# Raw sockets

Disponível somente no TrabalhosFeitos
• Páginas : 11 (2718 palavras )
• Publicado : 5 de março de 2013

Amostra do texto
Raw Packets

Who Am I?
• Jim O’Gorman
– Jameso@elwood.net – Jogorman@gmail.com – http://www.elwood.net/

What is This?
• What is a “raw” packet?
– Packet Sniffer
• Ethereal (http://www.ethereal.com/) • TCPDump (http://www.tcpdump.org/)

– Protocol Processors
• Ethereal has many • TCPDump has a few (ex DNS)

What Does a Raw Packet Look Like?
• What does a raw (hex) packet looklike?
IP 10.10.80.73.49951 > 64.233.167.99.80: . ack 2913739186 win 65535 4500 0028 e9f7 4000 4006 0e39 0a0a 5049 40e9 a763 c31f 0050 befb 759a adac 21b2 5010 ffff a5d0 0000

Why Do I Care?
• Tools do the work for me. Why should I waste my time with this?
– In school, did you learn to do math by hand? Or with a calculator?

What is Hex?
• Base Ten (Decimal) - Fingers and Toes • Binary -1s and 0s • Hex (Hexadecimal) - 1 through 15
– 0-9 then a for 10, b for 11, etc up to f for 15.

0-F
• • • • • • A = 10 B = 11 C = 12 D = 13 E = 14 F = 15

Powers
• Base Ten is 0-9, so if you need something higher then 9, you use powers:
– 18 is nothing more then 110 plus 8 – 11000011000110011011

• Hex is 0-F, so when you need more than 15, you use powers:
– 18 in hex is 0x12 = 116plus 2 – 27 in hex is 0x1B = 116 plus 11 – 16553614096125611611

Binary
• Quick (very quick) binary overview
– 0 and 1 – Powers: 112816413211618141211 – 2 decimal is 10 binary (12+01) – 15 decimal is 1111 binary (18+14+12+11) – Hard to work with as small numbers take quite a bit to write out

Its Easy
• Converting hex is very easy
– Let your calculator do it for you

Bit, Nibble,Byte
• • • • Bit - Smallest unit - 0 or 1 Nibble - Four Bits, Half a Byte Byte - Eight Bits, Two Nibbles One hex digit is a nibble, two hex digits is a byte

IP Networking
• Most of us know at least something about IP networking
– At this point we are going to review the encapsulation used by IP

• Packets are broken up into various fields, each serving a different purpose

IP Datagram TCP Packet

Byte Offsets

Other Protocols
• • • • UDP ICMP IGMP etc

Stacks

Russian Dolls

IP/TCP Dolls

IP Encapsulation
• Physical -> Internet -> Transport -> Application • Ethernet -> IP -> TCP -> HTTP • Ethernet -> IP -> UDP -> DNS • Ethernet -> IP -> TCP -> SSH

TCPDump
• -i Interface to listen on (ex. -i fxp0) • -s Snaplen, or how much of the packet to capture(ex. -s 0 (capture whole packet)) • -X Print each packet in both hex and ASCII. • -n Don’t convert address to hostnames

Our Packet
4500 0028 e9f7 4000 4006 0e39 0a0a 5049 40e9 a763 c31f 0050 befb 759a adac 21b2 5010 ffff a5d0 0000

IP Field Breakdown

TCP Field Breakdown

Packet Crafter
• Nemesis ( http://nemesis.sourceforge.net/) • Hping (http://www.hping.org/) • Manually puttogether packets for various purposes

Initial Nemesis Command Line
• nemesis tcp -d en0 -D 64.233.167.99 -S 10.10.80.73

• Run nemesis in tcp mode, send the packet out interface en0, destination IP of 64.233.167.99, source IP of 10.10.80.73
00:04:19.851510 IP 10.10.80.73.30680 > 64.233.167.99.42024: S 1945339175:1945339175(0) win 4096 0x0000: 4500 0028 b643 0000 ff06 c2ec 0a0a 5049E..(.C........PI 0x0010: 40e9 a763 77d8 a428 73f3 8527 6630 8b06 @..cw..(s..'f0.. 0x0020: 5002 1000 56f0 0000 P...V...

IP Version
• 4 bit length (one nibble) • High-order nibble of the 0 byte offset • Common values are “4” and “6” for IPv4 and IPv6 • 4500