Spoofing DNS packets using raw sockets:

07 Apr

The environment needed to let the code do its job is something which I am going to discuss in the following section. The following steps are just for testing purpose. C code for packet sniffing and spoofing can be found at my github repository or any online site or yeah code it out 🙂 (You have ample online help)

For sniffing and spoofing packets of another system:

Install a virtual box or VMware. Set up two VM on this. I have installed Ubuntu 14.04 on both the VMs.

Run the VMware from host in root mode to allow certain permissions as following:

$ sudo vmware

Let us call our two VMs as Alice and Bob. Here Alice will play the role of server which will sniff all the packets in its network in promiscuous mode and then spoof them. Bob will act as the victim machine.

Go to Alice machine. Change Alice in promiscuous mode by running the following command on terminal

$ sudo ip link set eth0 promisc on

Check if it is in promiscuous mode by typing following command:

1. $netstat -i

Kernel Interface table
eth0 1500 0 3687 0 0 0 2924 0 0 0 BMPRU
lo 65536 0 849 0 0 0 849 0 0 0 LRU

I have italicised and made letter ‘P’ bold in “BMPRU” to show that promiscuous mode is on. So now Alice can see all the traffic travelling through the virtual switch.

Now, just run the packet sniffing and spoofing code on Alice.

$gcc <filename> <actual-IP-searched> <spoofed-IP> or

$gcc <filename> <all[all-the-website-searched]> <spoofed-IP [all-website-search-will-result-in-this-IP]>


Switch to victim machine named Bob. Open a browser and google for some site. Hopefully if the code running at Alice is correct, the search done at Bob wont get you the correct webpage. Instead it will redirect it to a website Alice wants (if the code at Alice works that way.).

In case it takes way to long to load the redirected webpage which Alice’s code is intending to redirect to on Bob machine do following steps to check if the packet spoofing was successful:

1. Open terminal on Bob machine.

2. Type command $dig <the-website-searched>

3. If the I.P address Alice’s code is trying to redirect to is found towards the end of the result of the above command then that means packet spoofing has happened just that the browser is unable to load that particular site.


Leave a comment

Posted by on April 7, 2017 in Uncategorized


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: