TCP/IP packets – Introduction

Welcome to this tutorial series on working with raw TCP/IP packets. No matter where in the Infosec or IT industry you are working, knowledge on TCP/IP is key for a solid understanding of our current networks. This series is about basic low-level networking and learning on how to manually create network packets by hand, without the need of any advanced tools.

In case you are very familiar with the TCP/IP network layer, protocols and three-way handshake you can skip the first part and dive directly into the analysis of raw TCP/IP packets. However, I would recommend to at least have a short look into the recap on network layers and protocols to refresh your knowledge.

This series consists out of the following parts:

  1. Recap on network layers and protocols
  2. Analysis of a raw TCP/IP packet
  3. Manually create and send raw TCP/IP packets
  4. Creating a SYN port scanner


To follow along the examples the only thing you going to need is an easy setup as shown below.

Tools you might need:

  • Text editor ?
  • Packet analyzer (e.g. Wireshark)
  • Python
  • Two hosts

My example setup:

  • Two virtual machines in the same network:
    • Kali Linux ?Client Host?:
      • Wireshark installed
    • Ubuntu ?Server Host?: