将有效负载数据添加到 pcap.net 中的 ICMP Echo Reply
使用适用于 Windows 的 PCAP.NET 库,我可以根据文档构建 ICMP 回复数据包:
'''
private static Packet BuildIcmpPacket(string sourcemac, string destmac, string sourceip, string targetip,int id, int seq,byte[] payload)
{
EthernetLayer ethernetLayer =
new EthernetLayer
{
Source = new MacAddress(destmac),
Destination = new MacAddress(sourcemac),
EtherType = EthernetType.None, // Will be filled automatically.
};
IpV4Layer ipV4Layer =
new IpV4Layer
{
Source = new IpV4Address(targetip),
CurrentDestination = new IpV4Address(sourceip),
Fragmentation = IpV4Fragmentation.None,
HeaderChecksum = null, // Will be filled automatically.
Identification = 123,
Options = IpV4Options.None,
Protocol = null, // Will be filled automatically.
Ttl = 100,
TypeOfService = 0,
};
IcmpEchoReplyLayer icmpLayer =
new IcmpEchoReplyLayer
{
Checksum = null, // Will be filled automatically.
Identifier = (ushort)id,
SequenceNumber = (ushort)seq,
//Payload = payload,
};
PacketBuilder builder = new PacketBuilder(ethernetLayer, ipV4Layer, icmpLayer);
return builder.Build(DateTime.Now);
}
'''
我为以太网和 IPV4 层提供了 MAC 地址和 IP 地址,而不是示例默认值。
数据包生成器工作,我可以将其发送到线路,但请求主机无法识别答复(wireshark 看到它们,但请求被标记为“未找到答复”)。
我猜测 ID 和序列字段需要在回复中重复(我已提供),但我无法添加 ping 请求中的有效负载。我可以使用以下代码片段来阅读它:
'''
communicator.ReceivePacket(out wpacket);
if (wpacket == null)continue;
EthernetDatagram edg = wpacket.Ethernet;
IpV4Datagram ipv4 = edg.IpV4;
IcmpEchoDatagram icmpdg = (IcmpEchoDatagram)ipv4.Icmp;
int ID = icmpdg.Identifier;
int SEQ = icmpdg.SequenceNumber;
byte[] payload = icmpdg.Payload.ToArray();
''',
但我没有找到将有效负载数据添加到回复中的方法。注意:此数据包生成器确实有效;一旦我将 ID 和序列号添加到回复中,发送主机就会看到它,但它抱怨没有收到数据。这实际上足以满足我的需求,但我想添加 paylaod 数据以发送“合法”的 ping 回复。
Using the PCAP.NET library for Windows, I can build an ICMP reply packet according to the documentation:
'''
private static Packet BuildIcmpPacket(string sourcemac, string destmac, string sourceip, string targetip,int id, int seq,byte[] payload)
{
EthernetLayer ethernetLayer =
new EthernetLayer
{
Source = new MacAddress(destmac),
Destination = new MacAddress(sourcemac),
EtherType = EthernetType.None, // Will be filled automatically.
};
IpV4Layer ipV4Layer =
new IpV4Layer
{
Source = new IpV4Address(targetip),
CurrentDestination = new IpV4Address(sourceip),
Fragmentation = IpV4Fragmentation.None,
HeaderChecksum = null, // Will be filled automatically.
Identification = 123,
Options = IpV4Options.None,
Protocol = null, // Will be filled automatically.
Ttl = 100,
TypeOfService = 0,
};
IcmpEchoReplyLayer icmpLayer =
new IcmpEchoReplyLayer
{
Checksum = null, // Will be filled automatically.
Identifier = (ushort)id,
SequenceNumber = (ushort)seq,
//Payload = payload,
};
PacketBuilder builder = new PacketBuilder(ethernetLayer, ipV4Layer, icmpLayer);
return builder.Build(DateTime.Now);
}
'''
I supplied mac addresses and IP addresses for the Ethernet and IPV4 layers instead of the example defaults.
The packet builder works, and I can send it to the wire, but the requesting host doesn't recognize the replies (wireshark sees them, but the requests are tagged as 'no reply found').
I'm guessing the ID and Sequence fields need to be repeated in the reply (which I have supplied), but I can't add the payload from the ping request. I can read it with this snippet:
'''
communicator.ReceivePacket(out wpacket);
if (wpacket == null)continue;
EthernetDatagram edg = wpacket.Ethernet;
IpV4Datagram ipv4 = edg.IpV4;
IcmpEchoDatagram icmpdg = (IcmpEchoDatagram)ipv4.Icmp;
int ID = icmpdg.Identifier;
int SEQ = icmpdg.SequenceNumber;
byte[] payload = icmpdg.Payload.ToArray();
'''
but I don't see a way to add payload data to the reply. NOTE: This packet builder does work; once I added the ID and Sequence numbers to the reply the sending host sees it, but it complains about no data received. This is actually sufficient for my needs, but I would like to add the paylaod data to send a 'legitimate' ping reply back.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我通过进一步挖掘 github 上的示例代码找到了答案:
上面显示的 BuildIcmpPacket() 的原始代码使用这些层构建了数据包:
只需添加 PayloadLayer 即可将有效负载添加到最终数据包中。为该有效负载提供的缓冲区(“payloadBuffer”)是从 ping 请求(上面)中读取的缓冲区。
ping 回复现在按预期工作,发件人对回复感到满意。
I found the answer with a little more digging through example code on github:
The original code for BuildIcmpPacket() shown above built the packet with these layers:
The payload is added to the final packet by simply adding a PayloadLayer. The buffer supplied for this payload ('payloadBuffer') is the one read from the ping request (above).
The ping reply now works as expected, and the sender is satisfied with the reply.