DEV Community

loading...

Build ur TCP/IP packet #1

Trivi
Hi there πŸ‘‹ I'm Trivi! I'm a Network Computer Systems Administrator and Software Engineering Student.
・3 min read

Welcome to my first post! I'm really excited about this πŸ₯³

I think it would be somewhat boring to talk about TCP/IP architecture bc there're already many posts about it and I doubt I can explain better. There are very good post about it on this site, so I come up with a somewhat different idea:
Build our own TCP/IP packages from 0 (or, almost from 0).

Building custom packages is nothing new, of course, there are already tools (Scrapy for example) for it, but I think it is interesting to do it from 0!


whaaat

Ok, but... what for?

It has many uses, how for example ethical hacking (packet injections, etc.) or learning better about network architecture (is my goal in writing and sharing this).

This theme is actually part of an open-source project that I want to set up (apart from creating and injecting packages, it performs similar tasks to Wireshark and other networking software). U can find more info in my repository about it, although I must document it in English first πŸ˜….

I've thought of dividing the article into several parts. In this, I'll write about how to build the TCP header:

TCPheader

The language we'll use is C bc it's beautiful. Is powerfull. Is veeeery cool.

Now, after this unpopular opinion, let's coding!

First, we'll declare the variables (and set values) for the source port, destination port, offset and flags. We can use decimal or hexadecimal (0x):

    int sourcePort = 80;
    int destinationPort = 3258;
    int offset = 5;
    int flags = 16

In general, offset will always be 5 (this value multiplied by 4 is the size in bytes of the header, 20 in most cases).
By setting the flags to 16 we are really inserting a 00010000. Remember, the flags are the last 6 bits of the byte.

We also have to declare the array of unsigned char (bytes) that will be the header. As we said, it will usually be 20 but we will use the value of the offset:

    unsigned char *packet = calloc((offset*4), sizeof(unsigned char*));

Ok, now, time to build the header! πŸ› 

As the port value can occupy 2 bytes, we will use the >> 8 operator to insert the first 8 bits in the first byte and & 0xFF to insert the last 8 bits:

    //Source port
    packet[0] = sourcePort >> 8;
    packet[1] = sourcePort & 0xFF;

    //Destination port
    packet[2] = destinationPort >> 8;
    packet[3] = destinationPort & 0xFF;

Sequence number and Acknowledgment number will be set to 0 for this example, but we wanted to place it, it would be done in a similar way:

    //Sequence number 
    packet[4] = 0x00;
    packet[5] = 0x00;
    packet[6] = 0x00;
    packet[7] = 0x00;

    //Acknowledgment number
    packet[8] = 0x00;
    packet[9] = 0x00;
    packet[10] = 0x00; 
    packet[11] = 0x00; 

The offset only occupies the 4 bits and the next 6 bits are values reserved of the protocol (0 for default). The rest of bits of the this 2 bytes are the flags:

    //TCP Offset - Reserved - flags
    packet[12] = offset << 4;
    packet[13] = flags;

The next fields are also going to be 0:

    //Window Size Value
    packet[14] = 0x00;
    packet[15] = 0x00;

    // Cheksum
    packet[16] = 0x00;
    packet[17] = 0x00;

    //Urgent Pointer
    packet[18] = 0x00;
    packet[19] = 0x00;

And we would already have our TCP header!

In future articles I'll tell how to make the IP header, assemble it with it, add payload, inject it, share repositories and much more!

In this image you can see how our future injected packet intercepted by Wireshark has the header that we have declared:

wireshark


I hope u liked it (at least, u found it curious). If u have any questions, suggestions or anything, I'll try to answer u!

Happy coding!

thx

Trivi


Discussion (5)

Collapse
abdisalan_js profile image
Abdisalan

Just so I understand this part of the code

    //Source port
    packet[0] = sourcePort >> 8;
    packet[1] = sourcePort & 0xFF;

What the first line is doing is shifting the left half of the sourcePort to the right so that it fits into the 8bit packet. And the second line is erasing the left half of the sourcepPort so that the right half of the sourcePort fits in the second part of the packet. Is this right?

I also enjoyed the post! Really cool and help me learn something :)

Collapse
ctrivinoe profile image
Trivi Author

Exactly! There are several ways to do this step, finally I used this way to use both, bit shift and logic gate operation.
According to the example, for the port 80 (bits in green are the insert):

packet[0] = sourcePort >> 8;


packet[1] = sourcePort & 0xFF;

and, for the sourcePort 3258:
packet[2] = destinationPort >> 8;

packet[3] = destinationPort & 0xFF;

I hope I have clarified the insertion more, although you had deduced it well!

Thx for reading and commenting!

Collapse
ac000 profile image
Andrew Clayton

Of course this can be simplified somewhat by using the header structures that are already defined, e.g struct tcphdr in netinet/tcp.h, there are also headers defined for UDP, IPv4, IPv6, ethernet etc...

Simplified example, also note the use of htons(3) to take care of endianess...

#include <netinet/tcp.h>
#include <arpa/inet.h>

int main(void)
{
        struct tcphdr tcphdr = { 0 };

        /* source port */
        tcphdr.th_sport = htons(80);

        /* destination port */
        tcphdr.th_dport = htons(3258);

        /* etc ... see struct tcphdr in /usr/include/netinet/tcp.h */

        return 0;
}

Hopefully you'll agree that's cleaner, more readable and maintainable code...

Cheers,
Andrew

Thread Thread
ctrivinoe profile image
Trivi Author

Totally agree, my code was originally part of a university work and I thought to extend it to a didactic project to better understand the structure of the packages (at a lower level). I will continue to publish on the subject, so I would like you to review it when I do (you have much more knowledge than me (without doubts) on the subject, so I'm sure I learn from you πŸ˜‹).

Thx for reading and aport!

Collapse
abdisalan_js profile image
Abdisalan

Thanks for the deeper explanation!