Hello, I have a simple SSL/TLS header reader inside a WFP callout driver and I just realised that in theory the SSL/TLS headers could became fragmented on the TCP level, as in having multiple TCP packets. So my question is whether there any tools to test TCP fragmentation ? Or more specifically SSL/TLS header fragmentation (which could be done by limiting packet size to some small number like 32 bytes). Or do I have to write my own TLS/SSL handshake implementation just to test this?
For a test setup, if you have any Cisco router, you can use the ‘ip tcp adjust-mss’ command to set this to an artificially low value. And many NIC drivers allow adjusting the MTU via registry parameters. But there is a limit. The IPv4 protocol requires that all hosts are able to process packets of a minimum size. IIRC 530 bytes or something like that. Probably even this small size won’t force the fragmentation that you want to test for.
Of course a malicious user can craft smaller packets. And to test this scenario, you need to do that too. There might be a tool that can do it for you, but it’s not too hard to use wireshark or another packet capture tool to analyze a standard negotiation sequence and then make a simple UM program that uses raw sockets to send your specially crafted fragments. remember the negotiation doesn’t need to work. it just needs to work enough to send the input needed to test your code
Thanks for the info. So manually fragmenting is the best way
I don’t wear black, white or polkadot ‘hats’, so there may well be tools available to do this, but when I have done this before, I created test programs that used raw sockets and sent chunks of binary data designed to test edge cases in the state machine