WinPCap packet sending
CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Results 1 to 6 of 6

Thread: WinPCap packet sending

  1. #1
    Join Date
    Feb 2008
    Posts
    4

    Resolved WinPCap packet sending

    Hi I have a problem with winpcap while sending ICMP (ping) packet..
    heres the code...


    .....
    #pragma pack(push, 1)
    struct IP_HEADER
    {
    unsigned char ip_ver_ihl;
    unsigned char ip_tos;
    unsigned short ip_len;
    unsigned short ip_id;
    unsigned short ip_off;
    unsigned char ip_ttl;
    unsigned char ip_p;
    unsigned short ip_sum;
    unsigned int saddr;
    unsigned int daddr;
    };
    struct ICMP_HEADER
    {
    unsigned char type;
    unsigned char code;
    unsigned short checksum;
    unsigned short id;
    unsigned short seqno;
    };
    #pragma pack(pop)
    .....
    // WinPCap handle (adhandle) was successfully opened previously...
    //--------------
    int nSize = sizeof(IP_HEADER) + sizeof(ICMP_HEADER);
    char* Data = (char *) malloc (nSize);
    IP_HEADER* ip = (IP_HEADER*)Data;
    ICMP_HEADER* icmp = (ICMP_HEADER*)(Data+sizeof(IP_HEADER));
    memset(Data,0,nSize);
    //------------
    ip->ip_sum = 0;
    ip->ip_ver_ihl = 0x45;
    ip->ip_tos = 0;
    ip->ip_len = nSize;
    ip->ip_id = GetCurrentProcessId();
    ip->ip_off = 0;
    ip->ip_ttl = 128;
    ip->ip_p = IPPROTO_ICMP;
    ip->saddr = inet_addr(src_addr);
    ip->daddr = inet_addr(dest_addr);
    ip->ip_sum = in_cksum((unsigned short*)ip,sizeof(IP_HEADER));
    //------------
    icmp->type = 8;
    icmp->checksum = 0;
    icmp->code = 0;
    icmp->id = GetCurrentProcessId();
    icmp->seqno = 0;
    icmp->checksum = in_cksum((unsigned short*)icmp,sizeof(ICMP_HEADER));
    //------------
    if( pcap_sendpacket(adhandle,(u_short*)Data,nSize) != 0)
    return false;
    ....
    unsigned short in_cksum(unsigned short *data, int size)
    {
    register int nleft=size;
    unsigned long checksum = 0;
    while(nleft>1)
    {
    checksum=checksum+*data++;
    nleft=nleft-sizeof(unsigned short);
    }
    if(nleft)
    checksum=checksum+*(unsigned char*)data;
    checksum=(checksum>>16)+(checksum&0xffff);
    checksum=checksum+(checksum>>16);
    return (unsigned short)(~checksum);
    }
    .....


    so...
    pcap_sendpacket() works ok since it doesn't return nonzero value...
    but when using packet sniffers (Winshark) I just can't see the packet itself...

    I also tried to re-create the IP header with the one located on http://www.wikistc.org/wiki/Network_packet_generator (under the Sample packets and TCP/IP ICMP Echo Request )
    it went ok but checksum was bad - it states it should be "b8 c8" but mine is "a8 d8"
    is the checksum algorithm ok?


    I have SP2 so I know I can't send custom crafted packets using winsock.
    But can I do it with third party programs/drivers like WinPCap?

    help me out here will ya'...

  2. #2
    Join Date
    Feb 2008
    Posts
    4

    Re: WinPCap packet sending

    YESS!!!!

    I fixed the problem!!!
    I just added Ethernet header with my mac addres and type of 0x0800 and destination mac filled with -1 (broadcast?! - ff ff ff ff ff ff)!!
    I was able to capture the packet using Winshark and with other packet sniffers and they detected packet is ICMP echo request!!

    But this packet was not being transmitted to destination IP address in IP header. Why?
    I realized destination mac in Ethernet was wrong. I sniffed this address in other ICMP request and I replaced previous address with this new one...
    Packet was successfully sent to destination IP and the client responded (echo replay)!!

    My question is what is this destination mac address and how to obtain it? Is it the mac address of my gateway or what?

    Please help,
    thanks

  3. #3
    Join Date
    Nov 2008
    Posts
    1

    Re: WinPCap packet sending

    I don't know a lot about networking, But don't you use a ARP request to resolve a Mac Address?

    A Mac Address is the Physical Address of a Network Hardware Device I believe, You need to send a ARP Request for whom ever has the IP you are trying to reach. I'm not sure how to send or how the reply of this Request works I just know it exists lol. I am sure Wikipedia will have information on this too

    Good luck

  4. #4
    Join Date
    Jul 2013
    Posts
    2

    Re: WinPCap packet sending

    Quote Originally Posted by kenaneo View Post
    YESS!!!!

    I fixed the problem!!!
    I just added Ethernet header with my mac addres and type of 0x0800 and destination mac filled with -1 (broadcast?! - ff ff ff ff ff ff)!!
    I was able to capture the packet using Winshark and with other packet sniffers and they detected packet is ICMP echo request!!

    But this packet was not being transmitted to destination IP address in IP header. Why?
    I realized destination mac in Ethernet was wrong. I sniffed this address in other ICMP request and I replaced previous address with this new one...
    Packet was successfully sent to destination IP and the client responded (echo replay)!!

    My question is what is this destination mac address and how to obtain it? Is it the mac address of my gateway or what?

    Please help,
    thanks


    I use winpcap too,
    but I have a problem:
    Packet was successfully sent to destination IP but the client didn't respond (echo replay)!!
    Can you help me?
    thanks

  5. #5
    Join Date
    Dec 2012
    Location
    England
    Posts
    2,278

    Re: WinPCap packet sending

    Quote Originally Posted by kavir69 View Post
    Packet was successfully sent to destination IP but the client didn't respond (echo replay)
    How do you know it was sent OK and been received by the client?
    All advice is offered in good faith only. You are ultimately responsible for effects of your programs and the integrity of the machines they run on.

  6. #6
    Join Date
    Jul 2013
    Posts
    2

    Re: WinPCap packet sending

    Quote Originally Posted by 2kaud View Post
    How do you know it was sent OK and been received by the client?
    With wireshark (It is run on the client and shows packets that is received correctly.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Azure Activities Information Page

Windows Mobile Development Center


Click Here to Expand Forum to Full Width

This is a CodeGuru survey question.


Featured


HTML5 Development Center