Modify TTL of the packets

Home Forums Discussions Support Portal Modify TTL of the packets

This topic contains 13 replies, has 5 voices, and was last updated by  wise_guybg 10 years ago.

Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #5003

    aureliuh
    Participant

    Hi,

    I’am tring to modify ttl of the packets that have flag receive. I used the next code for this. The problem is that After I launch the app the net will be down.
    Could you please tell me where I am wrong?


    if (PacketBuffer.m_dwDeviceFlags == PACKET_FLAG_ON_SEND) {

    api.SendPacketToAdapter(&Request);

    }
    else {

    ip_hdr1->ip_ttl=255;

    RecalculateIPChecksum(ip_hdr1);
    api.SendPacketToMstcp(&Request);

    }

    Aureliu Han[/code]

    #5993

    Vadim Smirnov
    Moderator

    Hmm, I don’t see the problem but what is the sense to modify TTL in the incoming packet?

    You can download some code playing with TTL (and some other fields of the packet) from here http://www.xakep.ru/post/29448/safenat.zip I think it should be a good reference.

    #5994

    aureliuh
    Participant

    My problem is that the incoming packets have TTL=1 and beacause of this I can not get the packets behind a router.
    The only solution is to modify the packet’s ttl=5 so I can get the packets over the router

    #5995

    wise_guybg
    Participant

    Same here, at Sofia… I can’t use inet on my laptop brought from work. Simple Windows ICS from my desktop PC doesn’t work so I had to play with the NTKernel goodies. Really nice libs. Thanks guys.

    Let’s go to implementation:
    1. Start with the PassThru example
    2. Add some checks on the received packet
    3. ttl=5
    4. checksum=0
    5. checksum=RecalcChecksum(ipheader, ipheaderlen)

    I had the most problems on the checksum as different functions found on the net work with different params and it was hard to set it correctly. Now it works 🙂

    some delphi code:


    while not Terminated and (ReadPacket(hFilt, @ReadRequest) <> 0) do
    begin
    try
    pEtherHeader := TEtherHeaderPtr(@Buffer.m_IBuffer);
    // Check for IP protocol and OnReceive flag
    if ntohs(pEtherHeader.h_proto) = ETH_P_IP then
    begin
    pIPHeader := TIPHeaderPtr(Integer(pEtherHeader) +
    SizeOf(TEtherHeader));

    // Check if TTL causes problems
    if pIPHeader.TTL < = ERR_TTL then
    begin
    pIPHeader.TTL := NEW_TTL;
    pIPHeader.Checksum := 0;
    pIPHeader.Checksum := htons(
    Checksum(PWord(pIPHeader),
    (SizeOf(TIPHeader) - SizeOf(DWORD)) div 2));
    end;
    end;
    finally
    // Send the request down the line
    if Buffer.m_dwDeviceFlags = PACKET_FLAG_ON_SEND then
    // Place packet on the network interface
    SendPacketToAdapter(hFilt, @ReadRequest)
    else
    // Indicate packet to MSTCP
    SendPacketToMstcp(hFilt, @ReadRequest);
    end;
    end;
    end;
    #5996

    wise_guybg
    Participant

    The real reason to come here is that now that I have finished my app, I want to write an Article on how to use it, how it was created.

    I was thinking of the distribution cases. The most simple for me is to link to the WinpkFilter Framework download page and instruct users to install it and then put my exe in the bin folder.

    That will work but I was wondering if I can make a more integrated install process. My application is written in Delphi (source code will be open). It needs the ndisapi.dll It in his turn needs the driver installed. Is there a setup script to install only the driver, the ndisapi.dll and a executable of your choice. Sorry if I’m being impudent. These days I have spend some time on the problem and realize that it’s not a small thing to create a Framework like this. I appreciate that you allow distributing the Framework package and use it freely… but can someone again for non-commercial, educational use… have a simple redistributable with the dll, the driver, and an application?

    😕

    I have posted the important part of the application… the other stuff is simply GUI that will also be available as source

    #5997

    wise_guybg
    Participant

    I’m confused. I just return from the Price/Licensing page. From what I saw there, my last post is meaningless. I thought I can create my application and help others in the same position. As I can see it now, I can really only advise people to install the WinpkFilter Framework and then use my application. If I want something more, I should look for a license.

    For the WinpkFilter Helper Drivers Redistribution there is a price tag of 1495.00$ Guess this is the real price to pay since Microsoft didn’t do their part of the job 🙂

    Anyway, is it ok to have an Article on the subject we treat here with my Application as a solution and a link to the WinpkFilter run-time libraries that are presented on

    http://www.ntkernel.com/w&p.php?id=7

    or it is in violation of the license agreement?

    Hmm, I don’t see the case of and open source developer in your licensing plan 🙂 The 1495.00$ are too much since I only provide let’s say a sample application of the library for which I don’t want any money. 😕 bizarre

    #5998

    erwan
    Participant

    Hello,
    this is probably too simple and i did not have a chance ti test it but since starting with windows2k, we can use windows to act as a router and since we can force windows to set the ttl to outgoing packets, would this be a solution?

    registry keys are
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersdefaulttl
    and
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersipenablerouter.

    Regards,
    Erwan

    edit:
    i confirm that the defaultTTL will force the TTL on outgoing packet on a computer on a lan.
    dont know yet what the ttl will be once it has gone thru an ICS computer or windows router…

    #5999

    wise_guybg
    Participant

    Why change TTL:

    You want to use ICS and your ISP is sending you packets with TTL=1

    What can you do:

    Clients can output packets with TTL= 129, this way your ISP want notice that packets hop through a desktop PC with enabled ICS. So on the client machines set:
    HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters
    DefaulTTL = 129

    I don’t see any point in enabling IPEnableRouter. I don’t fully understand what it does but if it will do routing we don’t need it. ICS takes care of everything.

    Next thing we need is a way to change the incoming packets of the Desktop PC that shares connection. This is needed as when “routing” the packet to a client, it’ll decrease TTL and drop the packet if the “bad” ISP has sent a value of 1.

    This can be made with a little changes to the PassThru example of the Framework. I think the link that SerpentFly provided is also a good example of packet modification in the tunnel.

    #6000

    Vadim Smirnov
    Moderator

    Anyway, is it ok to have an Article on the subject we treat here with my Application as a solution and a link to the WinpkFilter run-time libraries that are presented on

    http://www.ntkernel.com/w&p.php?id=7

    or it is in violation of the license agreement?

    It is OK to do so. Good luck with your article and hope you will post a link to it here. If you are interested we can also publish it on this web-site.

    #6001

    wise_guybg
    Participant

    It was difficult searching the inet to find information on the topic.

    But it was really easy creating a solution with your framework.

    I’ll make sure to drop a link here when I’ve compiled my article.

    Thanks again 🙂

    #6002

    wise_guybg
    Participant

    Voila 😉

    I have made a draft of the article. It’s available at :

    http://kamburov.net/index.php?/content/view/17/26/

    Any comments are greatly appreciated…

    #6003

    why2jjj
    Participant

    Hi,

    I downloaded ndisapi for trial, along with http://www.xakep.ru/post/29448/safenat.zip. I am getting a linking error

    “fatal error LNK1104: cannot open file D:Program.obj”

    in Visual Studio 2005.

    anyone know what this means and how to fix it?

    #6004

    Vadim Smirnov
    Moderator

    “fatal error LNK1104: cannot open file D:Program.obj”

    Try to move project to the path without complex names (with spaces inside) like “D:Program Files…”.

    #6005

    wise_guybg
    Participant

    My article has been moved to the following url:
    http://www.kamburov.net/aleksandar/articles/attlfilter.html

Viewing 14 posts - 1 through 14 (of 14 total)

You must be logged in to reply to this topic.