Forum Replies Created
-
Posts
-
Hi SerpentFly,
thanks.
A small clarification: I’m not talking about fragmentation between TCP and IP packets (which is very seldom as you state above). I’m talking about fragmentation of TCP/IP packets into ethernet packets in my last post.
I’ll get that book.
All the best,
MichaelHi SerpentFly,
@SerpentFly wrote:
payload Correct for TCP packet, for UDP an example it would be
payload and so on…
I see. But this still means that I have to do the following actions if I want to modify the contents of a TCP/IP packet:
1) Buffer the payload of all ethernet packets which belong to the same TCP/IP packet, i.e., which have the same TCP sequence number.
2) Modify this buffer (which now contains the TCP/IP payload) according to the needs of my application.
3) Recalculate the TCP and IP checksum of the modified buffer.
4) Refragment the buffer into ethernet packets (size of 1500 bytes).
5) Attach the ethernet header to each of these packets.
6) Attach the modified (checksums, length) TCP/IP header to each of these packets.
Is this – in principle – accomplishable using the WinpkFilter framework or should I look for another solution (which?)?
Many thanks,
MichaelHi SerpentFly
@SerpentFly wrote:
Well, yes, IP packet can be fragmented and you may have to gather all fragments before processing the packet. However, fragmented IP packets are rather rare in modern networks, also these packets are recommended to be blocked by firewalls. Basically, I don’t think you will ever meet fragmented TCP packet, but it is still possible to generate fragmented ICMP or UDP packets.
Many thanks. I’m downloading content from one node in my LAN to another node and my experimentation with WinpkFilter showed me that there are many ethernet headers for each IP header. From this I (wrongly) concluded that each IP packet consists of many ethernet frames with the IP header appearing only in the first of these ethernet frames.
I’ve now read some of the relevant literature and I think this was a misconception. Actually, each ethernet frame also includes the IP header and consequently the TCP header, i.e., each ethernet packet looks like this:
payload Is this ethernet checksum (http://folk.uio.no/od/tcp-ip-intro/subsection3_2_3.html) something which I need to care about (in addition to the length / checksum fields in the other headers)? Or is this computed automatically?
This definitely makes my life easier … I think 😉
Many thanks,
Michael
