Pass binary directly through the nic linux
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I do a lot of fuzzer creation for my job (sending random data to frequently "unknown" old protocols). Sometimes I have to "bit bang" this with a saleae analyzer with a python template that works for me. I'm trying to get some deeper knowledge though. I am comfortable in Bash and with what I do I'm very experienced with sending information directly over a TCP socket
echo "whatever" > /dev/tcp/[ip]/[port]
I've been playing with reverse shell calls and some of them seem to call a lower level socket function directly and I'm not sure how to utilize that. Here is my question:
How do I send binary data directly out of a NIC? Don't care if it is not in a format that is tcp/ip recognizable... I can handle that in scripts. How do I just dump binary straight out of the card? Anyone know?
Dumping binary in bash is a bit tricky and it's making my testing difficult. It is frequently "interpreted" so programs and the shell output itself handles all differently. I can hex dump ascii converted to text and the shell auto-converts back, which can be confusing when you're looking for 1/0 info. (echo "hex" |xxd -r -p) so closest I can get is:
To create hexdump of actual network traffic:
tcpdump -nni eth0 -e -xx -XX > newfile
This file has lots of "metadata", like a description preceding the hex, for example:
20:20:16.122740 80:2a:a8:8e:c4:56 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.1.10.26 tell 10.1.10.1, length 46
Then a test of nic output with wireshark running:
cat newfile | xxd -r -p > /dev/tcp/8.8.8.8/53
but wireshark does strange things. Recognizes broadcast packet ASCII but not what I can see in the "cat newfile | xxd -r -p" data that bash auto converts...
I get this is a pretty big subject.
Any help is appreciated! For all clarity my question is "how can I dump hex data directly out of a nic. Preferably like when doing "echo [whatever] > /dev/tcp/"
linux shell networking
add a comment |Â
up vote
0
down vote
favorite
I do a lot of fuzzer creation for my job (sending random data to frequently "unknown" old protocols). Sometimes I have to "bit bang" this with a saleae analyzer with a python template that works for me. I'm trying to get some deeper knowledge though. I am comfortable in Bash and with what I do I'm very experienced with sending information directly over a TCP socket
echo "whatever" > /dev/tcp/[ip]/[port]
I've been playing with reverse shell calls and some of them seem to call a lower level socket function directly and I'm not sure how to utilize that. Here is my question:
How do I send binary data directly out of a NIC? Don't care if it is not in a format that is tcp/ip recognizable... I can handle that in scripts. How do I just dump binary straight out of the card? Anyone know?
Dumping binary in bash is a bit tricky and it's making my testing difficult. It is frequently "interpreted" so programs and the shell output itself handles all differently. I can hex dump ascii converted to text and the shell auto-converts back, which can be confusing when you're looking for 1/0 info. (echo "hex" |xxd -r -p) so closest I can get is:
To create hexdump of actual network traffic:
tcpdump -nni eth0 -e -xx -XX > newfile
This file has lots of "metadata", like a description preceding the hex, for example:
20:20:16.122740 80:2a:a8:8e:c4:56 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.1.10.26 tell 10.1.10.1, length 46
Then a test of nic output with wireshark running:
cat newfile | xxd -r -p > /dev/tcp/8.8.8.8/53
but wireshark does strange things. Recognizes broadcast packet ASCII but not what I can see in the "cat newfile | xxd -r -p" data that bash auto converts...
I get this is a pretty big subject.
Any help is appreciated! For all clarity my question is "how can I dump hex data directly out of a nic. Preferably like when doing "echo [whatever] > /dev/tcp/"
linux shell networking
1
Read aboutnetcat
or dive into socket programming with e.g. Python.
â yeti
Mar 16 at 3:21
Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
â dirkt
Mar 16 at 13:22
Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
â bashCypher
Mar 19 at 15:53
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I do a lot of fuzzer creation for my job (sending random data to frequently "unknown" old protocols). Sometimes I have to "bit bang" this with a saleae analyzer with a python template that works for me. I'm trying to get some deeper knowledge though. I am comfortable in Bash and with what I do I'm very experienced with sending information directly over a TCP socket
echo "whatever" > /dev/tcp/[ip]/[port]
I've been playing with reverse shell calls and some of them seem to call a lower level socket function directly and I'm not sure how to utilize that. Here is my question:
How do I send binary data directly out of a NIC? Don't care if it is not in a format that is tcp/ip recognizable... I can handle that in scripts. How do I just dump binary straight out of the card? Anyone know?
Dumping binary in bash is a bit tricky and it's making my testing difficult. It is frequently "interpreted" so programs and the shell output itself handles all differently. I can hex dump ascii converted to text and the shell auto-converts back, which can be confusing when you're looking for 1/0 info. (echo "hex" |xxd -r -p) so closest I can get is:
To create hexdump of actual network traffic:
tcpdump -nni eth0 -e -xx -XX > newfile
This file has lots of "metadata", like a description preceding the hex, for example:
20:20:16.122740 80:2a:a8:8e:c4:56 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.1.10.26 tell 10.1.10.1, length 46
Then a test of nic output with wireshark running:
cat newfile | xxd -r -p > /dev/tcp/8.8.8.8/53
but wireshark does strange things. Recognizes broadcast packet ASCII but not what I can see in the "cat newfile | xxd -r -p" data that bash auto converts...
I get this is a pretty big subject.
Any help is appreciated! For all clarity my question is "how can I dump hex data directly out of a nic. Preferably like when doing "echo [whatever] > /dev/tcp/"
linux shell networking
I do a lot of fuzzer creation for my job (sending random data to frequently "unknown" old protocols). Sometimes I have to "bit bang" this with a saleae analyzer with a python template that works for me. I'm trying to get some deeper knowledge though. I am comfortable in Bash and with what I do I'm very experienced with sending information directly over a TCP socket
echo "whatever" > /dev/tcp/[ip]/[port]
I've been playing with reverse shell calls and some of them seem to call a lower level socket function directly and I'm not sure how to utilize that. Here is my question:
How do I send binary data directly out of a NIC? Don't care if it is not in a format that is tcp/ip recognizable... I can handle that in scripts. How do I just dump binary straight out of the card? Anyone know?
Dumping binary in bash is a bit tricky and it's making my testing difficult. It is frequently "interpreted" so programs and the shell output itself handles all differently. I can hex dump ascii converted to text and the shell auto-converts back, which can be confusing when you're looking for 1/0 info. (echo "hex" |xxd -r -p) so closest I can get is:
To create hexdump of actual network traffic:
tcpdump -nni eth0 -e -xx -XX > newfile
This file has lots of "metadata", like a description preceding the hex, for example:
20:20:16.122740 80:2a:a8:8e:c4:56 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.1.10.26 tell 10.1.10.1, length 46
Then a test of nic output with wireshark running:
cat newfile | xxd -r -p > /dev/tcp/8.8.8.8/53
but wireshark does strange things. Recognizes broadcast packet ASCII but not what I can see in the "cat newfile | xxd -r -p" data that bash auto converts...
I get this is a pretty big subject.
Any help is appreciated! For all clarity my question is "how can I dump hex data directly out of a nic. Preferably like when doing "echo [whatever] > /dev/tcp/"
linux shell networking
asked Mar 16 at 2:37
bashCypher
1034
1034
1
Read aboutnetcat
or dive into socket programming with e.g. Python.
â yeti
Mar 16 at 3:21
Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
â dirkt
Mar 16 at 13:22
Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
â bashCypher
Mar 19 at 15:53
add a comment |Â
1
Read aboutnetcat
or dive into socket programming with e.g. Python.
â yeti
Mar 16 at 3:21
Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
â dirkt
Mar 16 at 13:22
Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
â bashCypher
Mar 19 at 15:53
1
1
Read about
netcat
or dive into socket programming with e.g. Python.â yeti
Mar 16 at 3:21
Read about
netcat
or dive into socket programming with e.g. Python.â yeti
Mar 16 at 3:21
Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
â dirkt
Mar 16 at 13:22
Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
â dirkt
Mar 16 at 13:22
Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
â bashCypher
Mar 19 at 15:53
Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
â bashCypher
Mar 19 at 15:53
add a comment |Â
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430543%2fpass-binary-directly-through-the-nic-linux%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
Read about
netcat
or dive into socket programming with e.g. Python.â yeti
Mar 16 at 3:21
Google "packet injection tool linux", or "raw sockets" (Level 3) or "packet sockets" (Level 2) if you want to write one yourself. Note that whatever "strange things" wireshark shows, it shows them for a reason...
â dirkt
Mar 16 at 13:22
Yeah, the "strange things" are a DNS packet with 1400 bytes of extra data that W.S. doesn't know what to do with and just jams it at the end of the packet. So there is no reference to that data except in the hex code. Make sense as I'm not using the protocols as intended, but is strange.
â bashCypher
Mar 19 at 15:53