Question

Given that I'm on a local network, if I can capture a ICMP echo request packet, and considering that I want to spoof a echo reply, what part of the original packet would I need to change supposing I make a copy of the original before i send it back? I'm guessing the IP header would need to change, (the destination IP of the original would become the source, and vice versa) as well as the ICMP header (the type would need to change to ECHO_REPLYPACKET). But besides those 2 are there any others?

Was it helpful?

Solution

Quoting RFC 792 :

Echo or Echo Reply Message

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |     Code      |          Checksum             |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|           Identifier          |        Sequence Number        |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Data ...
+-+-+-+-+-

To form an echo reply message, the source and destination addresses are simply reversed, the type code changed to 0, and the checksum recomputed.

Identifier and Sequence Number must be 0 as well.

RFC 1071 shows you how to calculate the Checksum

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top