2

Fuzz testing tools generate malformed packets of protocols. Do they use their own TCP/IP stack to generate these malformed packets? Does the operating system's TCP/IP stack play any role in Fuzz testing? I am working on a MPLS Fuzz testing tool running on Windows 7 OS. The tool is testing a MPLS stack on a Linux machine. Does my test tool use the windows stack? I was told that windows does not support MPLS but the test tool works just fine.

Jay
  • 99
  • 2
  • 18
  • 1
    Why do you ask? This is not a very clear question. (Besides, if it didn't use the OS's TCP/IP stack, what would it use?) – nneonneo Jun 08 '15 at 05:20
  • How does the testing tool generate malformed packet headers using OS's TCP/IP stack? – Jay Jun 08 '15 at 05:22
  • Usually you'd only send malformed packets to test another TCP stack, which is uncommon. Normal fuzzing tools attack the applications that use TCP, for which generating malformed TCP packets is unnecessary. – nneonneo Jun 08 '15 at 05:25
  • I am working on a MPLS Fuzz testing tool running on Windows 7 OS. The tool is testing a MPLS stack on a Linux machine. Does my test tool use the windows stack? I was told that windows does not support MPLS but the test tool works just fine. – Jay Jun 08 '15 at 05:28

1 Answers1

5

Any tool that doesn't rely on kernel modifications will have to go through the OS's networking stack. This doesn't mean that they necessarily have to use the networking stack's TCP/IP support: many OSes support APIs like SOCK_RAW+IP_HDRINCL (Windows, BSD, OS X)/PF_PACKET (Linux) which lets you build your own packets (which do not have to be TCP, or even IP).

This means that userspace tools are free to bypass the TCP/IP handling in the OS and roll their own packets so long as the OS provides the necessary support (and most major ones do).

nneonneo
  • 171,345
  • 36
  • 312
  • 383
  • Just pointing out that using `PF_PACKET` on Linux requires superuser rights or the `CAP_NET_RAW` executable capability, which you can only set with superuser rights or the `CAP_SETFCAP` capability – notice a pattern here? Likewise, on Windows, it requires administrative privileges. Shouldn't be much of a surprise. – Arne Vogel Jun 06 '18 at 12:29