Create New Ethernet Packet problem

Home Forums Discussions Support Portal Create New Ethernet Packet problem

This topic contains 11 replies, has 3 voices, and was last updated by  Vadim Smirnov 9 years, 8 months ago.

Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #5116

    pavankvnaidu
    Participant

    Hi,

    I am trying to create a new UDP packet and transmit it. But its not reaching the other side.
    Following is my code… Can anyone help me where I am doing wrong?

    void SendUDP(char *szDestIP)
    {
    char* szData = "Testing";
    int datalen = strlen(szData);
    srand( (DWORD)time(NULL) + rand());

    //Handle Ether Header
    ether_header eth_header;
    FillLocalMac(eth_header.h_source);
    FillDestMac(eth_header.h_dest);
    eth_header.h_proto = ETH_P_IP;

    //Handle IP Header
    iphdr iph;
    iph.ip_v = 0x45;
    iph.ip_tos = 0x00;
    iph.ip_len = htons (sizeof(iphdr) + sizeof(udphdr) + datalen);
    iph.ip_id = htons ((u_short)rand());
    iph.ip_off = 0;
    iph.ip_ttl = (char) 0x40;
    iph.ip_p = IPPROTO_UDP;
    iph.ip_src.s_addr = INADDR_ANY;
    iph.ip_dst.s_addr = inet_addr(szDestIP);
    iph.ip_sum = 0;

    //Handle UDP Header
    udphdr uh;
    uh.th_sport = htons(2500);
    uh.th_dport = htons(28682);
    uh.length = htons ((u_short) (sizeof(udphdr)+datalen));
    uh.th_sum = 0;

    //Create the packet
    int packetlen = sizeof(ether_header)+sizeof(iphdr)+sizeof(udphdr)+datalen;
    char *packet = (char*) malloc(packetlen);
    memcpy(packet,&eth_header,sizeof(ether_header));
    memcpy(packet+sizeof(ether_header),&iph,sizeof(iphdr));
    memcpy(packet+sizeof(ether_header)+sizeof(iphdr),&uh,sizeof(udphdr));
    memcpy(packet+sizeof(ether_header)+sizeof(iphdr)+sizeof(udphdr),szData,datalen);

    //Create the Buffer
    INTERMEDIATE_BUFFER newPacketBuffer;
    ZeroMemory ( &newPacketBuffer, sizeof(INTERMEDIATE_BUFFER) );
    memcpy(newPacketBuffer.m_IBuffer, packet, packetlen);
    newPacketBuffer.m_Length = packetlen;
    newPacketBuffer.m_dwDeviceFlags = PACKET_FLAG_ON_SEND;

    ETH_REQUEST EthRequest;
    //AdList is the adapter list object
    //m_nAdapterIndex is the selected adapter index
    EthRequest.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[m_nAdapterIndex];
    EthRequest.EthPacket.Buffer = &newPacketBuffer;
    RecalculateUDPChecksum(&newPacketBuffer);
    RecalculateIPChecksum(&iph);

    //api is the object of CNdisApi
    if(api.SendPacketToAdapter(&EthRequest))// returning TRUE here
    WriteToLog("Successfully sent Raw UDP");//I can see this
    else
    WriteToLog("Failed to send Raw UDP");
    api.FlushAdapterPacketQueue(hEvent);

    free(packet);

    }

    Thank you.

    Pavan.

    #6366

    Vadim Smirnov
    Moderator

    But its not reaching the other side.

    Can you see the packet going out with the sniffer installed on the local system?

    #6367

    pavankvnaidu
    Participant

    No, I don’t see the packet that I am sending in local system.

    #6368

    Vadim Smirnov
    Moderator

    I can’t say what exactly may be wrong with your code, proofreading someones code is beyond support obligations, however here is the simple sample code which is confirmed to work:


    /*************************************************************************/
    /* Copyright (c) 2000-2007 NT Kernel Resources. */
    /* All Rights Reserved. */
    /* http://www.ntkernel.com */
    /* ndisrd@ntkernel.com */
    /* */
    /* Module Name: sender.cpp */
    /* */
    /* Abstract: Defines the entry point for the console application */
    /* */
    /*************************************************************************/
    // sender.cpp : Defines the entry point for the console application.
    //

    #include "stdafx.h"
    TCP_AdapterList AdList;
    DWORD iIndex;
    CNdisApi api;
    ETH_REQUEST Request;
    INTERMEDIATE_BUFFER PacketBuffer;
    HANDLE hEvent;

    USHORT ntohs( USHORT netshort )
    {
    PUCHAR pBuffer;
    USHORT nResult;

    nResult = 0;
    pBuffer = (PUCHAR )&netshort;

    nResult = ( (pBuffer[ 0 ] < < 8) & 0xFF00 )
    | ( pBuffer[ 1 ] & 0x00FF );

    return( nResult );
    }

    int main(int argc, char* argv[])
    {
    UINT counter = 0;
    ether_header* pEthHeader = NULL;

    if (argc < 3)
    {
    printf ("Command line syntax:ntsender.exe index numntindex - network interface index.ntnum - number or packets to sendntYou can use ListAdapters to determine correct index.n");
    return 0;
    }

    iIndex = atoi(argv[1]) - 1;
    counter = atoi(argv[2]);

    if(!api.IsDriverLoaded())
    {
    printf ("Driver not installed on this system of failed to load.n");
    return 0;
    }

    api.GetTcpipBoundAdaptersInfo ( &AdList );

    if ( iIndex + 1 > AdList.m_nAdapterCount )
    {
    printf("There is no network interface with such index on this system.n");
    return 0;
    }

    // Initialize Request
    ZeroMemory ( &Request, sizeof(ETH_REQUEST) );
    ZeroMemory ( &PacketBuffer, sizeof(INTERMEDIATE_BUFFER) );
    Request.EthPacket.Buffer = &PacketBuffer;
    Request.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[iIndex];

    pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;

    memcpy(&pEthHeader->h_source, AdList.m_czCurrentAddress[iIndex], ETH_ALEN);
    memset(&pEthHeader->h_dest, 0xFF, ETH_ALEN);
    pEthHeader->h_proto = ETH_P_IP;
    Request.EthPacket.Buffer->m_Length = MAX_ETHER_FRAME;

    while (counter--)
    api.SendPacketToAdapter(&Request);

    return 0;
    }

    This simple application sends over network the specified amount of Ethernet broadcast frames filled with zeros. It’s work can be easily seen with any network sniffer.

    #6369

    pavankvnaidu
    Participant

    I can’t say what exactly may be wrong with your code, proofreading someones code is beyond support obligations, however here is the simple sample code which is confirmed to work:

    Your sample code is working infact, I did the same test before I try to send UDP packet it works fine but when I try to send UDP/TCP its not going out.
    I suspect I am doing something wrong in following line of code.

    iph.ip_len = htons (sizeof(iphdr) + sizeof(udphdr) + datalen); 

    Is it the correct way of calculating the IP Length?

    Is there any chance of other sniffers can sniff the packet and WinPkFilter can’t sniff?
    If so, I would like to know in what instance it may happen?

    Thank you.

    Pavan.

    #6370

    Vadim Smirnov
    Moderator

    I can’t see any problem with your code and as you may have already noticed you can send ANY packet to the network even filled with all zeros.

    There is also a chance that you have a firewall installed which intercepts and blocks your packet.

    #6371

    krishnabn
    Participant
    SerpentFly wrote:
    Hi,
    If I use this code and trace it using packet sniffer it sends the packets. I am sending the packet to local PC itself. But in the sniffed packet I see Frame check sequence error. Will it create any problem. Can u please tell me why the error occurring ? And what I am missing here ?
    Thanks in advance
    #6372

    Vadim Smirnov
    Moderator

    If I use this code and trace it using packet sniffer it sends the packets. I am sending the packet to local PC itself. But in the sniffed packet I see Frame check sequence error. Will it create any problem. Can u please tell me why the error occurring ? And what I am missing here ?

    The code above initializes only Ethernet header and sets next protocol as IP without initializing the IP header. This may cause sniffers to show this packet as a bogus one.

    #6373

    krishnabn
    Participant
    SerpentFly wrote:
    Quote:
    If I use this code and trace it using packet sniffer it sends the packets. I am sending the packet to local PC itself. But in the sniffed packet I see Frame check sequence error. Will it create any problem. Can u please tell me why the error occurring ? And what I am missing here ?

    The code above initializes only Ethernet header and sets next protocol as IP without initializing the IP header. This may cause sniffers to show this packet as a bogus one.

    Can you please tell me how to set IP header. I tried to create one and send it to my own PC, I am able to sniff it but its not like a typical IP, TCP header packet. Instead it shows as Logical Link Control packet. Can winpkfilter be used to send packet as if it is coming from remote PC ( internet remote host like yahoo ? ) Please please help me out. I am in deep trouble …

    #6374

    Vadim Smirnov
    Moderator

    Can winpkfilter be used to send packet as if it is coming from remote PC ( internet remote host like yahoo ? )

    Sure. The easiest way for you to start is take and parse the normally received packet (intercepted from the network). You can do it with one of the network sniffers (like Network Monitor or Ethereal). Then just build your own packet with WinpkFilter on the same way. Of course it requires some understanding of how TCP/IP works..

    #6375

    krishnabn
    Participant
    SerpentFly wrote:
    Quote:
    Can winpkfilter be used to send packet as if it is coming from remote PC ( internet remote host like yahoo ? )

    Sure. The easiest way for you to start is take and parse the normally received packet (intercepted from the network). You can do it with one of the network sniffers (like Network Monitor or Ethereal). Then just build your own packet with WinpkFilter on the same way. Of course it requires some understanding of how TCP/IP works..

    Thanks for the reply serpertine, I am able to send the packet to local host it self. But its not TCP/IP packet. It becomes LLC packet. I want to send the packet to my PC itself but as if its coming from remote server with IP, TCP and Ether header. Can I do it using winpkfilter ? If yes how can I do that ?

    #6376

    Vadim Smirnov
    Moderator

    Can I do it using winpkfilter ? If yes how can I do that ?

    You can. Just set IP/TCP headers as I have set Ethernet header in the sample above. The actual values of IP/TCP headers depend from the packet you intend to form.

    pavankvnaidu posted a sample where he tries to initialize IP and UDP headers, you have to do the similar job.

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.