Good afternoon, dear.

Help to deal with the contents of TCP / IP packets. The fact is that packages collected in different ways do have different contents, but in theory they should be similar. After a successful build, in both cases, the packets are sent to the network (from the laptop to the nearest router) using Packet32.lib (from Qt). The fact of the difference is established by my own modest utility, which parses all incoming / outgoing packets from the network interface card of the selected interface. I also wrote a small parser for following the instructions of the assembled packages, the log of which will be attached later.

* I apologize in advance for the insufficiently beautiful code. At first, I want everything to work there, and then beauty. Well, the abundance of tried me contributed.

This is how I collect a package not by instructions, but by inspiration:

unsigned char* Packet::u_charPacket() { unsigned char *packetbuff = new unsigned char[1024]; /* Fill the rest of the packet */ for(int i = 0; i < 1024; i++) packetbuff[i] = i%256; //destinations mac-adress packetbuff[0] = 0x74; packetbuff[1] = 0xEA; packetbuff[2] = 0x3A; packetbuff[3] = 0xD7; packetbuff[4] = 0x84; packetbuff[5] = 0x12; //source mac-adress packetbuff[6] = 0x00; packetbuff[7] = 0x16; packetbuff[8] = 0x17; packetbuff[9] = 0xD8; packetbuff[10] = 0x76; packetbuff[11] = 0x53; // Длина, либо тип кадра. В нашем случае – это тип кадра. Кадр Ethernet II. packetbuff[12]=0x08; packetbuff[13]=0x00; // ПОРТ ОТПРАВИТЕЛЯ packetbuff[14]=0x00; packetbuff[15]=0xFF; // ПОРТ ПОЛУЧАТЕЛЯ packetbuff[16]=0x3A; packetbuff[17]=0xCB; // Размер аппаратного адреса. Размер адреса в байтах, содержащегося в полях аппаратного адреса // отправителя и аппаратного адреса назначения. Размер аппаратных адресов Ethernet равен 6. packetbuff[18]=0x06; // Размер адреса протокола. Указывает размер адресов протокола в байтах, размещенных в полях // адреса протокола отправителя и адреса протокола назначения. IP-адреса всегда состоят из 4 байтов. packetbuff[19]=0x04; // Код операции. Описывает тип сообщения, переносимого пакетом. Допустимые варианты перечисляются ниже. // 1 - ARP Request (ARP-запрос). 2 - ARP Reply (ARP-ответ). // 3 - RARP Request (RARP-запрос). 4 - RARP Reply (RARP-ответ). packetbuff[20]=0x00; packetbuff[21]=0x01; // Аппаратный адрес отправителя. Длина определяется значением поля размера аппаратного адреса. // Содержит аппаратный (то есть Ethernet) адрес системы, посылающей сообщение, как в случае // запроса (request), так и в случае ответа (reply). packetbuff[22]=packetbuff[6]; packetbuff[23]=packetbuff[7]; packetbuff[24]=packetbuff[8]; packetbuff[25]=packetbuff[9]; packetbuff[26]=packetbuff[10]; packetbuff[27]=packetbuff[11]; // Адрес протокола отправителя. Длина определяется значением поля размера адреса протокола. // Представляет собой адрес по протоколу (то есть IP) системы, посылающей сообщение, как в случае // запроса (request), так и в случае ответа (reply). packetbuff[28]=0x01; packetbuff[29]=0x64; // IP-АДРЕС ОТПРАВИТЕЛЯ packetbuff[30]=0xC0; packetbuff[31]=0xA8; packetbuff[32]=0x01; packetbuff[33]=0x01; packetbuff[34]=0x00; packetbuff[35]=0x00; packetbuff[36]=0x00; packetbuff[37]=0x00; // IP-АДРЕС ПОЛУЧАТЕЛЯ packetbuff[38]=0xC0; packetbuff[39]=0xA8; packetbuff[40]=0x01; packetbuff[41]=0x01; return packetbuff; }

In short, I send it like this:

 ... if ((lpPacket = PacketAllocatePacket()) == NULL) { printf("\nError:failed to allocate the LPPACKET structure."); getchar(); exit(1); } ... unsigned char *packet; packet = u_charPacket(); //unsigned char packet[1024]; //constructPacket(packet); ... PacketInitPacket(lpPacket, packet, sizeof(packet)); ... if(PacketSetNumWrites(lpAdapter,npacks)==FALSE) printf("Warning: Unable to send more than one packet in a single write!\n"); ... if(PacketSendPacket(lpAdapter,lpPacket,TRUE)==FALSE) { printf("Error sending the packets!\n"); getchar(); exit(1); } ...

At the exit we have:

 14:06:44,028614 len:1024 192.168.1.100:255 -> 192.168.1.1:15051 10717320

It turns out like this:

 //Выводим время захвата пакета, время поступления кадра, длину данного пакета printf("%s,%.6d len:%d\n", timestr, header->ts.tv_usec, header->len); ... /* print ip addresses and ports */ printf("%d.%d.%d.%d:%d -> %d.%d.%d.%d:%d\n", ih->saddr.byte1, ih->saddr.byte2, ih->saddr.byte3, ih->saddr.byte4, sport, ih->daddr.byte1, ih->daddr.byte2, ih->daddr.byte3, ih->daddr.byte4, dport); printf("%d\n", pkt_data);

All as intended. And then I will show how I collect the package according to the instructions:

 void Packet::constructPacket(unsigned char* packet) { eth_header *ethhdr; ip_header *iphdr; tcp_header *tcphdr; p_header pseudo_header; char *dump = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; DeviceInfo devInfo = getAdapterInfo(chosenDevice); printMacAddress(devInfo.PhysicalAddress); // ******************* Ethernet Header ***************** ethhdr = (peth_header)packet; memcpy(ethhdr->src, devInfo.PhysicalAddress , 6); //Source Mac address memcpy(ethhdr->dst, devInfo.GatewayPhysicalAddress, 6); //Destination MAC address ethhdr->type = htons(0x0800); //IP Frames // ******************* IP Header ***************** iphdr = (pip_header)(packet + sizeof(eth_header)); iphdr->ip_version = 4; iphdr->ip_header_len = 5; //In double words thats 4 bytes iphdr->ip_tos = 0; iphdr->ip_total_length = htons (sizeof(ip_header) + sizeof(tcp_header) + strlen(dump)); iphdr->ip_id = htons(2); iphdr->ip_frag_offset = 0; iphdr->ip_reserved_zero=0; iphdr->ip_dont_fragment=1; iphdr->ip_more_fragment=0; iphdr->ip_frag_offset1 = 0; iphdr->ip_ttl = 64; iphdr->ip_protocol = IPPROTO_TCP; iphdr->ip_srcaddr = devInfo.IP; iphdr->ip_destaddr = inet_addr("192.168.1.1"); iphdr->ip_checksum =0; iphdr->ip_checksum = in_checksum((unsigned short*)iphdr, sizeof(ip_header)); // ******************* TCP Header ***************** tcphdr = (ptcp_header)(packet + sizeof(eth_header) + sizeof(ip_header)); tcphdr->source_port = htons( 255 ); tcphdr->dest_port = htons(15051); tcphdr->sequence=0; tcphdr->acknowledge=0; tcphdr->reserved_part1=0; tcphdr->data_offset=5; tcphdr->fin=0; tcphdr->syn=1; tcphdr->rst=0; tcphdr->psh=0; tcphdr->ack=0; tcphdr->urg=0; tcphdr->ecn=0; tcphdr->cwr=0; tcphdr->window = htons(64240); tcphdr->checksum=0; //tcphdr->checksum = in_checksum((unsigned short*)tcphdr, sizeof(tcp_header)); tcphdr->urgent_pointer = 0; // ******************* Data Dump ***************** char *data = (char*)(packet + sizeof(eth_header) + sizeof(ip_header) + sizeof(tcp_header)); strcpy(data,dump); // ******************* Checksum calculation ***************** pseudo_header.source_address = devInfo.IP; pseudo_header.dest_address = inet_addr("192.168.1.1"); pseudo_header.placeholder = 0; pseudo_header.protocol = IPPROTO_TCP; pseudo_header.tcp_length = htons(sizeof(tcp_header) + strlen(dump)); memcpy(&pseudo_header.tcp , tcphdr , sizeof tcp_header); unsigned char *seudo; seudo = new unsigned char(sizeof(p_header) + strlen(dump)); memcpy(seudo, &pseudo_header, sizeof p_header); memcpy(seudo + sizeof(p_header), data, strlen(dump)); tcphdr->checksum = in_checksum((unsigned short*)seudo, sizeof(p_header) + strlen(dump)); }

The result does not agree with the expected. At the exit we have:

 15:02:17,655748 len:1024 58.0.40.126:0 -> 174.119.0.0:0 7107620

And here you can look at the contents of the package that has not yet been sent:

 ***********************TCP Packet************************* Ethernet Header |-Destination Address : 74-EA-3A-D7-84-12 |-Source Address : 00-16-17-D8-76-53 |-Protocol : 0x0800 IP Header |-IP Version : 4 |-IP Header Length : 5 DWORDS or 20 Bytes |-Type Of Service : 0 |-IP Total Length : 66 Bytes(Size of Packet) |-Identification : 2 |-Reserved ZERO Field : 0 |-Dont Fragment Field : 1 |-More Fragment Field : 0 |-TTL : 64 |-Protocol : 6 |-Checksum : 46846 |-Source IP : 192.168.1.100 |-Destination IP : 192.168.1.1 TCP Header |-Source Port : 255 |-Destination Port : 15051 |-Sequence Number : 0 |-Acknowledge Number : 0 |-Header Length : 5 DWORDS or 20 BYTES |-CWR Flag : 0 |-ECN Flag : 0 |-Urgent Flag : 0 |-Acknowledgement Flag : 0 |-Push Flag : 0 |-Reset Flag : 0 |-Synchronise Flag : 1 |-Finish Flag : 0 |-Window : 64240 |-Checksum : 2142 |-Urgent Pointer : 0 DATA Dump IP Header 45 00 00 42 00 02 40 00 40 06 b6 fe c0 a8 01 64 E..B..@.@......d c0 a8 01 01 .... TCP Header 00 ff 3a cb 00 00 00 00 00 00 00 00 50 02 fa f0 ..:.........P... 08 5e 00 00 .^.. Data Payload 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d 4e 4f 50 ABCDEFGHIJKLMNOP 51 52 53 54 55 56 57 58 59 5a 00 00 00 00 00 00 QRSTUVWXYZ...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 53 59 53 54 45 4d ..........SYSTEM 5c 43 75 72 72 65 6e 74 43 6f 6e 74 72 6f 6c 53 \CurrentControlS 65 74 5c 53 65 72 76 69 63 65 73 5c 4e 50 46 00 et\Services\NPF. 00 00 00 e0 fd 7e 01 00 00 00 00 00 00 00 00 e0 .....~.......... fd 7e 00 00 00 00 b0 f9 3a 00 c4 eb 5a 6c 6c 46 .~......:...ZllF 4d 00 78 3d 4c 00 af 2c ae 77 58 3d 4c 00 00 00 Mx=L..,.wX=L... 00 00 d3 3c ae 77 84 f7 3a 77 a0 16 d9 75 00 00 ...<.w..:w...u.. 00 00 00 00 48 00 50 01 48 00 01 00 00 00 01 00 ....HPH...... 00 00 00 00 48 00 50 3d 4c 00 00 00 00 00 00 01 ....HP=L....... 09 08 01 00 00 00 19 00 00 00 50 01 48 00 05 00 ..........PH.. 00 00 68 62 4c 00 10 fa 3a 00 00 fb 3a 00 b7 35 ..hbL...:...:..5 ae 77 00 00 48 00 78 3d 4c 00 d0 fa 3a 00 aa 38 .w..Hx=L...:..8 ae 77 10 f6 3a 77 00 00 00 00 00 00 48 00 58 3d .w..:w......HX= 4c 00 07 00 00 07 01 00 00 00 01 00 00 00 0f 00 L............... 00 00 80 00 00 00 00 00 00 00 58 d6 4b 00 50 01 ..Ђ.......XKP 48 00 00 00 00 00 00 00 48 00 0b 03 10 00 11 00 H.......H....... 00 00 58 3d 4c 00 50 01 48 00 02 00 00 02 00 00 ..X=LPH...... 00 00 07 00 00 07 05 00 00 00 00 00 00 23 c4 f9 .............#.. 3a 00 03 00 00 00 54 fb 3a 00 05 00 00 00 07 00 :.....T.:....... 00 00 fe ff ff ff 2f 1a 08 3d 05 00 00 00 0f 00 ....../..=...... 00 00 68 62 4c 00 52 3d 4c 00 50 3d 4c 00 d0 e1 ..hbL.R=LP=L... b1 77 74 01 48 00 00 00 00 00 50 01 48 00 58 3d .wt.H.....PHX= 4c 00 50 3d 4c 00 58 3d 4c 00 58 d6 4b 00 21 f9 LP=LX=LXK!. ac 77 8f d1 d5 75 20 01 00 00 00 00 00 00 00 00 .w...u ......... 00 00 00 00 00 00 0c fb 3a 00 78 25 00 00 88 fb ........:.x%.... 3a 00 04 00 00 00 00 00 00 00 e0 d1 d5 75 a1 6d :............um 63 16 00 00 00 00 78 25 00 00 00 e0 fd 7e 00 00 c.....x%.....~.. 00 00 00 00 00 00 fc fa 3a 00 58 3d 4c 00 b4 fb ........:.X=L... 3a 00 f0 6f d8 75 55 11 81 63 fe ff ff ff e0 d1 :..o.uU..c...... d5 75 37 32 eb 76 20 01 00 00 78 25 00 00 88 fb .u72.v ...x%.... 3a 00 04 00 00 00 00 00 00 00 00 00 00 00 84 fb :............... 3a 00 00 00 00 00 00 00 00 00 98 fb 3a 00 26 42 :...........:.&B 0f 00 20 01 00 00 78 25 00 00 88 fb 3a 00 04 00 .. ...x%....:... 00 00 00 00 00 00 00 00 00 00 84 fb 3a 00 00 00 ............:... 00 00 c8 34 25 00 00 00 00 00 00 d0 07 00 08 f8 ...4%........... 4b 00 fe ff ff ff a8 42 4d 00 K......BM. ###########################################################

Well, what could be the error? I would like the packet presented in the second case to be sent correctly. What to do for this? Thank you in advance.

PS I will provide additional information, if necessary. In addition to the indicated question, I will accept as a gift a ready and working mechanism.

PPS I will soon answer my own question if it is interesting to someone. Or just delete. It seems to have found the proper answers.

  • @Allow, it is somehow very difficult to figure out what exactly you are doing (which seal to which code applies and where exactly what you type). I correctly understand that in the first part of the code you form a package, and then send this particular package and intercept it , then type it, getting the text .... len: 1024 192.168.1.100:255 -> 192.168.1.1:15051 .. .. And in the second part, similar actions lead to an unexpected seal of yours, but the dump that you formed? - What do you really want to do? What parameters do you want to build and send a package from? - avp
  • Sorry, I tried to arrange everything in an understandable way. I think I'm already close to solving this problem. I read. Essentially. On account of the 1st part, everything is as you described. In the second part I form the same package (theoretically), but with the help of standard structures. __ In fact, I need to write a utility that would send a large amount of data as quickly as possible. And based on the library winpcap / libpcap. - Allow
  • @Allow, if I understand correctly, then the given dump (and the info in front of it) is the packet data that you are doing in option 2. In this case, everything is OK (dest-ip, port, TTL ...) everything is the same as What do you write in the code in the package being created? Those. problem in your print . Maybe you simply don’t pass those arguments into your printing function (such a stupid slip of the pen)? - Well, from the code given here, the entire chain of calls and transfer of parameters is simply not visible. - avp

0