Lets start by looking at the datalink headers. "Didn't we already dothis", you ask. Sure... sort of, but we didn't spend much time on it solets just get this out of the way. Looking at the datalink header isn'tall too exciting, but it certainly is something we want to stick in ourtoolkit so we will gloss over the important stuff and continue on. Themost important element of the ether header to us is the ether type.Remember struct ether_header from net/ethernet.h? just soyou don't have to click back, here it is again whith the definition ofan ether_addr./* This is a name for the 48 bit ethernet address available on many systems. */struct ether_addr u_int8_t ether_addr_octet[ETH_ALEN]; __attribute__ ((__packed__));/* 10Mb/s ethernet header */struct ether_header u_int8_t ether_dhost[ETH_ALEN];/* destination eth addr*/ u_int8_t ether_shost[ETH_ALEN];/* source ether addr*/ u_int16_t ether_type; /* packet type ID field*/ __attribute__ ((__packed__));Fortunatly (at least in Linux) netinet/ether.h provides uswith some fuzzy routines to convert ethernet headers to readableascii and back../* Convert 48 bit Ethernet ADDRess to ASCII. */extern char *ether_ntoa (__const struct ether_addr *__addr) __THROW;extern char *ether_ntoa_r (__const struct ether_addr *__addr, char *__buf) __THROW;/* Convert ASCII string S to 48 bit Ethernet address. */extern struct ether_addr *ether_aton (__const char *__asc) __THROW;extern struct ether_addr *ether_aton_r (__const char *__asc,struct ether_addr *__addr) __THROW;as well as ethernet address to HOSTNAME resolution (that should ring a bell..:-)/* Map HOSTNAME to 48 bit Ethernet address. */extern int ether_hostton (__const char *__hostname, struct ether_addr *__addr) __THROW;Previously I pasted some code shamelessly stolen from Steven's UnixNetwork PRogramming to print out the ethernet header, from now on wetake the easy route. Here is a straightforward callback function tohandle ethernet headers, print out the source and destination addressesand handle the type.
IP: We'll need to wip out our handy dandy RFC's (791 in this case) andtake a look at what it has to say about IP headers... here is a copyof the section which decsribes the header.3.1 Internet Header Format A summary of the contents of the internet header follows: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Version IHL Type of Service Total Length +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Identification Flags Fragment Offset +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Time to Live Protocol Header Checksum +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Destination Address +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Options Padding +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Example Internet Datagram Header Figure 4. Note that each tick mark represents one bit position.Now lets peak at netinet/ip.hstruct ip #if __BYTE_ORDER == __LITTLE_ENDIAN unsigned int ip_hl:4;/* header length */ unsigned int ip_v:4;/* version */#endif#if __BYTE_ORDER == __BIG_ENDIAN unsigned int ip_v:4;/* version */ unsigned int ip_hl:4;/* header length */#endif u_int8_t ip_tos;/* type of service */ u_short ip_len;/* total length */ u_short ip_id;/* identification */ u_short ip_off;/* fragment offset field */#defineIP_RF 0x8000/* reserved fragment flag */#defineIP_DF 0x4000/* dont fragment flag */#defineIP_MF 0x2000/* more fragments flag */#defineIP_OFFMASK 0x1fff/* mask for fragmenting bits */ u_int8_t ip_ttl;/* time to live */ u_int8_t ip_p;/* protocol */ u_short ip_sum;/* checksum */ struct in_addr ip_src, ip_dst;/* source and dest address */ ;Cool, they seem to match up perfectly.... this of course wouldbe fine to use, but I prefer to follow the tcpdump methodof handling the version and header length.struct my_ip u_int8_tip_vhl;/* header length, version */#define IP_V(ip)(((ip)->ip_vhl & 0xf0) >> 4)#define IP_HL(ip)((ip)->ip_vhl & 0x0f)u_int8_tip_tos;/* type of service */u_int16_tip_len;/* total length */u_int16_tip_id;/* identification */u_int16_tip_off;/* fragment offset field */#defineIP_DF 0x4000/* dont fragment flag */#defineIP_MF 0x2000/* more fragments flag */#defineIP_OFFMASK 0x1fff/* mask for fragmenting bits */u_int8_tip_ttl;/* time to live */u_int8_tip_p;/* protocol */u_int16_tip_sum;/* checksum */structin_addr ip_src,ip_dst;/* source and dest address */};Lets take a first stab at peaking into the IP header... considerthe following function (full source here).u_char* handle_IP (u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) const struct my_ip* ip; u_int length = pkthdr-&len; u_int hlen,off,version; int i; int len; /* jump pass the ethernet header */ ip = (struct my_ip*)(packet + sizeof(struct ether_header)); length -= sizeof(struct ether_header); /* check to see we have a packet of valid length */ if (length ip_len); hlen = IP_HL(ip); /* header length */ version = IP_V(ip);/* ip version */ /* check version */ if(version != 4) fprintf(stdout,"Unknown version %d\n",version); return NULL; /* check header length */ if(hlen ip_off); if((off &apm; 0x1fff) == 0 )/* aka no 1's in first 13 bits */ /* print SOURCE DESTINATION hlen version len offset */ fprintf(stdout,"IP: "); fprintf(stdout,"%s ", inet_ntoa(ip->ip_src)); fprintf(stdout,"%s %d %d %d %d\n", inet_ntoa(ip->ip_dst), hlen,version,len,off); return NULL;Given a clean arp cache this is what the output looks like on my machine,when I try to telnet to 134.114.90.1...[root@localhost libpcap]# ./a.out 5ETH: 0:10:a4:8b:d3:b4 ff:ff:ff:ff:ff:ff (ARP) 42ETH: 0:20:78:d1:e8:1 0:10:a4:8b:d3:b4 (ARP) 60ETH: 0:10:a4:8b:d3:b4 0:20:78:d1:e8:1 (IP) 74IP: 192.168.1.100 134.114.90.1 5 4 60 16384ETH: 0:20:78:d1:e8:1 0:10:a4:8b:d3:b4 (IP) 60IP: 134.114.90.1 192.168.1.100 5 4 40 0Lets try and reconstruct the conversation shall we? my computer: Who has the gateways IP (192.168.1.100)?ETH: 0:10:a4:8b:d3:b4 ff:ff:ff:ff:ff:ff (ARP) 42 gateway: I do!!ETH: 0:20:78:d1:e8:1 0:10:a4:8b:d3:b4 (ARP) 60 my computer(through gateway): Hello Mr. 134.114.90.1 can we talk?ETH: 0:10:a4:8b:d3:b4 0:20:78:d1:e8:1 (IP) 74IP: 192.168.1.100 134.114.90.1 5 4 60 16384 134.114.90.1: Nope, I'm not listeningETH: 0:20:78:d1:e8:1 0:10:a4:8b:d3:b4 (IP) 60IP: 134.114.90.1 192.168.1.100 5 4 40 0I have admittedly skipped TONS of information in a rush to provide youwith code to display the IP header (thats all you really wanted anywayswasn't it :-). That said, if you are lost don'tworry, I will slow down and attempt to describe what exactly is going on.All that you really need to know up to this point is.. All packets are sent via ethernet The ethernet header defines the protocol type of the packetit is carrying IP is one of these types (as well as ARP and RARP) The IP header is confusing ... So before getting too far into packet dissection it would probablybenefit us to regress a bit and talk about IP..."awww but.... that sounds boring!",you say. Well if you arereally anxious I would suggest you grab the tcpdump source andtake a look at the following methods ... :-) ether_if_print (print-ether.c) ip_print (print-ip.c) tcp_print (print-tcp.c) udp_print (print-udp.c)I've also foundthe sniffit source to be a great read.
Dev C Netinet In H
Beside specifying the port in addr, the server may include its IP address.However, it can just use the symbolic constant INADDR_ANY to indicate it will serve all requests to the specified port regardless of what its IP address is.This symbol, along with several similar ones, is declared in netinet/in.h 2ff7e9595c
Комментарии