Both the paqet client and server require detailed network configuration to craft and inject raw TCP packets. This guide explains how to gather the necessary information for your platform.
You need to collect three pieces of information:
- Network Interface Name - The name of your network adapter
- Local IP Address - Your machine’s IP address on the local network
- Gateway MAC Address - The MAC address of your router/gateway
Finding Network Interface Name
Use the ip a command to list all network interfaces:Example output:1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0
3: wlan0: <BROADCAST,MULTICAST> mtu 1500
eth0, eth1 - Ethernet interfacesens3, ens5 - Predictable network interface nameswlan0, wlan1 - Wireless interfaces
In the example above, the active interface is eth0. Use the ifconfig command to list all network interfaces:Example output:lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
en0 - Primary Ethernet or Wi-Fien1 - Secondary network interfacebridge0 - Network bridge
In the example above, the active interface is en0. Use ipconfig /all to list network adapters:Example output:Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 192.168.1.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Ethernet - Wired Ethernet connectionWi-Fi - Wireless connectionEthernet 2 - Additional network adapters
Get Interface GUID:Windows requires the Npcap device GUID. In PowerShell:Get-NetAdapter | Select-Object Name, InterfaceGuid
Name InterfaceGuid
---- -------------
Ethernet {12345678-1234-1234-1234-123456789ABC}
Wi-Fi {ABCDEFAB-ABCD-ABCD-ABCD-ABCDEFABCDEF}
\Device\NPF_{12345678-1234-1234-1234-123456789ABC}
network.guid configuration. Finding Local IP Address
Your local IP address is shown alongside your network interface:
Look for the line starting with inet:inet 192.168.1.100/24 brd 192.168.1.255 scope global eth0
192.168.1.100. ifconfig en0 | grep "inet "
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
192.168.1.100.Look for IPv4 Address under your active adapter:IPv4 Address. . . . . . . . . . . : 192.168.1.100
192.168.1.100. Finding Gateway IP Address
The gateway is your router’s IP address on the local network:
Example output:default via 192.168.1.1 dev eth0 proto dhcp metric 100
192.168.1.1. netstat -rn | grep default
default 192.168.1.1 UGSc en0
192.168.1.1.Look for Default Gateway under your active adapter:Default Gateway . . . . . . . . . : 192.168.1.1
192.168.1.1. Finding Gateway MAC Address
The gateway MAC address is required for crafting raw Ethernet frames:
Use the arp command with your gateway IP:Example output:Address HWtype HWaddress Flags Mask Iface
192.168.1.1 ether a0:b1:c2:d3:e4:f5 C eth0
a0:b1:c2:d3:e4:f5.If the MAC address shows as (incomplete), ping the gateway first:ping -c 1 192.168.1.1
arp -n 192.168.1.1
Use the arp command with your gateway IP:Example output:192.168.1.1 (192.168.1.1) at a0:b1:c2:d3:e4:f5 on en0 ifscope [ethernet]
a0:b1:c2:d3:e4:f5.If the MAC address shows as (incomplete), ping the gateway first:ping -c 1 192.168.1.1
arp -n 192.168.1.1
Use the arp command with your gateway IP:Example output:Interface: 192.168.1.100 --- 0xb
Internet Address Physical Address Type
192.168.1.1 a0-b1-c2-d3-e4-f5 dynamic
a0-b1-c2-d3-e4-f5.Format with colons for the config file: a0:b1:c2:d3:e4:f5 TCP Flag Cycling
paqet allows you to customize the TCP flags used in crafted packets to vary traffic patterns and potentially evade detection.
What are TCP Flags?
TCP flags are control bits in TCP headers that indicate the purpose or state of a packet:
- S (SYN) - Synchronize, initiates a connection
- A (ACK) - Acknowledgment of received data
- P (PSH) - Push, tells receiver to process data immediately
- F (FIN) - Finish, closes a connection
- R (RST) - Reset, aborts a connection
- U (URG) - Urgent data pointer is valid
Flag Configuration
You can configure TCP flags in your config file:
network:
tcp:
local_flag: ["PA"] # Flags for outgoing packets
remote_flag: ["PA"] # Flags for incoming packets (client only)
Common Flag Patterns
["PA"] - Push + Acknowledgment (standard data transfer, default)["S"] - SYN flag (mimics connection setup)["A"] - ACK flag (acknowledgment only)["SA"] - SYN + ACK (mimics connection response)
Flag Cycling
When you provide multiple flag patterns in an array, paqet cycles through them:
network:
tcp:
local_flag: ["PA", "A", "S"]
- First packet: Push + Acknowledgment
- Second packet: Acknowledgment
- Third packet: SYN
- Fourth packet: Push + Acknowledgment (cycle repeats)
This variability can help evade simple pattern-based detection systems.
Unusual flag combinations may be detected or blocked by sophisticated firewalls. The default ["PA"] pattern mimics normal TCP data transfer and is recommended for most use cases.
Configuration Example
Here’s a complete network configuration example:
network:
interface: "eth0" # Your interface name
ipv4:
addr: "192.168.1.100:0" # Your local IP (client uses :0)
router_mac: "a0:b1:c2:d3:e4:f5" # Your gateway MAC
tcp:
local_flag: ["PA"] # TCP flags for outgoing packets
remote_flag: ["PA"] # TCP flags for incoming packets
network:
interface: "Ethernet" # Adapter name
guid: "\\Device\\NPF_{12345678-1234-1234-1234-123456789ABC}" # Npcap GUID
ipv4:
addr: "192.168.1.100:0" # Your local IP
router_mac: "a0:b1:c2:d3:e4:f5" # Your gateway MAC
tcp:
local_flag: ["PA"]
remote_flag: ["PA"]
For clients, always use port 0 in network.ipv4.addr for automatic port assignment. For servers, use the same port as in listen.addr.
Next Steps