Sniffing & Spoofingpacketinjectorsniffernetworkrawhexadecimalpcap

HexInject

HexInject is a versatile command-line packet injector and sniffer for raw network access. It facilitates creating shell scripts to read, intercept, and modify network traffic transparently.

Description

HexInject provides a framework for direct raw network packet manipulation through hexadecimal input or raw mode. It works seamlessly with other command-line utilities, enabling powerful automation scripts for network traffic analysis and modification. The tool supports both sniffing incoming packets and injecting custom packets onto the network.

Use cases include network debugging, protocol testing, traffic interception, and crafting specific packet sequences for security testing. It displays captured packets in hexadecimal format for easy inspection and modification before reinjection.

The package includes companion tools like hex2raw for hex-to-raw conversion, prettypacket for packet disassembly, and packets.tcl for generating complex packets using an APD-like description format.

How It Works

HexInject operates at the raw socket level, capturing packets via libpcap in sniff mode (-s) or injecting user-supplied hexadecimal/raw data in inject mode (-p). It supports pcap filters (-f), device selection (-i), and options to disable automatic checksum (-C) or size field calculation (-S). Packets are processed through Ethernet/IP/UDP/TCP/ICMP/ARP layers with manual header crafting. Companion tools handle conversion (hex2raw), pretty-printing (prettypacket), and declarative packet generation (packets.tcl using APD syntax).

Installation

bash

sudo apt install hexinject

Flags

-ssniff mode

-pinject mode

-rraw mode (instead of the default hexadecimal mode)

-f <filter>custom pcap filter

-i <device>network device to use

-F <file>pcap file to use as device (sniff mode only)

-c <count>number of packets to capture

-t <time>sleep time in microseconds (default 100)

-Cdisable automatic packet checksum

-Sdisable automatic packet size fields

-Pdisable promiscuous mode

-Mput the wireless interface in monitor mode (experimental: use airmon-ng instead)

-hhelp screen

Examples

Start in sniffing mode through the eth0 interface, displaying captured packets in hexadecimal format

hexinject -s -i eth0

Convert hexadecimal strings from stdin to raw binary data on stdout

hex2raw

Print an example of a UDP packet to show its structure

prettypacket -x udp

Show help for hex2raw tool

hex2raw -h

Show help for prettypacket tool

prettypacket -h

Generate a complex binary packet using APD description and save to packet-out file

packets.tcl 'ethernet(dst=ff:ff:ff:ff:ee:ee,src=aa:aa:ee:ff:ff:ff,type=0x0800)+ip(ihl=5,ver=4,tos=0xc0,totlen=58,id=62912,fragoff=0,mf=0,df=0,rf=0,ttl=64,proto=1,cksum=0xe500,saddr=192.168.1.7,daddr=192.168.1.6)+icmp(type=3,code=3,unused=0)+data(str=aaaa)+udp(sport=33169,dport=10,len=10,cksum=0x94d6)+data(str=aaaa)+arp(htype=ethernet,ptype=ip,hsize=6,psize=4,op=request,shard=00:11:22:33:44:55,sproto=192.168.1.1,thard=22:22:22:22:22:22,tproto=10.0.0.1)' > packet-out

Show help for packets.tcl tool

packets.tcl -h

Updated 2026-04-16kali.org ↗