NetTool
NetTool¶
Purpose¶
The purpose of the NetTool project is to demonstrate the use of raw structures and memory maps to achieve raw ethernet, ip, arp, icmp, tcp, and udp input and output. The demonstration tool can ping, identify, and perform a TCP port scan of a host connected via ethernet.
Program¶
Import programNetTool
This is a low-level network debugging utility that utilizes raw packet i/o to construct and deconstruct tcp, udp, ipv4, arp, and icmp packets over ethernet.
Last commit 12 Oct 2010 by 
Kyle Lemons
Memory Maps¶
NetTool provides C++ structure memory maps for numerous on-wire formats, including Ethernet, IP, TCP, UDP, ICMP, and ARP. In order for them to work nicely in the host environment, accompanying functions are provided to fix the endianness of the memory so that the stuructures can be created and used easily.
IP¶
Import program
Data Fields |
|
| unsigned | version :4 |
|
4 bits that contain the version, that specifies if it's an IPv4 or IPv6 packet,
|
|
| unsigned | header_bytes_div4 :4 |
|
4 bits that contain the Internet Header Length which is the length of the header in multiples of 4 bytes (eg. 5 means 20 bytes).
|
|
| unsigned | tos :8 |
|
8 bits that contain the Type of Service, also referred to as Quality of Service (QoS), which describes what priority the packet should have,
|
|
| u16 | packet_bytes |
|
16 bits that contain the total length of the IP packet (datagram) in bytes,
|
|
| u16 | fragment_id |
|
16 bits that contain an identification tag to help reconstruct the packet from several fragments,
|
|
| unsigned | unused_0 :1 |
|
3 bits that contain a zero, a flag that says whether the packet is allowed to be fragmented or not (DF: Don't fragment), and a flag to state whether more fragments of a packet follow (MF: More Fragments)
|
|
| unsigned | fragment_offset :13 |
|
13 bits that contain the fragment offset, a field to identify position of fragment within original packet
|
|
| unsigned | ttl :8 |
|
8 bits that contain the Time to live (TTL) which is the number of hops (router, computer or device along a network) the packet is allowed to pass before it dies (for example, a packet with a TTL of 16 will be allowed to go across 16 routers to get to its destination before it is discarded),
|
|
| unsigned | protocol :8 |
|
8 bits that contain the protocol (TCP, UDP, ICMP, etc...) 0x01 ICMP 0x06 TCP 0x11 UDP
|
|
| u16 | header_checksum |
|
16 bits that contain the Header Checksum, a number used in error detection,
|
|
| IP_Address | source |
|
32 bits that contain the source IP address,
|
|
| IP_Address | destination |
|
32 bits that contain the destination address.
|
|
| unsigned char | data [] |
|
Zero-length field for memory mapping the packet data.
|
|
The demo program interprets IP version 4 (IPv4) packets and processes them based on their protocol. If they are TCP, UDP, or ICMP, they are processed further.
TCP¶
Import program
Data Fields |
|
| u16 | source_port |
|
Source port (1-65535)
|
|
| u16 | destination_port |
|
Destination port (1-65535)
|
|
| u32 | sequence_number |
|
TCP Sequence number (initial one if SYN set)
|
|
| u32 | acknowledge_number |
|
TCP Acknowledge number (valid if ACK set)
|
|
| unsigned | data_offset_bytes_div4 :4 |
|
Length of this header (20) divided by 4 (should be 5)
|
|
| unsigned | unused_0 :4 |
|
Unused, should be zero.
|
|
| unsigned | fin :1 |
|
connection FINished (no more data from sender)
|
|
| unsigned | syn :1 |
|
SYNchronize sequence numbers.
|
|
| unsigned | rst :1 |
|
ReSeT the connection.
|
|
| unsigned | psh :1 |
|
PuSH to receiving application.
|
|
| unsigned | ack :1 |
|
ACKnowledge fiend is significant.
|
|
| unsigned | urg :1 |
|
URGent field is significant.
|
|
| unsigned | ece :1 |
|
ECn Echo.
|
|
| unsigned | cwr :1 |
|
Congestion Window Reduced.
|
|
| u16 | window_size |
|
TCP Maxumum window size (8192 is good)
|
|
| u16 | checksum |
|
TCP checksum (computed with pseudo header)
|
|
| u16 | urgent_pointer |
|
Urgent pointer (valid if URG set)
|
|
| unsigned char | data [] |
|
Memory map for data if no options are set.
|
|
TCP packets are processed and a TCP port scan can be performed by adding a line with "portscan" to the command text file.
UDP¶
Import program
Data Fields |
|
| u16 | source_port |
|
Source port (1-65535)
|
|
| u16 | destination_port |
|
Destination port (1-65535)
|
|
| u16 | length |
|
Entire datagram size in bytes.
|
|
| u16 | checksum |
|
Checksum.
|
|
| u8 | data [] |
|
Data memory map.
|
|
UDP packets are processed by the dmeo program, but not used.
ICMP¶
The demo program can (by adding "ping" on a line by itself to the command file) send a ping every 30 seconds to the host computer.
ARP¶
Import program
Data Fields |
|
| u16 | hardware_type |
|
0x0001 for ethernet
|
|
| u16 | protocol_type |
|
0x0800 for IPv4
|
|
| u8 | hardware_length |
|
Bytes. Ethernet is 6.
|
|
| u8 | protocol_length |
|
Bytes. IPv4 is 4.
|
|
| u16 | operation |
|
Operation. 1 for request, 2 for reply or announce.
|
|
| u8 | sender_hardware_address [6] |
|
Generator of the request or reply.
|
|
| u8 | sender_protocol_address [4] |
|
All zeroes for an ARP probe.
|
|
| u8 | target_hardware_address [6] |
|
Announce - same as SHA.
|
|
| u8 | target_protocol_address [4] |
|
Announce - Same as TPA.
|
|
The demo program interprets ARP requests and announces in order to determine an IP address for itself and to instruct the host how to communicate with the device. When the host announces an IP address, the next IP address is chosen and used as the device IP.
Demo Program¶
Hardware¶
The only peripheral used by the demo program is an ethernet jack. One can be obtained from SparkFun. The Cool Components Workshop Board also has the necessary parts on it. The configuration, logging, and status reports are all available through the MBED flash drive when attached to any computer via USB.
PC Setup¶
The demo program does not emulate DHCP, so the interface that is connected to the MBED via ethernet should be configured with a static IP address. Consult your operating system documentation for how to do this.
Configuration¶
The demonstration program reads a file off of the MBED flash drive called "ntcmd.txt" which has the following general format:
# comment command
The known commands are:
- ping
- portscan
- identify
Commands¶
ping
The ping command sends a ping to the attached host every 30 seconds and writes the status of its replies to the file "ping.txt" for each ping (the file is overwritten every time).
portscan
The port scan command sends a TCP connection request to every legal port on the attached host system and writes the results of the port scan to the file "portscan.txt".
identify
The identify command writes the host IP address and MAC address to the file "identity.txt".
Log¶
All major actions and status reports by the tool are written to "nettool.log".