In the example shown the IP packet is encapsulated in a PPP frame including the flag sequence (7E), address (FF 03), protocol (00 21) and FCS (0B 81). In turn, the IP packet encapsulates a UDP message.
Example:7E FF 03 00 21 45 00 00 40 00 01 00 00 3C 11 E0 31 CE D9 8F 1F C7 B6 78 CB 04 63 00 35 00 2C AB DA 00 01 01 00 00 01 00 00 00 00 00 00 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 0B 81 7E
Start 7E
Address FF 03
SEP 00 21
IP Header 45 00 00 40 00 01 00 00 3C 11 E0 31 CE D9 8F 1F C7 B6 78 CB
Data 04 89 00 35 00 2C AB B4 00 01 01 00 00 01 00 00 00 00 00 00 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01
FCS 0B 81
Stop 7E
IP Header
VER=4 IHL=5 TOS=0 TOL=64 ID=1 FLG=00 FRO=00 TTL=60 PRO=17 IP_SUM=E031 SRC=206.217.143.31. DEST=199.182.120.203. OPT=00000000
Monday, January 18, 2010
TCP/IP Packet Example
7E 21 45 00 00 4B 57 49 40 00 FA 06 85 77 C7 B6 78 0E CE D6 95 50 00 6E 04 9F 74 5B EE A2 59 9A 00 0E 50 18 24 00 E3 2A 00 00 2B 4F 4B 20 50 61 73 73 77 6F 72 64 20 72 65 71 75 69 72 65 64 20 66 6F 72 20 61 6C 65 78 75 72 2E 0D 0A 67 B2 7E
Start 7E
SEP 21
IP Header
45 00 00 4B 57 49 40 00 FA 06 85 77 C7 B6 78 0E CE D6 95 50
TCP Header 00 6E 04 9F 74 5B EE A2 59 9A 00 0E 50 18 24 00 E3 2A 00 00
Data 2B 4F 4B 20 50 61 73 73 77 6F 72 64 20 72 65 71 75 69 72 65 64 20 66 6F 72 20 61 6C 65 78 75 72 2E 0D 0A
FCS 67 B2
Stop 7E
TCP Header:
SRC_PORT=110
DEST_PORT=1183
EQ=745BEEA2
ACK=599A000E
DTO=5
FLG=18
WIND=9216
TCP_SUM=E32A
URP=0000 (No Options)
Data:+OK Password required for alexur\r\n
Control Flags
(FLG=18):FLG=00011000
Urgent Pointer URG=0
Acknowledgment ACK=1
Push Function PSH=1
Reset connection RST=0
Synchronization SYN=0
Finished data FIN=0
State = ACK-PSH
Start 7E
SEP 21
IP Header
45 00 00 4B 57 49 40 00 FA 06 85 77 C7 B6 78 0E CE D6 95 50
TCP Header 00 6E 04 9F 74 5B EE A2 59 9A 00 0E 50 18 24 00 E3 2A 00 00
Data 2B 4F 4B 20 50 61 73 73 77 6F 72 64 20 72 65 71 75 69 72 65 64 20 66 6F 72 20 61 6C 65 78 75 72 2E 0D 0A
FCS 67 B2
Stop 7E
TCP Header:
SRC_PORT=110
DEST_PORT=1183
EQ=745BEEA2
ACK=599A000E
DTO=5
FLG=18
WIND=9216
TCP_SUM=E32A
URP=0000 (No Options)
Data:+OK Password required for alexur\r\n
Control Flags
(FLG=18):FLG=00011000
Urgent Pointer URG=0
Acknowledgment ACK=1
Push Function PSH=1
Reset connection RST=0
Synchronization SYN=0
Finished data FIN=0
State = ACK-PSH
DNS MESSAGE EXAMPLE
SEND
7E FF 03 00 21 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D 00 35 00 2C 0D 54 00 02 01 00 00 01 00 00 00 00 00 00 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 C7 00 7E
Start 7E
Address FF 03
SEP 00 21
IP Header 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D
UDP Header 00 35 00 2C 0D 54
DNS Header 00 02 01 00 00 01 00 00 00 00 00 00
DNS Message 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01
FCS C7 00
Stop 7E
IP Header
VER=4 IHL=5 TOS=0 TOL=64 ID=2 FLG=00 FRO=00 TTL=60 PRO=17 IP_SUM=E030 SRC=206.217.143.31. DEST=199.182.120.203. OPT=00000000
UDP Header
SRC_PORT=046D
DEST_PORT=0035
UDP_LEN=002C
UDP_SUM=0D54
DNS Header
ID=2 QR=0 OPCODE=0 AA = 0 TC=0 RD = 1 RA=0 Z =0 RCCODE=0 QDCOUNT=1 ANCOUNT=0 NSCOUNT=0 ARCOUNT=0
DNS Message
QNAME=04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 QTYPE=0001 QCLASS=0001
Client sends a UDP/IP packet with a DNS question (QR=0) as a standard query (OPCODE=0) with one entry (QDCOUNT=1). It does not include any resource in neither one of the answer, authority or additional records (ANCOUNT=0 NSCOUNT=0 ARCOUNT=0). The QNAME specifies the domain name of the resource the client is searching for (QNAME = popd.ix.netcom.com.). Note that the periods in the domain name are replaced by the length of the name that follows. The type and class of resource the client is searching for are QTYPE=1 (Host Address), QCLASS=1 (Internet).
7E FF 03 00 21 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D 00 35 00 2C 0D 54 00 02 01 00 00 01 00 00 00 00 00 00 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 C7 00 7E
Start 7E
Address FF 03
SEP 00 21
IP Header 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D
UDP Header 00 35 00 2C 0D 54
DNS Header 00 02 01 00 00 01 00 00 00 00 00 00
DNS Message 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01
FCS C7 00
Stop 7E
IP Header
VER=4 IHL=5 TOS=0 TOL=64 ID=2 FLG=00 FRO=00 TTL=60 PRO=17 IP_SUM=E030 SRC=206.217.143.31. DEST=199.182.120.203. OPT=00000000
UDP Header
SRC_PORT=046D
DEST_PORT=0035
UDP_LEN=002C
UDP_SUM=0D54
DNS Header
ID=2 QR=0 OPCODE=0 AA = 0 TC=0 RD = 1 RA=0 Z =0 RCCODE=0 QDCOUNT=1 ANCOUNT=0 NSCOUNT=0 ARCOUNT=0
DNS Message
QNAME=04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 QTYPE=0001 QCLASS=0001
Client sends a UDP/IP packet with a DNS question (QR=0) as a standard query (OPCODE=0) with one entry (QDCOUNT=1). It does not include any resource in neither one of the answer, authority or additional records (ANCOUNT=0 NSCOUNT=0 ARCOUNT=0). The QNAME specifies the domain name of the resource the client is searching for (QNAME = popd.ix.netcom.com.). Note that the periods in the domain name are replaced by the length of the name that follows. The type and class of resource the client is searching for are QTYPE=1 (Host Address), QCLASS=1 (Internet).
Monday, January 11, 2010
scriptaki που έγραψα για διαχείριση arp tables
@echo off
arp -a > list_of_arp_entries.txt
for /F "skip=3 tokens=1-3* delims= " %%i in (list_of_arp_entries.txt) do @echo %%i%%j%%k
pause
for /F "skip=3 tokens=1-3* delims= " %%i in (list_of_arp_entries.txt) do set str=%%i%%j %%k
set str=%str:dynamic=static%
@echo %str%>>list.txt
type list.txt
παίρνει το list_of_arp_entries.txt με περιεχόμενο π.χ
Interface: 192.168.1.2 --- 0x2
Internet Address Physical Address Type
192.168.1.1 00-23-48-79-4a-19 dynamic
και το μετατρέπει σε
192.168.1.1 00-23-48-79-4a-19 dynamic
έπειτα αλλάζει το dynamic σε static
και ταυτόχρονα το προσαρτεί στο αρχείο list.txt .
τέλος εμφανίζει τα περιεχόμενα του αρχείου list.
Με κατάλληλη χρήση της εντολής arp και του αρχείου list.txt μπορώ να αλλάξω τον arp table
σε ενα νεο script
arp -a > list_of_arp_entries.txt
for /F "skip=3 tokens=1-3* delims= " %%i in (list_of_arp_entries.txt) do @echo %%i%%j%%k
pause
for /F "skip=3 tokens=1-3* delims= " %%i in (list_of_arp_entries.txt) do set str=%%i%%j %%k
set str=%str:dynamic=static%
@echo %str%>>list.txt
type list.txt
παίρνει το list_of_arp_entries.txt με περιεχόμενο π.χ
Interface: 192.168.1.2 --- 0x2
Internet Address Physical Address Type
192.168.1.1 00-23-48-79-4a-19 dynamic
και το μετατρέπει σε
192.168.1.1 00-23-48-79-4a-19 dynamic
έπειτα αλλάζει το dynamic σε static
και ταυτόχρονα το προσαρτεί στο αρχείο list.txt .
τέλος εμφανίζει τα περιεχόμενα του αρχείου list.
Με κατάλληλη χρήση της εντολής arp και του αρχείου list.txt μπορώ να αλλάξω τον arp table
σε ενα νεο script
Παράδειγμα με syn - ack διαδικασία
When you are analyzing the sequence and acknowledgment process, keep in mind the following equation:
Sequence Number In + Bytes of Data Received = Acknowledgment Number Out
The following is a simplified explanation of how a sequenced communication may occur. (Remember that the acknowledgment number field contains the value of the next sequence number that is expected from the other side of the TCP communication.)
Host 1 ------>Sequence number 1 with 9 bytes of data Acknowledgment number field = 100
<------ Host 2 Sequence number 100 with no data (ACK) Acknowledgment number field = 10 (in 1 + 9 bytes of data)
Host 1 ------> Sequence number 10 with 5 bytes of data Acknowledgment number field = 100
<------ Host 2 Sequence number 100 with no data (ACK) Acknowledgment number field = 15 (in 10 + 5 bytes of data)
<------ Host 2 Sequence number 100 with 20 bytes of data Acknowledgment number field = 15
Host 1: -------> Sequence number 15 with no data (ACK) Acknowledgment number field = 120 (in 100 + 20 bytes of data)
Sequence Number In + Bytes of Data Received = Acknowledgment Number Out
The following is a simplified explanation of how a sequenced communication may occur. (Remember that the acknowledgment number field contains the value of the next sequence number that is expected from the other side of the TCP communication.)
Host 1 ------>Sequence number 1 with 9 bytes of data Acknowledgment number field = 100
<------ Host 2 Sequence number 100 with no data (ACK) Acknowledgment number field = 10 (in 1 + 9 bytes of data)
Host 1 ------> Sequence number 10 with 5 bytes of data Acknowledgment number field = 100
<------ Host 2 Sequence number 100 with no data (ACK) Acknowledgment number field = 15 (in 10 + 5 bytes of data)
<------ Host 2 Sequence number 100 with 20 bytes of data Acknowledgment number field = 15
Host 1: -------> Sequence number 15 with no data (ACK) Acknowledgment number field = 120 (in 100 + 20 bytes of data)
Subscribe to:
Posts (Atom)