for me. I'm trying to get some deeper knowledge though. I am comfortable in Bash and with what I do I'm very experienced with sending information directly over a TCP socket



echo "whatever" > /dev/tcp/[ip]/[port]



I've been playing with reverse shell calls and some of them seem to call a lower level socket function directly and I'm not sure how to utilize that. Here is my question:



How do I send binary data directly out of a NIC? Don't care if it is not in a format that is tcp/ip recognizable... I can handle that in scripts. How do I just dump binary straight out of the card? Anyone know?



Dumping binary in bash is a bit tricky and it's making my testing difficult. It is frequently "interpreted" so programs and the shell output itself handles all differently. I can hex dump ascii converted to text and the shell auto-converts back, which can be confusing when you're looking for 1/0 info. (echo "hex" |xxd -r -p) so closest I can get is:



To create hexdump of actual network traffic:



tcpdump -nni eth0 -e -xx -XX > newfile



This file has lots of "metadata", like a description preceding the hex, for example:



20:20:16.122740 80:2a:a8:8e:c4:56 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.1.10.26 tell 10.1.10.1, length 46



Then a test of nic output with wireshark running:



cat newfile | xxd -r -p > /dev/tcp/8.8.8.8/53



but wireshark does strange things. Recognizes broadcast packet ASCII but not what I can see in the "cat newfile | xxd -r -p" data that bash auto converts...



I get this is a pretty big subject.



Any help is appreciated! For all clarity my question is "how can I dump hex data directly out of a nic. Preferably like when doing "echo [whatever] > /dev/tcp/"









share|improve this question











share|improve this question




share|improve this question










asked Mar 16 at 2:37









bashCypher

1034




1034







  • 1




    Read about netcat or dive into socket programming with e.g. Python.
    – yeti
    Mar 16 at 3:21










  • Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
    – dirkt
    Mar 16 at 13:22










  • Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
    – bashCypher
    Mar 19 at 15:53












  • 1




    Read about netcat or dive into socket programming with e.g. Python.
    – yeti
    Mar 16 at 3:21










  • Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
    – dirkt
    Mar 16 at 13:22










  • Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
    – bashCypher
    Mar 19 at 15:53







1




1




Read about netcat or dive into socket programming with e.g. Python.
– yeti
Mar 16 at 3:21




Read about netcat or dive into socket programming with e.g. Python.
– yeti
Mar 16 at 3:21












Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
– dirkt
Mar 16 at 13:22




Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
– dirkt
Mar 16 at 13:22












Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
– bashCypher
Mar 19 at 15:53




Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
– bashCypher
Mar 19 at 15:53















active

oldest

votes











Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430543%2fpass-binary-directly-through-the-nic-linux%23new-answer', 'question_page');

);

Post as a guest



































active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes










 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430543%2fpass-binary-directly-through-the-nic-linux%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?