-
February 13th, 2008, 06:16 PM
#1
WinPCap packet sending
Hi I have a problem with winpcap while sending ICMP (ping) packet..
heres the code...
.....
#pragma pack(push, 1)
struct IP_HEADER
{
unsigned char ip_ver_ihl;
unsigned char ip_tos;
unsigned short ip_len;
unsigned short ip_id;
unsigned short ip_off;
unsigned char ip_ttl;
unsigned char ip_p;
unsigned short ip_sum;
unsigned int saddr;
unsigned int daddr;
};
struct ICMP_HEADER
{
unsigned char type;
unsigned char code;
unsigned short checksum;
unsigned short id;
unsigned short seqno;
};
#pragma pack(pop)
.....
// WinPCap handle (adhandle) was successfully opened previously...
//--------------
int nSize = sizeof(IP_HEADER) + sizeof(ICMP_HEADER);
char* Data = (char *) malloc (nSize);
IP_HEADER* ip = (IP_HEADER*)Data;
ICMP_HEADER* icmp = (ICMP_HEADER*)(Data+sizeof(IP_HEADER));
memset(Data,0,nSize);
//------------
ip->ip_sum = 0;
ip->ip_ver_ihl = 0x45;
ip->ip_tos = 0;
ip->ip_len = nSize;
ip->ip_id = GetCurrentProcessId();
ip->ip_off = 0;
ip->ip_ttl = 128;
ip->ip_p = IPPROTO_ICMP;
ip->saddr = inet_addr(src_addr);
ip->daddr = inet_addr(dest_addr);
ip->ip_sum = in_cksum((unsigned short*)ip,sizeof(IP_HEADER));
//------------
icmp->type = 8;
icmp->checksum = 0;
icmp->code = 0;
icmp->id = GetCurrentProcessId();
icmp->seqno = 0;
icmp->checksum = in_cksum((unsigned short*)icmp,sizeof(ICMP_HEADER));
//------------
if( pcap_sendpacket(adhandle,(u_short*)Data,nSize) != 0)
return false;
....
unsigned short in_cksum(unsigned short *data, int size)
{
register int nleft=size;
unsigned long checksum = 0;
while(nleft>1)
{
checksum=checksum+*data++;
nleft=nleft-sizeof(unsigned short);
}
if(nleft)
checksum=checksum+*(unsigned char*)data;
checksum=(checksum>>16)+(checksum&0xffff);
checksum=checksum+(checksum>>16);
return (unsigned short)(~checksum);
}
.....
so...
pcap_sendpacket() works ok since it doesn't return nonzero value...
but when using packet sniffers (Winshark) I just can't see the packet itself...
I also tried to re-create the IP header with the one located on http://www.wikistc.org/wiki/Network_packet_generator (under the Sample packets and TCP/IP ICMP Echo Request )
it went ok but checksum was bad - it states it should be "b8 c8" but mine is "a8 d8"
is the checksum algorithm ok?
I have SP2 so I know I can't send custom crafted packets using winsock.
But can I do it with third party programs/drivers like WinPCap?
help me out here will ya'...
-
February 14th, 2008, 06:30 AM
#2
Re: WinPCap packet sending
YESS!!!!
I fixed the problem!!!
I just added Ethernet header with my mac addres and type of 0x0800 and destination mac filled with -1 (broadcast?! - ff ff ff ff ff ff)!!
I was able to capture the packet using Winshark and with other packet sniffers and they detected packet is ICMP echo request!!
But this packet was not being transmitted to destination IP address in IP header. Why?
I realized destination mac in Ethernet was wrong. I sniffed this address in other ICMP request and I replaced previous address with this new one...
Packet was successfully sent to destination IP and the client responded (echo replay)!!
My question is what is this destination mac address and how to obtain it? Is it the mac address of my gateway or what?
Please help,
thanks
-
November 19th, 2008, 06:44 PM
#3
Re: WinPCap packet sending
I don't know a lot about networking, But don't you use a ARP request to resolve a Mac Address?
A Mac Address is the Physical Address of a Network Hardware Device I believe, You need to send a ARP Request for whom ever has the IP you are trying to reach. I'm not sure how to send or how the reply of this Request works I just know it exists lol. I am sure Wikipedia will have information on this too
Good luck
-
July 3rd, 2013, 04:09 AM
#4
Re: WinPCap packet sending
Originally Posted by kenaneo
YESS!!!!
I fixed the problem!!!
I just added Ethernet header with my mac addres and type of 0x0800 and destination mac filled with -1 (broadcast?! - ff ff ff ff ff ff)!!
I was able to capture the packet using Winshark and with other packet sniffers and they detected packet is ICMP echo request!!
But this packet was not being transmitted to destination IP address in IP header. Why?
I realized destination mac in Ethernet was wrong. I sniffed this address in other ICMP request and I replaced previous address with this new one...
Packet was successfully sent to destination IP and the client responded (echo replay)!!
My question is what is this destination mac address and how to obtain it? Is it the mac address of my gateway or what?
Please help,
thanks
I use winpcap too,
but I have a problem:
Packet was successfully sent to destination IP but the client didn't respond (echo replay)!!
Can you help me?
thanks
-
July 3rd, 2013, 05:30 AM
#5
Re: WinPCap packet sending
Originally Posted by kavir69
Packet was successfully sent to destination IP but the client didn't respond (echo replay)
How do you know it was sent OK and been received by the client?
All advice is offered in good faith only. All my code is tested (unless stated explicitly otherwise) with the latest version of Microsoft Visual Studio (using the supported features of the latest standard) and is offered as examples only - not as production quality. I cannot offer advice regarding any other c/c++ compiler/IDE or incompatibilities with VS. You are ultimately responsible for the effects of your programs and the integrity of the machines they run on. Anything I post, code snippets, advice, etc is licensed as Public Domain https://creativecommons.org/publicdomain/zero/1.0/ and can be used without reference or acknowledgement. Also note that I only provide advice and guidance via the forums - and not via private messages!
C++23 Compiler: Microsoft VS2022 (17.6.5)
-
July 6th, 2013, 01:01 AM
#6
Re: WinPCap packet sending
Originally Posted by 2kaud
How do you know it was sent OK and been received by the client?
With wireshark (It is run on the client and shows packets that is received correctly.)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|