Modify TTL of the packets

Home Forums Discussions Support Modify TTL of the packets

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #5003
    aureliuh
    Participant

      Hi,

      I’am tring to modify ttl of the packets that have flag receive. I used the next code for this. The problem is that After I launch the app the net will be down.
      Could you please tell me where I am wrong?


      if (PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_SEND) {

      api.SendPacketToAdapter(&Request);

      }
      else {

      ip_hdr1->ip_ttl=255;

      RecalculateIPChecksum(ip_hdr1);
      api.SendPacketToMstcp(&Request);

      }

      Aureliu Han[/code]

      #5993
      Vadim Smirnov
      Keymaster

        Hmm, I don’t see the problem but what is the sense to modify TTL in the incoming packet?

        You can download some code playing with TTL (and some other fields of the packet) from here http://www.xakep.ru/post/29448/safenat.zip I think it should be a good reference.

        #5994
        aureliuh
        Participant

          My problem is that the incoming packets have TTL=1 and beacause of this I can not get the packets behind a router.
          The only solution is to modify the packet’s ttl=5 so I can get the packets over the router

          #5995
          wise_guybg
          Participant

            Same here, at Sofia… I can’t use inet on my laptop brought from work. Simple Windows ICS from my desktop PC doesn’t work so I had to play with the NTKernel goodies. Really nice libs. Thanks guys.

            Let’s go to implementation:
            1. Start with the PassThru example
            2. Add some checks on the received packet
            3. ttl=5
            4. checksum=0
            5. checksum=RecalcChecksum(ipheader, ipheaderlen)

            I had the most problems on the checksum as different functions found on the net work with different params and it was hard to set it correctly. Now it works ๐Ÿ™‚

            some delphi code:


            while not Terminated and (ReadPacket(hFilt, @ReadRequest) <> 0) do
            begin
            try
            pEtherHeader := TEtherHeaderPtr(@Buffer.m_IBuffer);
            // Check for IP protocol and OnReceive flag
            if ntohs(pEtherHeader.h_proto) = ETH_P_IP then
            begin
            pIPHeader := TIPHeaderPtr(Integer(pEtherHeader) +
            SizeOf(TEtherHeader));

            // Check if TTL causes problems
            if pIPHeader.TTL <= ERR_TTL then
            begin
            pIPHeader.TTL := NEW_TTL;
            pIPHeader.Checksum := 0;
            pIPHeader.Checksum := htons(
            Checksum(PWord(pIPHeader),
            (SizeOf(TIPHeader) - SizeOf(DWORD)) div 2));
            end;
            end;
            finally
            // Send the request down the line
            if Buffer.m_dwDeviceFlags = PACKET_FLAG_ON_SEND then
            // Place packet on the network interface
            SendPacketToAdapter(hFilt, @ReadRequest)
            else
            // Indicate packet to MSTCP
            SendPacketToMstcp(hFilt, @ReadRequest);
            end;
            end;
            end;
            #5996
            wise_guybg
            Participant

              The real reason to come here is that now that I have finished my app, I want to write an Article on how to use it, how it was created.

              I was thinking of the distribution cases. The most simple for me is to link to the WinpkFilter Framework download page and instruct users to install it and then put my exe in the bin folder.

              That will work but I was wondering if I can make a more integrated install process. My application is written in Delphi (source code will be open). It needs the ndisapi.dll It in his turn needs the driver installed. Is there a setup script to install only the driver, the ndisapi.dll and a executable of your choice. Sorry if I’m being impudent. These days I have spend some time on the problem and realize that it’s not a small thing to create a Framework like this. I appreciate that you allow distributing the Framework package and use it freely… but can someone again for non-commercial, educational use… have a simple redistributable with the dll, the driver, and an application?

              ๐Ÿ˜•

              I have posted the important part of the application… the other stuff is simply GUI that will also be available as source

              #5997
              wise_guybg
              Participant

                I’m confused. I just return from the Price/Licensing page. From what I saw there, my last post is meaningless. I thought I can create my application and help others in the same position. As I can see it now, I can really only advise people to install the WinpkFilter Framework and then use my application. If I want something more, I should look for a license.

                For the WinpkFilter Helper Drivers Redistribution there is a price tag of 1495.00$ Guess this is the real price to pay since Microsoft didn’t do their part of the job ๐Ÿ™‚

                Anyway, is it ok to have an Article on the subject we treat here with my Application as a solution and a link to the WinpkFilter run-time libraries that are presented on

                http://www.ntkernel.com/w&p.php?id=7

                or it is in violation of the license agreement?

                Hmm, I don’t see the case of and open source developer in your licensing plan ๐Ÿ™‚ The 1495.00$ are too much since I only provide let’s say a sample application of the library for which I don’t want any money. ๐Ÿ˜• bizarre

                #5998
                erwan
                Participant

                  Hello,
                  this is probably too simple and i did not have a chance ti test it but since starting with windows2k, we can use windows to act as a router and since we can force windows to set the ttl to outgoing packets, would this be a solution?

                  registry keys are
                  HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersdefaulttl
                  and
                  HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersipenablerouter.

                  Regards,
                  Erwan

                  edit:
                  i confirm that the defaultTTL will force the TTL on outgoing packet on a computer on a lan.
                  dont know yet what the ttl will be once it has gone thru an ICS computer or windows router…

                  #5999
                  wise_guybg
                  Participant

                    Why change TTL:

                    You want to use ICS and your ISP is sending you packets with TTL=1

                    What can you do:

                    Clients can output packets with TTL= 129, this way your ISP want notice that packets hop through a desktop PC with enabled ICS. So on the client machines set:
                    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters
                    DefaulTTL = 129

                    I don’t see any point in enabling IPEnableRouter. I don’t fully understand what it does but if it will do routing we don’t need it. ICS takes care of everything.

                    Next thing we need is a way to change the incoming packets of the Desktop PC that shares connection. This is needed as when “routing” the packet to a client, it’ll decrease TTL and drop the packet if the “bad” ISP has sent a value of 1.

                    This can be made with a little changes to the PassThru example of the Framework. I think the link that SerpentFly provided is also a good example of packet modification in the tunnel.

                    #6000
                    Vadim Smirnov
                    Keymaster

                      Anyway, is it ok to have an Article on the subject we treat here with my Application as a solution and a link to the WinpkFilter run-time libraries that are presented on

                      http://www.ntkernel.com/w&p.php?id=7

                      or it is in violation of the license agreement?

                      It is OK to do so. Good luck with your article and hope you will post a link to it here. If you are interested we can also publish it on this web-site.

                      #6001
                      wise_guybg
                      Participant

                        It was difficult searching the inet to find information on the topic.

                        But it was really easy creating a solution with your framework.

                        I’ll make sure to drop a link here when I’ve compiled my article.

                        Thanks again ๐Ÿ™‚

                        #6002
                        wise_guybg
                        Participant

                          Voila ๐Ÿ˜‰

                          I have made a draft of the article. It’s available at :

                          http://kamburov.net/index.php?/content/view/17/26/

                          Any comments are greatly appreciated…

                          #6003
                          why2jjj
                          Participant

                            Hi,

                            I downloaded ndisapi for trial, along with http://www.xakep.ru/post/29448/safenat.zip. I am getting a linking error

                            “fatal error LNK1104: cannot open file D:Program.obj”

                            in Visual Studio 2005.

                            anyone know what this means and how to fix it?

                            #6004
                            Vadim Smirnov
                            Keymaster

                              “fatal error LNK1104: cannot open file D:Program.obj”

                              Try to move project to the path without complex names (with spaces inside) like “D:Program Files…”.

                              #6005
                              wise_guybg
                              Participant

                                My article has been moved to the following url:
                                http://www.kamburov.net/aleksandar/articles/attlfilter.html

                              Viewing 14 posts - 1 through 14 (of 14 total)
                              • You must be logged in to reply to this topic.