hping wiki
HOME - RECENT CHANGES - CONTACTS - DOWNLOAD - ANTIREZ - TCL BOOK

Splitting APD packets in layers


hping commands hping getfield, hping hasfield, hping setfield are not always enough to deal with packets without to use regexp, regxub, split, and other Tcl string manipulation commands, but other hping commands to directly add and remove layers, add fields, and other useful packets manipulations, will be added before the hping3 stable release.
Fortunately APD is designed to guarantee that field names and values never contain +, ,, ), and other similar characters that are used in the syntax to describe packets, so to split packets in layers using + as separator, or to split a layer in fields using , as separator is prefrectly legal. Some example: 
set packet "ip(ihl=5,ver=4,tos=c0,totlen=58,id=62912,fragoff=0,mf=0,df=0,rf=0,ttl=64,proto=1,cksum=e500,saddr=192.168.1.7,daddr=192.168.1.6)+icmp(type=3,code=3,unused=0)+ip(ihl=5,ver=4,tos=00,totlen=30,id=60976,fragoff=0,mf=0,df=1,rf=0,ttl=64,proto=17,cksum=40c9,saddr=192.168.1.6,daddr=192.168.1.7)+udp(sport=33169,dport=10,len=10,cksum=94d6)+data(str=f\0a)"

hping3.0.0-alpha> foreach layer [split $packet +] {puts $layer}
ip(ihl=5,ver=4,tos=c0,totlen=58,id=62912,fragoff=0,mf=0,df=0,rf=0,ttl=64,proto=1,cksum=e500,saddr=192.168.1.7,daddr=192.168.1.6)
icmp(type=3,code=3,unused=0)
ip(ihl=5,ver=4,tos=00,totlen=30,id=60976,fragoff=0,mf=0,df=1,rf=0,ttl=64,proto=17,cksum=40c9,saddr=192.168.1.6,daddr=192.168.1.7)
udp(sport=33169,dport=10,len=10,cksum=94d6)
data(str=fa)
A more complex example: a Tcl procedure that split a packet in layers and fields. 
set packet  "ip(ihl=5,ver=4,tos=c0,totlen=58,id=62912,fragoff=0,mf=0,df=0,rf=0,ttl=64,proto=1,cksum=e500,saddr=192.168.1.7,daddr=192.168.1.6)+icmp(type=3,code=3,unused=0)+ip(ihl=5,ver=4,tos=00,totlen=30,id=60976,fragoff=0,mf=0,df=1,rf=0,ttl=64,proto=17,cksum=40c9,saddr=192.168.1.6,daddr=192.168.1.7)+udp(sport=33169,dport=10,len=10,cksum=94d6)+data(str=f\0a)"

foreach layer [split $packet +] {
    set t [split $layer ()]
    set name [lindex $t 0]
    set fields [lindex $t 1]
    puts $name
    foreach field [split $fields ,] {
        puts "  $field"
    }
    puts {}
}
This script produce the following output: 
ip
  ihl=5
  ver=4
  tos=c0
  totlen=58
  id=62912
  fragoff=0
  mf=0
  df=0
  rf=0
  ttl=64
  proto=1
  cksum=e500
  saddr=192.168.1.7
  daddr=192.168.1.6

icmp
  type=3
  code=3
  unused=0

ip
  ihl=5
  ver=4
  tos=00
  totlen=30
  id=60976
  fragoff=0
  mf=0
  df=1
  rf=0
  ttl=64
  proto=17
  cksum=40c9
  saddr=192.168.1.6
  daddr=192.168.1.7
 
Recently accessed pages
Hping2 Win32 Version
Home
ICMP
Cygwin
WinPCap
How to add an image in a wiki page
Download
External tutorials and articles
Win32
Windows
GetIpTtl
Good security tools
Idle scan
IPv4
Gif LZW encoding and Mandelbrot in pure Tcl
 
Edit this page Upload file Page history - Page last update: Sun Oct 03 09:38:14 GMT 2004 by 82.49.49.143 | Your address: 3.142.174.55 | Admin
Copyright (C) 2004 Salvatore Sanfilippo - Powered by YakuWiki and Tcl/Tk