You are viewing an older revision! See the latest version
NetTool
NetTool¶
Purpose¶
The purpose of the NetTool project is to demonstrate the use of raw structures and memory maps to achieve raw ethernet, ip, arp, icmp, tcp, and udp input and output. The demonstration tool can ping, identify, and perform a TCP port scan of a host connected via ethernet.
Program¶
Import programNetTool
This is a low-level network debugging utility that utilizes raw packet i/o to construct and deconstruct tcp, udp, ipv4, arp, and icmp packets over ethernet.
Last commit 12 Oct 2010 by 
Kyle Lemons
Memory Maps¶
NetTool provides C++ structure memory maps for numerous on-wire formats, including Ethernet, IP, TCP, UDP, ICMP, and ARP. In order for them to work nicely in the host environment, accompanying functions are provided to fix the endianness of the memory so that the stuructures can be created and used easily.
IP¶
Import program
Data Fields |
|
| unsigned | version :4 |
|
4 bits that contain the version, that specifies if it's an IPv4 or IPv6 packet,
|
|
| unsigned | header_bytes_div4 :4 |
|
4 bits that contain the Internet Header Length which is the length of the header in multiples of 4 bytes (eg. 5 means 20 bytes).
|
|
| unsigned | tos :8 |
|
8 bits that contain the Type of Service, also referred to as Quality of Service (QoS), which describes what priority the packet should have,
|
|
| u16 | packet_bytes |
|
16 bits that contain the total length of the IP packet (datagram) in bytes,
|
|
| u16 | fragment_id |
|
16 bits that contain an identification tag to help reconstruct the packet from several fragments,
|
|
| unsigned | unused_0 :1 |
|
3 bits that contain a zero, a flag that says whether the packet is allowed to be fragmented or not (DF: Don't fragment), and a flag to state whether more fragments of a packet follow (MF: More Fragments)
|
|
| unsigned | fragment_offset :13 |
|
13 bits that contain the fragment offset, a field to identify position of fragment within original packet
|
|
| unsigned | ttl :8 |
|
8 bits that contain the Time to live (TTL) which is the number of hops (router, computer or device along a network) the packet is allowed to pass before it dies (for example, a packet with a TTL of 16 will be allowed to go across 16 routers to get to its destination before it is discarded),
|
|
| unsigned | protocol :8 |
|
8 bits that contain the protocol (TCP, UDP, ICMP, etc...) 0x01 ICMP 0x06 TCP 0x11 UDP
|
|
| u16 | header_checksum |
|
16 bits that contain the Header Checksum, a number used in error detection,
|
|
| IP_Address | source |
|
32 bits that contain the source IP address,
|
|
| IP_Address | destination |
|
32 bits that contain the destination address.
|
|
| unsigned char | data [] |
|
Zero-length field for memory mapping the packet data.
|
|
TCP¶
Import program
Data Fields |
|
| u16 | source_port |
|
Source port (1-65535)
|
|
| u16 | destination_port |
|
Destination port (1-65535)
|
|
| u32 | sequence_number |
|
TCP Sequence number (initial one if SYN set)
|
|
| u32 | acknowledge_number |
|
TCP Acknowledge number (valid if ACK set)
|
|
| unsigned | data_offset_bytes_div4 :4 |
|
Length of this header (20) divided by 4 (should be 5)
|
|
| unsigned | unused_0 :4 |
|
Unused, should be zero.
|
|
| unsigned | fin :1 |
|
connection FINished (no more data from sender)
|
|
| unsigned | syn :1 |
|
SYNchronize sequence numbers.
|
|
| unsigned | rst :1 |
|
ReSeT the connection.
|
|
| unsigned | psh :1 |
|
PuSH to receiving application.
|
|
| unsigned | ack :1 |
|
ACKnowledge fiend is significant.
|
|
| unsigned | urg :1 |
|
URGent field is significant.
|
|
| unsigned | ece :1 |
|
ECn Echo.
|
|
| unsigned | cwr :1 |
|
Congestion Window Reduced.
|
|
| u16 | window_size |
|
TCP Maxumum window size (8192 is good)
|
|
| u16 | checksum |
|
TCP checksum (computed with pseudo header)
|
|
| u16 | urgent_pointer |
|
Urgent pointer (valid if URG set)
|
|
| unsigned char | data [] |
|
Memory map for data if no options are set.
|
|
UDP¶
Import program
Data Fields |
|
| u16 | source_port |
|
Source port (1-65535)
|
|
| u16 | destination_port |
|
Destination port (1-65535)
|
|
| u16 | length |
|
Entire datagram size in bytes.
|
|
| u16 | checksum |
|
Checksum.
|
|
| u8 | data [] |
|
Data memory map.
|
|
ICMP¶
ARP¶
Import program
Data Fields |
|
| u16 | hardware_type |
|
0x0001 for ethernet
|
|
| u16 | protocol_type |
|
0x0800 for IPv4
|
|
| u8 | hardware_length |
|
Bytes. Ethernet is 6.
|
|
| u8 | protocol_length |
|
Bytes. IPv4 is 4.
|
|
| u16 | operation |
|
Operation. 1 for request, 2 for reply or announce.
|
|
| u8 | sender_hardware_address [6] |
|
Generator of the request or reply.
|
|
| u8 | sender_protocol_address [4] |
|
All zeroes for an ARP probe.
|
|
| u8 | target_hardware_address [6] |
|
Announce - same as SHA.
|
|
| u8 | target_protocol_address [4] |
|
Announce - Same as TPA.
|
|