Hi I have a problem with winpcap while sending ICMP (ping) packet..
heres the code...
#pragma pack(push, 1)
unsigned char ip_ver_ihl;
unsigned char ip_tos;
unsigned short ip_len;
unsigned short ip_id;
unsigned short ip_off;
unsigned char ip_ttl;
unsigned char ip_p;
unsigned short ip_sum;
unsigned int saddr;
unsigned int daddr;
unsigned char type;
unsigned char code;
unsigned short checksum;
unsigned short id;
unsigned short seqno;
// WinPCap handle (adhandle) was successfully opened previously...
int nSize = sizeof(IP_HEADER) + sizeof(ICMP_HEADER);
char* Data = (char *) malloc (nSize);
IP_HEADER* ip = (IP_HEADER*)Data;
ICMP_HEADER* icmp = (ICMP_HEADER*)(Data+sizeof(IP_HEADER));
ip->ip_sum = 0;
ip->ip_ver_ihl = 0x45;
ip->ip_tos = 0;
ip->ip_len = nSize;
ip->ip_id = GetCurrentProcessId();
ip->ip_off = 0;
ip->ip_ttl = 128;
ip->ip_p = IPPROTO_ICMP;
ip->saddr = inet_addr(src_addr);
ip->daddr = inet_addr(dest_addr);
ip->ip_sum = in_cksum((unsigned short*)ip,sizeof(IP_HEADER));
icmp->type = 8;
icmp->checksum = 0;
icmp->code = 0;
icmp->id = GetCurrentProcessId();
icmp->seqno = 0;
icmp->checksum = in_cksum((unsigned short*)icmp,sizeof(ICMP_HEADER));
if( pcap_sendpacket(adhandle,(u_short*)Data,nSize) != 0)
unsigned short in_cksum(unsigned short *data, int size)
register int nleft=size;
unsigned long checksum = 0;
return (unsigned short)(~checksum);
pcap_sendpacket() works ok since it doesn't return nonzero value...
but when using packet sniffers (Winshark) I just can't see the packet itself...
I also tried to re-create the IP header with the one located on http://www.wikistc.org/wiki/Network_packet_generator (under the Sample packets and TCP/IP ICMP Echo Request )
it went ok but checksum was bad - it states it should be "b8 c8" but mine is "a8 d8"
is the checksum algorithm ok?
I have SP2 so I know I can't send custom crafted packets using winsock.
But can I do it with third party programs/drivers like WinPCap?
I fixed the problem!!!
I just added Ethernet header with my mac addres and type of 0x0800 and destination mac filled with -1 (broadcast?! - ff ff ff ff ff ff)!!
I was able to capture the packet using Winshark and with other packet sniffers and they detected packet is ICMP echo request!!
But this packet was not being transmitted to destination IP address in IP header. Why?
I realized destination mac in Ethernet was wrong. I sniffed this address in other ICMP request and I replaced previous address with this new one...
Packet was successfully sent to destination IP and the client responded (echo replay)!!
My question is what is this destination mac address and how to obtain it? Is it the mac address of my gateway or what?
I don't know a lot about networking, But don't you use a ARP request to resolve a Mac Address?
A Mac Address is the Physical Address of a Network Hardware Device I believe, You need to send a ARP Request for whom ever has the IP you are trying to reach. I'm not sure how to send or how the reply of this Request works I just know it exists lol. I am sure Wikipedia will have information on this too