Tag Archives: fuzzing

Sending Custom IP Packets

Sometimes during testing, you need to send custom created packets.  This is just a short post for two tools that I recommend:


The Colasoft Packet Builder is a neat GUI tool for Windows that makes packet replay easy.  You can create customized IP packets, or you can simply import a .pcap file and build off of packets that you already captured.

The software is freeware, so anyone can use it.  And don’t worry – it will update those checksums automatically so you don’t have to manually figure it out.




Scapy is an incredibly powerful Python module.  It has a very simple syntax to create custom packets and send them.  Scapy can also act as a listener as well.  The scapy documentation has a number of one liners that can perform scans, fuzzing, ARP poisoning, VLAN hopping, wireless sniffing, etc.

Don’t get overwhelmed just because scapy is not a GUI.  It is really quite easy to use.  Scapy is also already built into Kali Linux.  It can be run on its own scapy shell (just type “scapy” or “python scapy.py”) or imported as a module into python for custom scripting (from scapy.all import *).

Practical examples where I have uses scapy:

  • Fuzz packets to a port to test some new software
  • Inject data into an ICMP packet to test exfiltration through a firewall (scapy sender on one side that base64 encodes the contents of a file, scapy listener on the other side to decode and extract)
  • Testing DNS amplification attacks by sending packets with a spoofed source IP to DNS servers using DNSSEC.

Here is an example of fuzzing a mail server at


Notice how you start by building an IP packet (with destination), then specifying TCP port (with destination).  The fuzz() function will simply put random values anywhere it can if you don’t specify an option.  For example, if we didn’t say dport=25, it would fuzz every port.


As mentioned earlier, you can also just include this in a python script instead:



Good luck!