Differences for page Splitting APD packets in layers -- hping network security tool

hping wiki

Differences for page Splitting APD packets in layers

Current version compared with version Tue May 18 04:51:48 GMT 2004

...
-    daddr=192.168.1.7+    daddr=192.168.1.7
+

The following is the old page content

hping commands [hping getfield], [hping hasfield], [hping setfield] are not always enough
to deal with packets without to use `regexp`, `regxub`, `split`, and other [Tcl] string
manipulation commands, but other hping commands to directly add and remove layers, add
fields, and other useful packets manipulations, will be added before the hping3 stable release.

Fortunately [APD] is designed to guarantee that field names and values never contain
*+*, *,*, *)*, and other similar characters that are used in
the syntax to describe packets, so to split packets in layers using
*+* as separator, or to split a layer in fields using *,* as separator
is prefrectly legal. Some example:

set packet "ip(ihl=5,ver=4,tos=c0,totlen=58,id=62912,fragoff=0,mf=0,df=0,rf=0,ttl=64,proto=1,cksum=e500,saddr=192.168.1.7,daddr=192.168.1.6)+icmp(type=3,code=3,unused=0)+ip(ihl=5,ver=4,tos=00,totlen=30,id=60976,fragoff=0,mf=0,df=1,rf=0,ttl=64,proto=17,cksum=40c9,saddr=192.168.1.6,daddr=192.168.1.7)+udp(sport=33169,dport=10,len=10,cksum=94d6)+data(str=f\0a)"

hping3.0.0-alpha> foreach layer [split $packet +] {puts $layer}
 ip(ihl=5,ver=4,tos=c0,totlen=58,id=62912,fragoff=0,mf=0,df=0,rf=0,ttl=64,proto=1,cksum=e500,saddr=192.168.1.7,daddr=192.168.1.6)
 icmp(type=3,code=3,unused=0)
 ip(ihl=5,ver=4,tos=00,totlen=30,id=60976,fragoff=0,mf=0,df=1,rf=0,ttl=64,proto=17,cksum=40c9,saddr=192.168.1.6,daddr=192.168.1.7)
 udp(sport=33169,dport=10,len=10,cksum=94d6)
 data(str=fa)

A more complex example: a [Tcl] procedure that split a packet in layers
and fields.

set packet  "ip(ihl=5,ver=4,tos=c0,totlen=58,id=62912,fragoff=0,mf=0,df=0,rf=0,ttl=64,proto=1,cksum=e500,saddr=192.168.1.7,daddr=192.168.1.6)+icmp(type=3,code=3,unused=0)+ip(ihl=5,ver=4,tos=00,totlen=30,id=60976,fragoff=0,mf=0,df=1,rf=0,ttl=64,proto=17,cksum=40c9,saddr=192.168.1.6,daddr=192.168.1.7)+udp(sport=33169,dport=10,len=10,cksum=94d6)+data(str=f\0a)"

foreach layer [split $packet +] {
     set t [split $layer ()]
     set name [lindex $t 0]
     set fields [lindex $t 1]
     puts $name
     foreach field [split $fields ,] {
         puts "  $field"
     }
     puts {}
 }

This script produce the following output:

ip
   ihl=5
   ver=4
   tos=c0
   totlen=58
   id=62912
   fragoff=0
   mf=0
   df=0
   rf=0
   ttl=64
   proto=1
   cksum=e500
   saddr=192.168.1.7
   daddr=192.168.1.6

icmp
   type=3
   code=3
   unused=0

ip
   ihl=5
   ver=4
   tos=00
   totlen=30
   id=60976
   fragoff=0
   mf=0
   df=1
   rf=0
   ttl=64
   proto=17
   cksum=40c9
   saddr=192.168.1.6
   daddr=192.168.1.7