Introduction
Usage
makeip
maketcp
makeudp
makearp
makeeth
sendpacket
senteth
option file format
Acknowledgements
Sources
Known Problems
This Application Note gives a brief but accurate description on how to generate custom Ethernet packets. It has been assumed that the reader has prior knowledge regarding Ethernet packets and their structure. Thus, background information has been omitted.
A shareware program called Spak v0.6b will aid in the packet generation. Send PacKet (Spak) is a collection of executables that can be used to create and send a packet over a network. The following modules are included in version 0.6b:
1. makeip - Make an IP packet
2. maketcp - Make a TCP packet
3. makeudp - Make a UDP packet
4. makearp - Make an ARP/RARP packet
5. madeeth - Make an Ethernet frame
6. sendpacket - Send a packet to a socket
7. sendeth - Send an Ethernet frame
The individual programs included with Spak are most efficiently used when called from a shell script. That is, they can be used to create an large number of valid or invalid packets and send them to a network.
To create a TCP/IP packet, one would first use the maketcp program to create a TCP packet containing header information and data, (if any). This packet would be used as input to the makeip program. After makeip is run, a complete IP packet containing the TCP packet would be generated and the sendpacket program would be called with the output of the makeip program as input to send the newly created packet to a socket.
Step 1 (data file)
Step 2 (maketcp)
Step 3 (makeip)
Step 4 (sendpacket)
The makeip program generates an IP packet. Makeip must be supplied with a source and destination address for the packet. Additional arguments may be specified in order to create more specific packets. The usage of the makeip program is as follows:
|
<src> |
The source address for the packet. This may either be a numerical address in the form xxx.xxx.xxx.xxx where the x's are a valid IP number, (e.g. 192.168.2.1), or a valid word address which can be resolved to an IP number, (e.g. lore.cs.purdue.edu). |
|
|
<dest> |
The destination address for the packet and can be in the same forms as the <src> argument. |
|
|
[optional_arguments] |
This field can be ignored or used by the following: |
|
|
[-c <hdr_cksum>] |
Set the header checksum to <hdr_cksum>. |
|
|
[-fo <frag_offset>] |
Set the fragment offset to <fragment_offset>. |
|
|
[-h] |
Print help message. |
|
|
[-hl <hdr_len>] |
Set the header length to <hdr_len>. |
|
|
[-i <input_file>] |
Read the packet data from the file <input_file>. If <input_file> is -, the data will be read from stdin. |
|
|
[-id <id>] |
Set the packet ID to <id>. |
|
|
[-o <output_file>] |
Send the output to the file <output_file>. If this argument is not given, the packet will be written to stdout. |
|
|
[-of <opt_file>] |
Set the options listed in <opt_file>, (not quite working). |
|
|
[-p <protocol>] |
Set the protocol to <protocol>, (number). |
|
|
[-pr <priority>] |
Set the priority to <priority>. |
|
|
[-tl <total_len>] |
Set the total packet length. |
|
|
[-ttl <time>] |
Set time to live to <time> |
|
|
[-s6] |
Set the 6th bit in the type of service field. |
|
|
[-s7] |
Set the 7th bit in the type of service field. |
|
|
[-sd] |
Set the "low delay" bit. |
|
|
[-sf] |
Set the first bit in the flag field. |
|
|
[-sdf] |
Set the "don't fragment" bit. |
|
|
[-smf] |
Set the "more fragments" bit. |
|
|
[-sr] |
Set the "high reliability" bit. |
|
|
[-st] |
Set the "high throughput" bit. |
|
|
[-vr <version>] |
Set the IP version to <version>. |
|
|
[-v] |
Turn on verbose mode, (print packet data). |
|
The -i argument is especially important because it allows you to attach an IP header, (which makeip generates), to a packet that was created by another program such as maketcp.
For more information about the various header settings, read the RFC 791 which can be found at ftp://ds.internic.net/rfc/rfc791.txt.
The maketcp program generates an TCP packet. Maketcp must be supplied with a source and destination address for the packet, and source and destination ports for the packet. Additional options may be specified. The usage of the maketcp program is as follows:
|
<src> |
The source address for the packet. This may either be a numerical address in the form xxx.xxx.xxx.xxx where the x's are a valid IP number, (e.g. 192.168.2.1), or a valid word address which can be resolved to an IP number, (e.g. lore.cs.purdue.edu). |
|
|
<dest> |
The destination address for the packet and can be in the same forms as the <src> argument. |
|
|
<src_port> |
Specifies the source port. This argument may be a number or word, (e.g. ftp for port 21). |
|
|
<dest port> |
Specifies the destination port. This argument may be a number or word, (e.g. ftp for port 21). |
|
|
[optional_arguments] |
This field can be ignored or used by the following: |
|
|
[-c <hdr_cksum>] |
Set the header checksum to <hdr_cksum>. |
|
|
[-fo <frag_offset>] |
Set the fragment offset to <fragment_offset>. |
|
|
[-h] |
Print help message. |
|
|
[-hl <hdr_len>] |
Set the header length to <hdr_len>. |
|
|
[-i <input_file>] |
Read the packet data from the file <input_file>. If <input_file> is -, the data will be read from stdin. |
|
|
[-a] |
Set the acknowledge number to <ack_num>. Default: random |
|
|
[-do] |
Set the data offset to <offset>. Default: 0 |
|
|
[-h] |
Print help message. |
|
|
[-c <hdr_cksum>] |
Set the header checksum to <hdr_cksum>. Default: correct value |
|
|
[-i <input_file>] |
Read the packet data from the file <input_file>. If <input_file> is -, the data will be read from stdin. |
|
|
[-o <output_file>] |
Send the output to <output_file>. If this argument is not given, the output will be sent to stdout. |
|
|
[-r1 - -r6] |
Set reserved bits, (-r5 sets bit 5). Default: not set |
|
|
[-s] |
Set the sequence number to <seq_num>. Default: random |
|
|
[-sa] |
Set the ACK bit. Default: not set |
|
|
[-sf] |
Set the FIN bit. Default: not set |
|
|
[-sp] |
Set the PSH bit. Default: not set |
|
|
[-sr] |
Set the RST bit. Default: not set |
|
|
[-ss] |
Set the SYN bit. Default: not set |
|
|
[-su] |
Set the URG bit. Default: not set |
|
|
[-uo <offset>] |
Set the urgent offset to <offset>. Default: 0 |
|
|
[-v] |
Turn on verbose mode, (print packet data). |
|
|
[-w <win_size>] |
Set the window size to <win_size>. Default: 512 |
|
For more information about the various header settings, read the RFC 791 which can be found at ftp://ds.internic.net/rfc/rfc791.txt.
The makeudp program generates a UDP packet. The destination packet for the packet must be supplied. Additional specifications may also be supplied. The usage of the makeudp program is as follows:
|
<d_port> |
The destination port for the packet. This argument may either be a number or word, (e.g. ftp for port 21). |
|
|
[optional_arguments] |
This field can be ignored or used by the following: |
|
|
[-c <hdr_chksum>] |
Set the header checksum to <hdr_cksum>. Default: Correct value if [-ps] and [-pd] are specified, otherwise 0. |
|
|
[-h ] |
Print help message. |
|
|
[-i <input_file>] |
Read the packet data from the file <input_file>. If <input_file> is -, stdin will be used. |
|
|
[-l] |
Set the header length to <length>. Default: correct value |
|
|
[-o <output_file>] |
Print the packet data to <output_file>. Default: stdout |
|
|
[-pd <destination>] |
Set the pseudo-header destination address to <destination> (numerical or word form). |
|
|
[-pl <length>] |
Set the length of the header as stored in the pseudo-header to <length>. Default: correct value |
|
|
[-pp <protocol>] |
Set the protocol as stored in the pseudo-header to <protocol>. Default: 1 |
|
|
[-ps <source>] |
Set the source address of the packet as stored in the pseudo-to <source>. |
|
|
[-pz <value>] |
Set the value of the 8-bit 0 padding in the pseudo-header to <value>. Defalt: 0 |
|
|
[-s <src_port>] |
Set the source port to <src_port>. Default: 0 |
|
|
[-v] |
Turn on verbose mode, (print packet data). |
|
For more information about the various header settings, read the RFC 791 which can be found at ftp://ds.internic.net/rfc/rfc791.txt.
The makearp program generates an ARP packet. Several options must be supplied to create a packet corresponding to specifications. The usage of the makearp program is as follows:
|
[optional_arguments] |
This field can be ignored or used by the following: |
|
|
[-h ] |
Print help message. |
|
|
[-hl <len>] |
Set the length of the hardware address to <len>. If not specified, this defaults to the correct value. |
|
|
[-ht <hardware_type>] |
Set the hardware type to <hardware_type>. Currently, the only type supported by Spak is 802.3 frames, (which is a hardware type of 1). |
|
|
[-pl] |
Set the length of protocol address. If not specified, those defaults to the correct value. |
|
|
[-pt <protocol_type>] |
Set the protocol type to <protocol_type>. Currently, the only type supported by Spak is IP, (which is a protocol type of 2048). |
|
|
[-o <output_file>] |
Print the packet data to <output_file>. If this is not specified, the packet will be printed to the screen (STDOUT). |
|
|
[-op <operation>] |
Set the operation to <operation>. Valid options are 1 for an ARP request, 2 for an ARP reply, 3 for a RARP request, and 4 for a RARP reply. |
|
|
[-v] |
Turn on verbose mode, (print packet data). |
|
|
[-dm <dest_mac>] |
Set the destination MAC address of the frame to <dest_mac>. The <dest_mac> argument takes the form a:b:c:d:e:f where a through f are two digit hexadecimal numbers. |
|
[-sm <src_mac>] |
Set the source MAC address of the frame to <src_mac>. The <src_mac> argument takes the form a:b:c:d:e:f where a through f are two digit hexadecimal numbers. |
|
[-di <dimensions>] |
Set the destination IP address to <destination>. The <destination> argument should be a valid IP number or host name. |
|
[-si <source>] |
Set the source IP address to <source>. The <source> argument should be a valid IP number or host name. |
The makeeth program generates an Ethernet frame. Several options must be supplied to create a frame matching the specifications. The usage of the makeeth program is as follows:
|
[optional_argu ments] |
This field must contain some of the following options: |
|
|
[-d <dest_mac>] |
Set the destination MAC address of the frame to <dest_mac>. The <dest_mac> argument takes the form a:b:c:d:e:f where a through f are two digit hexadecimal numbers. |
|
|
[-i <input_file>] |
Read the frame data from the file <input_file>. If <input_file> is -, then stdin is used. |
|
|
[-o <out_file>] |
Write the frame data to <out_file>. |
|
|
[-s <src_mac>] |
Set the source MAC address of the frame to <src_mac>. The <src_mac> argument takes the form a:b:c:d:e:f where a through f are two digit hexadecimal numbers. If <src_mac> is -, then the source MAC address is guessed by the program. |
|
|
[-t <ether_type>] |
Set the protocol of the frame data to <ether_type>. The <ether_type> argument should be a hexidecimal number. |
|
|
[<-v>] |
Turn on verbose mode, (print frame data). |
|
The sendpacket program reads a packet from a file and sends it to a socket. The destination address of the packet and the file from which the packet is read must be given. The usage of the sendpacket program is as follows:
|
<dest> |
The destination address for the packet. This may either be a numerical address in the form xxx.xxx.xxx.xxx where the x's are a valid IP number, (e.g. 192.168.2.1), or a valid word address which can be resolved to an IP number, (e.g. lore.cs.purdue.edu). |
|
[input_file] |
The file which contains the data to send. If this is not given, data is read from stdin. |
The sendeth program reads a frame from a file and sends it to a socket. The usage of the sendpacket program is as follows:
|
[optional_arguments] |
This field may be ignored or used by the following: |
|
|
[-d <device>] |
Sets the device through which to send data out to <device>. |
|
|
[-i <input_file>] |
Read the frame data from the file <input_file>. If <input_file> is -, or this argument is not given, stdin is used. |
|
|
[-v] |
Verbose output. |
|
|
[-vv] |
Very verbose output, (packet data is printed if possible). |
|
The option file is used by makeip and maketcp to add options to the headers. The format of this file is a series of 8-bit decimal numbers in ASCII format separated by white space. Comments can appear anywhere in the file and are denoted by the # character. As soon as a # character is found, the rest of the line is ignored. The option data MUST be in network byte order. If AUTO_OPT_PAD is set in config.h, then the options will automatically be padded so they end on a 32-bit boundary. For example, to set the MTU on a TCP packet to 1460, your options file would contain the following line:
Spak v0.6b was written by Karyl F. Stein. It can be downloaded from http://www.xenos.net/~xenon/software/spak/index.html.
Further information regarding Ethernet protocol, and Ethernet packets can be found at the following resources:
|
Comer, Douglas E., "Internetworking with TCP/IP," Prentice Hall, Englewood Cliffs, New Jersey, 1995. |
|
|
|
|
|
|
|
|
Claerhout, Brecht, "A short overview of IP spoofing: PART I." Available Online: http://main.succeed.net/~coder/spoofit/spoofit.html |
The following bugs are known to exist in this version 0.6b of Spak:
The sendeth program does NOT work under BSDI, FreeBSD, SunOS, etc. systems.
The setting of destination MAC and IP addresses, if not given, (i.e. the program is supposed to "guess" a correct value), is not fully implemented and does NOT work.
There are some missing header declarations in Linux libc pre 5.4.33 which will give errors during compilation.