Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > libnet > 03 > 070448.html (Request Expert securityfocus.com Support)

libnet_build_icmpv4_unreach() problems...

From: setuid - victor lima <s3tuid(at)violating.us>
Date: Mon Jul 07 2003 - 01:54:29 EDT


Hello list,
  Im trying to build an icmp port unreachable packet using libnet for an udp packet, but there seems to be two problems...   Shouldnt, in a function that issues an icmp port unreachable, the programmer be able to specify both source and dest ports of the unreachable packet? Or maybe im missing something big here, because it seems that libnet is just randomly choosing the port numbers for the packet

  And tcpdump is constantly yealing about some wrong cksums on both the icmp part of the packet and the udp part...

  Im using the latest libnet stable libnet avaible at www.packetfactory.net/libnet ( since i couldnt get the development version to compile right ) and the piece of code im using is:   [...]
  icmp = libnet_build_icmpv4_unreach( 

         ICMP_UNREACH,
         ICMP_UNREACH_PORT,
	0,
         LIBNET_IPV4_H + LIBNET_UDP_H + strlen(response),
         0,
         iph->ip_id,
         0,
         64,
         IPPROTO_UDP,
         udph->check,

libnet_name2addr4(l,(u_char*)inet_ntop(AF_INET,&iph->ip_src,src,

    sizeof(src)), LIBNET_RESOLVE),

         libnet_name2addr4(l, (u_char *) inet_ntop(AF_INET,
&iph->ip_dst, dst, sizeof(dst)), LIBNET_RESOLVE), 

         response,
         strlen(response),
         l,
         0);

  [...]
  the ipv4 part is:
  [...]
ip = libnet_build_ipv4( 
         LIBNET_IPV4_H + LIBNET_ICMPV4_UNREACH_H +
         LIBNET_IPV4_H + strlen(response),           /* length */
         0,                                          /* TOS */
         iph->ip_id,                                 /* IP ID */
         0,                                          /* IP Frag */
         64,                                         /* TTL */
         IPPROTO_ICMP,                               /* protocol */
         0,                                          /* checksum */
         libnet_name2addr4(l, (u_char *) inet_ntop(AF_INET, 


&iph->ip_dst, dst, sizeof(dst)), LIBNET_RESOLVE),


         libnet_name2addr4(l, (u_char *) inet_ntop(AF_INET, 


&iph->ip_src, src, sizeof(src)), LIBNET_RESOLVE),


         NULL,                                       /* payload */
         0,                                          /* payload size */
         l,                                          /* libnet handle */
         0);

both iph and udph come directly from a sniffed packet ( using libpcap ) so those are error free, response is also the sniffed payload from the received packet

[]'z
setuid@violating.us


To unsubscribe, e-mail: libnet-unsubscribe@securityfocus.com For additional commands, e-mail: libnet-help@securityfocus.com Received on Mon Jul 7 01:55:42 2003
Do you need help?X

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:24 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library