NETWORKING - Hacking: The Art of Exploitation

Graphics Programs Reference

In-Depth Information

if(tcp_header->tcp_flags & TCP_URG)

printf("URG ");

printf(" }\n");

return header_size;

}

The decoding functions are passed a pointer to the start of the header,

which is typecast to the appropriate structure. This allows accessing various

fields of the header, but it's important to remember these values will be in

network byte order. This data is straight from the wire, so the byte order

needs to be converted for use on an x 86 processor.

reader@hacking:~/booksrc $ gcc -o decode_sniff decode_sniff.c -lpcap

reader@hacking:~/booksrc $ sudo ./decode_sniff

Sniffing on device eth0

==== Got a 75 byte packet ====

[[ Layer 2 :: Ethernet Header ]]

[ Source: 00:01:29:15:65:b6 Dest: 00:01:6c:eb:1d:50 Type: 8 ]

(( Layer 3 ::: IP Header ))

( Source: 192.168.42.1 Dest: 192.168.42.249 )

( Type: 6 ID: 7755 Length: 61 )

{ Src Port: 35602 Dest Port: 7890 }

{ Seq #: 2887045274 Ack #: 3843058889 }

{ Header Size: 32 Flags: PUSH ACK }

9 bytes of packet data

74 65 73 74 69 6e 67 0d 0a | testing..

==== Got a 66 byte packet ====

[[ Layer 2 :: Ethernet Header ]]

[ Source: 00:01:6c:eb:1d:50 Dest: 00:01:29:15:65:b6 Type: 8 ]

(( Layer 3 ::: IP Header ))

( Source: 192.168.42.249 Dest: 192.168.42.1 )

( Type: 6 ID: 15678 Length: 52 )

{ Src Port: 7890 Dest Port: 35602 }

{ Seq #: 3843058889 Ack #: 2887045283 }

{ Header Size: 32 Flags: ACK }

No Packet Data

==== Got a 82 byte packet ====

[[ Layer 2 :: Ethernet Header ]]

[ Source: 00:01:29:15:65:b6 Dest: 00:01:6c:eb:1d:50 Type: 8 ]

(( Layer 3 ::: IP Header ))

( Source: 192.168.42.1 Dest: 192.168.42.249 )

( Type: 6 ID: 7756 Length: 68 )

{ Src Port: 35602 Dest Port: 7890 }

{ Seq #: 2887045283 Ack #: 3843058889 }

{ Header Size: 32 Flags: PUSH ACK }

16 bytes of packet data

74 68 69 73 20 69 73 20 61 20 74 65 73 74 0d 0a | this is a test..

r eader@hacking:~/booksrc $

Hacking: The Art of Exploitation

Search WWH ::

Custom Search

Home