Build ur TCP/IP packet #1

Trivi — Fri, 21 Aug 2020 19:14:16 +0000

Welcome to my first post! I'm really excited about this 🥳

I think it would be somewhat boring to talk about TCP/IP architecture bc there're already many posts about it and I doubt I can explain better. There are very good post about it on this site, so I come up with a somewhat different idea:
Build our own TCP/IP packages from 0 (or, almost from 0).

Building custom packages is nothing new, of course, there are already tools (Scrapy for example) for it, but I think it is interesting to do it from 0!

Ok, but... what for?

It has many uses, how for example ethical hacking (packet injections, etc.) or learning better about network architecture (is my goal in writing and sharing this).

This theme is actually part of an open-source project that I want to set up (apart from creating and injecting packages, it performs similar tasks to Wireshark and other networking software). U can find more info in my repository about it, although I must document it in English first 😅.

I've thought of dividing the article into several parts. In this, I'll write about how to build the TCP header:

The language we'll use is C bc it's beautiful. Is powerfull. Is veeeery cool.

Now, after this unpopular opinion, let's coding!

First, we'll declare the variables (and set values) for the source port, destination port, offset and flags. We can use decimal or hexadecimal (0x):

    int sourcePort = 80;
    int destinationPort = 3258;
    int offset = 5;
    int flags = 16

In general, offset will always be 5 (this value multiplied by 4 is the size in bytes of the header, 20 in most cases).
By setting the flags to 16 we are really inserting a 00010000. Remember, the flags are the last 6 bits of the byte.

We also have to declare the array of unsigned char (bytes) that will be the header. As we said, it will usually be 20 but we will use the value of the offset:

    unsigned char *packet = calloc((offset*4), sizeof(unsigned char*));

Ok, now, time to build the header! 🛠

As the port value can occupy 2 bytes, we will use the >> 8 operator to insert the first 8 bits in the first byte and & 0xFF to insert the last 8 bits:

    //Source port
    packet[0] = sourcePort >> 8;
    packet[1] = sourcePort & 0xFF;

    //Destination port
    packet[2] = destinationPort >> 8;
    packet[3] = destinationPort & 0xFF;

Sequence number and Acknowledgment number will be set to 0 for this example, but we wanted to place it, it would be done in a similar way:

    //Sequence number 
    packet[4] = 0x00;
    packet[5] = 0x00;
    packet[6] = 0x00;
    packet[7] = 0x00;

    //Acknowledgment number
    packet[8] = 0x00;
    packet[9] = 0x00;
    packet[10] = 0x00; 
    packet[11] = 0x00;

The offset only occupies the 4 bits and the next 6 bits are values reserved of the protocol (0 for default). The rest of bits of the this 2 bytes are the flags:

    //TCP Offset - Reserved - flags
    packet[12] = offset << 4;
    packet[13] = flags;

The next fields are also going to be 0:

    //Window Size Value
    packet[14] = 0x00;
    packet[15] = 0x00;

    // Cheksum
    packet[16] = 0x00;
    packet[17] = 0x00;

    //Urgent Pointer
    packet[18] = 0x00;
    packet[19] = 0x00;

And we would already have our TCP header!

In future articles I'll tell how to make the IP header, assemble it with it, add payload, inject it, share repositories and much more!

In this image you can see how our future injected packet intercepted by Wireshark has the header that we have declared:

I hope u liked it (at least, u found it curious). If u have any questions, suggestions or anything, I'll try to answer u!

Happy coding!

Trivi

Wireshark official web site.
TCP Header image from: gatevidyalay.com

DEV Community: Trivi

Build ur TCP/IP packet #1