IP Spoof

IP Tools Snifer (Erwan L)

IP Spoof


  1. TCP/UDP Spoof


Here, you can forge TCP or UDP packets.

Will work with RAW sockets, WINPcap, NDIS.

In WINPcap and NDIS mode, the MAC source address will be the sending computer’s one.

XP SP2 will not send forged packets with RAW sockets.



  1. ICMP


Here you can forge ICMP Packets : Echo, Redirect, Mask, Timestamp request, Information request.


Echo can be use to guess the remote host operating system (playing with the code bit).


Redirect can be used to modify the route table on the remote host.


One possible attack

Network looks like this:

Router is

You are

Victim is

Remote host is


Send an ICMP redirect like this :  source =, victim is, new gateway for remote host is

This way, next time wants to reach, it will send packet to (you).



  1. TCP Reset


You can reset a remote connection on a remote host.

Meaning you can reset a connection between host A and host B being host C.

IP tools will send spoof TCP reset frames with a SEQ number from 0 to FF FF FF FF with a step of Window Size.


If you can guess a TCP Seq number close enough (within the window size), then you can reset a remote connection on a remote host.

You also have to guess the client TCP port (> 1024).



  1. NBT Name Service


You can send false windows host announcement (UDP / 138).

The browser list will then display false informations.



  1. DCHP Release


You can send a false DHCP release packet to a DHCP server.

The server will then free the IP and offer it to somebody else.

This could create IP collision.