Packet injection (also known as forgingpackets or spoofing packets) incomputer networking, is the process of interfering with an establishednetwork connection by means of constructing packets to appear as if they are part of the normal communication stream. Thepacket injection process allows an unknown third party to disrupt or intercept packets from the consenting parties that are communicating, which can lead to degradation or blockage of users' ability to utilize certainnetwork services orprotocols. Packet injection is commonly used inman-in-the-middle attacks anddenial-of-service attacks.

By utilizingraw sockets,NDIS function calls, or direct access to anetwork adapterkernel mode driver, arbitrary packets can be constructed and injected into acomputer network. These arbitrary packets can be constructed from any type of packetprotocol (ICMP,TCP,UDP, and others) since there is full control over thepacket header while the packet is being assembled.

• Create araw socket
• Create anEthernet header in memory
• Create anIP header in memory
• Create aTCP header orUDP header in memory
• Create the injected data in memory
• Assemble (concatenate) the headers and data together to form an injection packet
• Compute the correct IP andTCP orUDP packetchecksums
• Send the packet to the raw socket

Packet injection has been used for:

• Disrupting certain services (file sharing orHTTP) byInternet service providers andwireless access points^[1][2]
• Compromisingwireless access points and circumventing their security
• Exploiting certain functionality in online games
• Determining the presence ofinternet censorship
• Allows for custom packet designers to test their custom packets by directly placing them onto acomputer network
• Simulation of specificnetwork traffic and scenarios
• Testing ofnetwork firewalls andintrusion detection systems
• Computer network auditing and troubleshootingcomputer network related issues

Through the process of running apacket analyzer orpacket sniffer on bothnetwork service access points trying to establish communication, the results can be compared. If point A has no record of sending certain packets that show up in the log at point B, and vice versa, then the packet log inconsistencies show that those packets have been forged and injected by an intermediaryaccess point. UsuallyTCP resets are sent to bothaccess points to disrupt communication.^[2][3][4]

• lorcon, part ofAirpwn
• KisMAC
• pcap
• Winsock
• CommView for WiFi Packet Generator
• Scapy
• Preinstalled software onKali Linux (BackTrack was the predecessor)
• NetHunter (Kali Linux for Android)
• HexInject

• Packet capture
• Packet generation model
• Raw socket
• Packet crafting
• Packet sniffer

• Packet Injection using raw sockets

• Packets (information technology)