Home › Forums › Discussions › Support › Create New Ethernet Packet problem
- This topic has 11 replies, 3 voices, and was last updated 16 years, 10 months ago by Vadim Smirnov.
-
AuthorPosts
-
July 26, 2007 at 1:40 am #5116
Hi,
I am trying to create a new UDP packet and transmit it. But its not reaching the other side.
Following is my code… Can anyone help me where I am doing wrong?void SendUDP(char *szDestIP)
{
char* szData = "Testing";
int datalen = strlen(szData);
srand( (DWORD)time(NULL) + rand());
//Handle Ether Header
ether_header eth_header;
FillLocalMac(eth_header.h_source);
FillDestMac(eth_header.h_dest);
eth_header.h_proto = ETH_P_IP;
//Handle IP Header
iphdr iph;
iph.ip_v = 0x45;
iph.ip_tos = 0x00;
iph.ip_len = htons (sizeof(iphdr) + sizeof(udphdr) + datalen);
iph.ip_id = htons ((u_short)rand());
iph.ip_off = 0;
iph.ip_ttl = (char) 0x40;
iph.ip_p = IPPROTO_UDP;
iph.ip_src.s_addr = INADDR_ANY;
iph.ip_dst.s_addr = inet_addr(szDestIP);
iph.ip_sum = 0;
//Handle UDP Header
udphdr uh;
uh.th_sport = htons(2500);
uh.th_dport = htons(28682);
uh.length = htons ((u_short) (sizeof(udphdr)+datalen));
uh.th_sum = 0;
//Create the packet
int packetlen = sizeof(ether_header)+sizeof(iphdr)+sizeof(udphdr)+datalen;
char *packet = (char*) malloc(packetlen);
memcpy(packet,ð_header,sizeof(ether_header));
memcpy(packet+sizeof(ether_header),&iph,sizeof(iphdr));
memcpy(packet+sizeof(ether_header)+sizeof(iphdr),&uh,sizeof(udphdr));
memcpy(packet+sizeof(ether_header)+sizeof(iphdr)+sizeof(udphdr),szData,datalen);
//Create the Buffer
INTERMEDIATE_BUFFER newPacketBuffer;
ZeroMemory ( &newPacketBuffer, sizeof(INTERMEDIATE_BUFFER) );
memcpy(newPacketBuffer.m_IBuffer, packet, packetlen);
newPacketBuffer.m_Length = packetlen;
newPacketBuffer.m_dwDeviceFlags = PACKET_FLAG_ON_SEND;
ETH_REQUEST EthRequest;
//AdList is the adapter list object
//m_nAdapterIndex is the selected adapter index
EthRequest.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[m_nAdapterIndex];
EthRequest.EthPacket.Buffer = &newPacketBuffer;
RecalculateUDPChecksum(&newPacketBuffer);
RecalculateIPChecksum(&iph);
//api is the object of CNdisApi
if(api.SendPacketToAdapter(&EthRequest))// returning TRUE here
WriteToLog("Successfully sent Raw UDP");//I can see this
else
WriteToLog("Failed to send Raw UDP");
api.FlushAdapterPacketQueue(hEvent);
free(packet);
}Thank you.
Pavan.
July 26, 2007 at 10:27 am #6366But its not reaching the other side.
Can you see the packet going out with the sniffer installed on the local system?
July 27, 2007 at 1:28 am #6367No, I don’t see the packet that I am sending in local system.
July 27, 2007 at 12:28 pm #6368I can’t say what exactly may be wrong with your code, proofreading someones code is beyond support obligations, however here is the simple sample code which is confirmed to work:
/*************************************************************************/
/* Copyright (c) 2000-2007 NT Kernel Resources. */
/* All Rights Reserved. */
/* http://www.ntkernel.com */
/* ndisrd@ntkernel.com */
/* */
/* Module Name: sender.cpp */
/* */
/* Abstract: Defines the entry point for the console application */
/* */
/*************************************************************************/
// sender.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
TCP_AdapterList AdList;
DWORD iIndex;
CNdisApi api;
ETH_REQUEST Request;
INTERMEDIATE_BUFFER PacketBuffer;
HANDLE hEvent;
USHORT ntohs( USHORT netshort )
{
PUCHAR pBuffer;
USHORT nResult;
nResult = 0;
pBuffer = (PUCHAR )&netshort;
nResult = ( (pBuffer[ 0 ] << 8) & 0xFF00 )
| ( pBuffer[ 1 ] & 0x00FF );
return( nResult );
}
int main(int argc, char* argv[])
{
UINT counter = 0;
ether_header* pEthHeader = NULL;
if (argc < 3)
{
printf ("Command line syntax:ntsender.exe index numntindex - network interface index.ntnum - number or packets to sendntYou can use ListAdapters to determine correct index.n");
return 0;
}
iIndex = atoi(argv[1]) - 1;
counter = atoi(argv[2]);
if(!api.IsDriverLoaded())
{
printf ("Driver not installed on this system of failed to load.n");
return 0;
}
api.GetTcpipBoundAdaptersInfo ( &AdList );
if ( iIndex + 1 > AdList.m_nAdapterCount )
{
printf("There is no network interface with such index on this system.n");
return 0;
}
// Initialize Request
ZeroMemory ( &Request, sizeof(ETH_REQUEST) );
ZeroMemory ( &PacketBuffer, sizeof(INTERMEDIATE_BUFFER) );
Request.EthPacket.Buffer = &PacketBuffer;
Request.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[iIndex];
pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;
memcpy(&pEthHeader->h_source, AdList.m_czCurrentAddress[iIndex], ETH_ALEN);
memset(&pEthHeader->h_dest, 0xFF, ETH_ALEN);
pEthHeader->h_proto = ETH_P_IP;
Request.EthPacket.Buffer->m_Length = MAX_ETHER_FRAME;
while (counter--)
api.SendPacketToAdapter(&Request);
return 0;
}
This simple application sends over network the specified amount of Ethernet broadcast frames filled with zeros. It’s work can be easily seen with any network sniffer.
July 30, 2007 at 9:29 am #6369I can’t say what exactly may be wrong with your code, proofreading someones code is beyond support obligations, however here is the simple sample code which is confirmed to work:
Your sample code is working infact, I did the same test before I try to send UDP packet it works fine but when I try to send UDP/TCP its not going out.
I suspect I am doing something wrong in following line of code.iph.ip_len = htons (sizeof(iphdr) + sizeof(udphdr) + datalen);
Is it the correct way of calculating the IP Length?
Is there any chance of other sniffers can sniff the packet and WinPkFilter can’t sniff?
If so, I would like to know in what instance it may happen?Thank you.
Pavan.
July 31, 2007 at 11:05 pm #6370I can’t see any problem with your code and as you may have already noticed you can send ANY packet to the network even filled with all zeros.
There is also a chance that you have a firewall installed which intercepts and blocks your packet.
January 25, 2008 at 9:46 am #6371SerpentFly wrote:Hi,
If I use this code and trace it using packet sniffer it sends the packets. I am sending the packet to local PC itself. But in the sniffed packet I see Frame check sequence error. Will it create any problem. Can u please tell me why the error occurring ? And what I am missing here ?
Thanks in advanceJanuary 26, 2008 at 10:58 am #6372If I use this code and trace it using packet sniffer it sends the packets. I am sending the packet to local PC itself. But in the sniffed packet I see Frame check sequence error. Will it create any problem. Can u please tell me why the error occurring ? And what I am missing here ?
The code above initializes only Ethernet header and sets next protocol as IP without initializing the IP header. This may cause sniffers to show this packet as a bogus one.
February 7, 2008 at 4:19 pm #6373SerpentFly wrote:Quote:If I use this code and trace it using packet sniffer it sends the packets. I am sending the packet to local PC itself. But in the sniffed packet I see Frame check sequence error. Will it create any problem. Can u please tell me why the error occurring ? And what I am missing here ?The code above initializes only Ethernet header and sets next protocol as IP without initializing the IP header. This may cause sniffers to show this packet as a bogus one.
Can you please tell me how to set IP header. I tried to create one and send it to my own PC, I am able to sniff it but its not like a typical IP, TCP header packet. Instead it shows as Logical Link Control packet. Can winpkfilter be used to send packet as if it is coming from remote PC ( internet remote host like yahoo ? ) Please please help me out. I am in deep trouble …
February 11, 2008 at 8:25 pm #6374Can winpkfilter be used to send packet as if it is coming from remote PC ( internet remote host like yahoo ? )
Sure. The easiest way for you to start is take and parse the normally received packet (intercepted from the network). You can do it with one of the network sniffers (like Network Monitor or Ethereal). Then just build your own packet with WinpkFilter on the same way. Of course it requires some understanding of how TCP/IP works..
February 12, 2008 at 10:38 am #6375SerpentFly wrote:Quote:Can winpkfilter be used to send packet as if it is coming from remote PC ( internet remote host like yahoo ? )Sure. The easiest way for you to start is take and parse the normally received packet (intercepted from the network). You can do it with one of the network sniffers (like Network Monitor or Ethereal). Then just build your own packet with WinpkFilter on the same way. Of course it requires some understanding of how TCP/IP works..
Thanks for the reply serpertine, I am able to send the packet to local host it self. But its not TCP/IP packet. It becomes LLC packet. I want to send the packet to my PC itself but as if its coming from remote server with IP, TCP and Ether header. Can I do it using winpkfilter ? If yes how can I do that ?
February 14, 2008 at 7:24 pm #6376Can I do it using winpkfilter ? If yes how can I do that ?
You can. Just set IP/TCP headers as I have set Ethernet header in the sample above. The actual values of IP/TCP headers depend from the packet you intend to form.
pavankvnaidu posted a sample where he tries to initialize IP and UDP headers, you have to do the similar job.
-
AuthorPosts
- You must be logged in to reply to this topic.