The purpose of the NetTool project is to demonstrate the use of raw structures and memory maps to achieve raw ethernet, ip, arp, icmp, tcp, and udp input and output. The demonstration tool can ping, identify, and perform a TCP port scan of a host connected via ethernet.


Import programNetTool

This is a low-level network debugging utility that utilizes raw packet i/o to construct and deconstruct tcp, udp, ipv4, arp, and icmp packets over ethernet.

Memory Maps

NetTool provides C++ structure memory maps for numerous on-wire formats, including Ethernet, IP, TCP, UDP, ICMP, and ARP. In order for them to work nicely in the host environment, accompanying functions are provided to fix the endianness of the memory so that the stuructures can be created and used easily.


Import program

Data Fields

unsigned version :4
4 bits that contain the version, that specifies if it's an IPv4 or IPv6 packet,
unsigned header_bytes_div4 :4
4 bits that contain the Internet Header Length which is the length of the header in multiples of 4 bytes (eg. 5 means 20 bytes).
unsigned tos :8
8 bits that contain the Type of Service, also referred to as Quality of Service (QoS), which describes what priority the packet should have,
u16 packet_bytes
16 bits that contain the total length of the IP packet (datagram) in bytes,
u16 fragment_id
16 bits that contain an identification tag to help reconstruct the packet from several fragments,
unsigned unused_0 :1
3 bits that contain a zero, a flag that says whether the packet is allowed to be fragmented or not (DF: Don't fragment), and a flag to state whether more fragments of a packet follow (MF: More Fragments)
unsigned fragment_offset :13
13 bits that contain the fragment offset, a field to identify position of fragment within original packet
unsigned ttl :8
8 bits that contain the Time to live (TTL) which is the number of hops (router, computer or device along a network) the packet is allowed to pass before it dies (for example, a packet with a TTL of 16 will be allowed to go across 16 routers to get to its destination before it is discarded),
unsigned protocol :8
8 bits that contain the protocol (TCP, UDP, ICMP, etc...) 0x01 ICMP 0x06 TCP 0x11 UDP
u16 header_checksum
16 bits that contain the Header Checksum, a number used in error detection,
IP_Address source
32 bits that contain the source IP address,
IP_Address destination
32 bits that contain the destination address.
unsigned char data []
Zero-length field for memory mapping the packet data.

The demo program interprets IP version 4 (IPv4) packets and processes them based on their protocol. If they are TCP, UDP, or ICMP, they are processed further.


Import program

Data Fields

u16 source_port
Source port (1-65535)
u16 destination_port
Destination port (1-65535)
u32 sequence_number
TCP Sequence number (initial one if SYN set)
u32 acknowledge_number
TCP Acknowledge number (valid if ACK set)
unsigned data_offset_bytes_div4 :4
Length of this header (20) divided by 4 (should be 5)
unsigned unused_0 :4
Unused, should be zero.
unsigned fin :1
connection FINished (no more data from sender)
unsigned syn :1
SYNchronize sequence numbers.
unsigned rst :1
ReSeT the connection.
unsigned psh :1
PuSH to receiving application.
unsigned ack :1
ACKnowledge fiend is significant.
unsigned urg :1
URGent field is significant.
unsigned ece :1
ECn Echo.
unsigned cwr :1
Congestion Window Reduced.
u16 window_size
TCP Maxumum window size (8192 is good)
u16 checksum
TCP checksum (computed with pseudo header)
u16 urgent_pointer
Urgent pointer (valid if URG set)
unsigned char data []
Memory map for data if no options are set.

TCP packets are processed and a TCP port scan can be performed by adding a line with "portscan" to the command text file.


Import program

Data Fields

u16 source_port
Source port (1-65535)
u16 destination_port
Destination port (1-65535)
u16 length
Entire datagram size in bytes.
u16 checksum
u8 data []
Data memory map.

UDP packets are processed by the dmeo program, but not used.


Import program

Data Fields

u8 type
type of ICMP message
u8 code
code number associated with certain message types
u16 id
ID value, returned in ECHO REPLY.
u16 sequence
Sequence value to be returned with ECHO REPLY.
u8 data []
Data memory map.

The demo program can (by adding "ping" on a line by itself to the command file) send a ping every 30 seconds to the host computer.


Import program

Data Fields

u16 hardware_type
0x0001 for ethernet
u16 protocol_type
0x0800 for IPv4
u8 hardware_length
Bytes. Ethernet is 6.
u8 protocol_length
Bytes. IPv4 is 4.
u16 operation
Operation. 1 for request, 2 for reply or announce.
u8 sender_hardware_address [6]
Generator of the request or reply.
u8 sender_protocol_address [4]
All zeroes for an ARP probe.
u8 target_hardware_address [6]
Announce - same as SHA.
u8 target_protocol_address [4]
Announce - Same as TPA.

The demo program interprets ARP requests and announces in order to determine an IP address for itself and to instruct the host how to communicate with the device. When the host announces an IP address, the next IP address is chosen and used as the device IP.

Demo Program


The only peripheral used by the demo program is an ethernet jack. One can be obtained from SparkFun. The Cool Components Workshop Board also has the necessary parts on it. The configuration, logging, and status reports are all available through the MBED flash drive when attached to any computer via USB.

PC Setup

The demo program does not emulate DHCP, so the interface that is connected to the MBED via ethernet should be configured with a static IP address. Consult your operating system documentation for how to do this.


The demonstration program reads a file off of the MBED flash drive called "ntcmd.txt" which has the following general format:

# comment

The known commands are:

  1. ping
  2. portscan
  3. identify



The ping command sends a ping to the attached host every 30 seconds and writes the status of its replies to the file "ping.txt" for each ping (the file is overwritten every time).


The port scan command sends a TCP connection request to every legal port on the attached host system and writes the results of the port scan to the file "portscan.txt".


The identify command writes the host IP address and MAC address to the file "identity.txt".


All major actions and status reports by the tool are written to "nettool.log".

All wikipages