Graphics Programs Reference
In-Depth Information
05 a8 2b 3f 00 00 01 01 08 0a 02 47 27 6c 26 b6 | ..+?.......G'l&.
a7 76 | .v
Got a 84 byte packet
00 01 6c eb 1d 50 00 01 29 15 65 b6 08 00 45 10 | ..l..P..).e...E.
00 46 1e 3a 40 00 40 06 46 1d c0 a8 2a 01 c0 a8 | .F.:@.@.F...*...
2a f9 8b 12 1e d2 ac 14 cf d7 e5 10 6c c9 80 18 | *...........l...
05 b4 11 b3 00 00 01 01 08 0a 26 b6 a9 c8 02 47 | ..........&....G
27 6c 41 41 41 41 41 41 41 41 41 41 41 41 41 41 | 'lAAAAAAAAAAAAAA
41 41 0d 0a | AA..
reader@hacking:~/booksrc $
Notice that there are many bytes preceding the sample text in the packet
and many of these bytes are similar. Since these are raw packet captures, most
of these bytes are layers of header information for Ethernet, IP, and TCP.
0x443
Decoding the Layers
In our packet captures, the outermost layer is Ethernet, which is also the
lowest visible layer. This layer is used to send data between Ethernet end-
points with MAC addresses. The header for this layer contains the source
MAC address, the destination MAC address, and a 16-bit value that describes
the type of Ethernet packet. On Linux, the structure for this header is defined
in /usr/include/linux/if_ethernet.h and the structures for the IP header and
TCP header are located in /usr/include/netinet/ip.h and /usr/include/
netinet/tcp.h, respectively. The source code for tcpdump also has structures
for these headers, or we could just create our own header structures based
on the RFCs. A better understanding can be gained from writing our own
structures, so let's use the structure definitions as guidance to create our
own packet header structures to include in hacking-network.h.
First, let's look at the existing definition of the Ethernet header.
From /usr/include/if_ether.h
#define ETH_ALEN 6 /* Octets in one ethernet addr */
#define ETH_HLEN 14 /* Total octets in header */
/*
* This is an Ethernet frame header.
*/
struct ethhdr {
unsigned char h_dest[ETH_ALEN]; /* Destination eth addr */
unsigned char h_source[ETH_ALEN]; /* Source ether addr */
__be16 h_proto; /* Packet type ID field */
}
__attribute__((packed));
This structure contains the three elements of an Ethernet header. The
variable declaration of
__be16
turns out to be a type definition for a 16-bit
unsigned short integer. This can be determined by recursively grepping for
the type definition in the include files.
