Wireshark doesn't detect any packet sent. sendto return 0

Question

I have been trying to send packets using raw socket in following code.This code I found somewhere in the internet. I created my own ipheader and udp header. The whole data packet is sent using sendto() function on raw socket. sendto() returns 0. Which means a packet of 0 length is sent out of it and hence even wireshark doesnt detect any packet. Where is my mistake?

// Must be run by root lol! Just datagram, no payload/data
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <cstdlib>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/ip.h>
#include <netinet/udp.h>

// The packet length
#define PCKT_LEN 35

// Can create separate header file (.h) for all headers' structure
// The IP header's structure
struct ipheader {
    unsigned char      iph_ihl:4, iph_ver:4;
    unsigned char      iph_tos;
    unsigned short int iph_len;
    unsigned short int iph_ident;
    unsigned char      iph_flag;
    unsigned short int iph_offset;
    unsigned char      iph_ttl;
    unsigned char      iph_protocol;
    unsigned short int iph_chksum;
    unsigned int       iph_sourceip;
    unsigned int       iph_destip;
};

// UDP header's structure
struct udpheader {
    unsigned short int udph_srcport;
    unsigned short int udph_destport;
    unsigned short int udph_len;
    unsigned short int udph_chksum;
};
// total udp header length: 8 bytes (=64 bits)

// Function for checksum calculation. From the RFC,
// the checksum algorithm is:
//  "The checksum field is the 16 bit one's complement of the one's
//  complement sum of all 16 bit words in the header.  For purposes of
//  computing the checksum, the value of the checksum field is zero."
unsigned short csum(unsigned short *buf, int nwords)
{       //
    unsigned long sum;
    for(sum=0; nwords>0; nwords--)
        sum += *buf++;
    sum = (sum >> 16) + (sum &0xffff);
    sum += (sum >> 16);
    return (unsigned short)(~sum);
}

// Source IP, source port, target IP, target port from the command line arguments
int main(int argc, char *argv[])
{
    int sd;
    // No data/payload just datagram
    char buffer[PCKT_LEN];
    // Our own headers' structures
    struct ipheader *ip = (struct ipheader *) buffer;
    struct udpheader *udp = (struct udpheader *) (buffer + sizeof(struct ipheader));
    // Source and destination addresses: IP and port
    struct sockaddr_in sin, din;
    int one = 1;
    const int *val = &one;

    memset(buffer, 0, PCKT_LEN);

    if(argc != 5)
    {
        printf("- Invalid parameters!!!\n");
        printf("- Usage %s <source hostname/IP> <source port> <target hostname/IP> <target port>\n", argv[0]);
        exit(-1);
    }

    // Create a raw socket with UDP protocol
    sd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
    if(sd < 0)
    {
        perror("socket() error");
        // If something wrong just exit
        exit(-1);
    }
    else
        printf("socket() - Using SOCK_RAW socket and UDP protocol is OK.\n");

    // The source is redundant, may be used later if needed
    // The address family
    sin.sin_family = AF_INET;
    din.sin_family = AF_INET;
    // Port numbers
    sin.sin_port = htons(atoi(argv[2]));
    din.sin_port = htons(atoi(argv[4]));
    // IP addresses
    sin.sin_addr.s_addr = inet_addr(argv[1]);
    din.sin_addr.s_addr = inet_addr(argv[3]);

    // Fabricate the IP header or we can use the
    // standard header structures but assign our own values.
    ip->iph_ihl = 5;
    ip->iph_ver = 4;
    ip->iph_tos = 16; // Low delay
    ip->iph_len = sizeof(struct ipheader) + sizeof(struct udpheader);
    ip->iph_ident = htons(54321);
    ip->iph_ttl = 64; // hops
    ip->iph_protocol = 17; // UDP
    // Source IP address, can use spoofed address here!!!
    ip->iph_sourceip = inet_addr(argv[1]);
    // The destination IP address
    ip->iph_destip = inet_addr(argv[3]);

    // Fabricate the UDP header. Source port number, redundant
    udp->udph_srcport = htons(atoi(argv[2]));
    // Destination port number
    udp->udph_destport = htons(atoi(argv[4]));
    udp->udph_len = htons(sizeof(struct udpheader));
    // Calculate the checksum for integrity
    ip->iph_chksum = csum((unsigned short *)buffer, sizeof(struct ipheader) + sizeof(struct udpheader));
    // Inform the kernel do not fill up the packet structure. we will build our own...
    if(setsockopt(sd, IPPROTO_IP, IP_HDRINCL, val, sizeof(one)) < 0)
    {
        perror("setsockopt() error");
        exit(-1);
    }
    else
        printf("setsockopt() is OK.\n");

    // Send loop, send for every 2 second for 100 count
    printf("Trying...\n");
    printf("Using raw socket and UDP protocol\n");
    printf("Using Source IP: %s port: %u, Target IP: %s port: %u.\n", argv[1], atoi(argv[2]), argv[3], atoi(argv[4]));

    int count;
    int i;
    for(count = 1; count <=20; count++)
    {
        if(i = sendto(sd, buffer, PCKT_LEN, 0, (struct sockaddr *)&sin, sizeof(sin)) < 0)
        // Verify
        {
            perror("sendto() error");
            exit(-1);
        }
        else
        {
            printf("Count #%u - sendto() is OK. Data Length#%d\n", count,i);
            sleep(2);
        }
    }
    close(sd);
    return 0;
}

I edited it to make it "better", but I think some of the original spaces were lost. Perhaps Shashi could edit and use the {} to mark the code rather than ` `. — Mats Petersson, Dec 24 '12 at 12:26
I think, however, that 0 packet len means that "nothing was sent", so wireshark won't see anything, because you never sent a packet. As to why that is, I'm not sure. — Mats Petersson, Dec 24 '12 at 12:27
Don't reinvent the wheel, use [libtins](http://libtins.sourceforge.net) :D — mfontanini, Dec 24 '12 at 13:25

score 6 · Answer 1 · edited Dec 24 '12 at 13:08

6

Aha! I've got at least part of it.

i = sendto(sd, buffer, PCKT_LEN, 0, (struct sockaddr *)&sin, sizeof(sin)) < 0 is the same as i = (sendto(sd, buffer, PCKT_LEN, 0, (struct sockaddr *)&sin, sizeof(sin)) < 0)

you probably want: (i = sendto(sd, buffer, PCKT_LEN, 0, (struct sockaddr *)&sin, sizeof(sin))) < 0

You may want to:

Turn on warnings in your compiler - at least if you use gcc, that should give you a warning for comparing and assigning in the same if-statement.
Retry with the fixed code.

I'm sure there may be other problems in your code too - I'm no network expert.

edited Dec 24 '12 at 13:08

simonc

41,632
12
85
103

answered Dec 24 '12 at 12:32

Mats Petersson

126,704
14
140
227

Hey..ya...sorry!! But still I cant see anything on wireshark..why so? – Shashi Bhushan Dec 24 '12 at 12:37
1

I have no idea. Are you sure you've configured wireshark correctly? E.g. using the right interface, using the right protocol, etc? – Mats Petersson Dec 24 '12 at 12:41

score 3 · Answer 2 · answered Dec 24 '12 at 12:29

3

It is really hard to read this piece of code and to understand what and why you're doing. So I can recoomend you look at my piece of code: dhcp client implementation

Look at function getSock() to see how socket is created, and on function talker() on how to form and send completed packet.

answered Dec 24 '12 at 12:29

fycth

3,410
25
37

why minus? I've given good example (ready to use code) on how to do exactly what he wants. – fycth Dec 24 '12 at 12:37
That's a bit harsh, I agree - it's a good answer. I gave you an upvote! – Mats Petersson Dec 24 '12 at 12:41
-1 was from me. yes, you did all that, but it should have been a *comment* as it doesn't address the actual question ("Where is my mistake?"). @Mats Petersson: it's definitely not an *answer*. – Karoly Horvath Dec 24 '12 at 12:47
If a code has a mistake it's possible top give a clear answer. On the other side, if the code is just written some wrong way or has many mistakes, it would be more appropriate to give a good example on how to solve the task. But ok nevermind, you have your own mind. – fycth Dec 24 '12 at 12:56

Davide Berra · Answer 3 · 2012-12-24T16:43:31.883

Local IP header structure is wrong... my suggestion is to include the IP header provided with your distro (are you using linux? don't you?).

What i did is just include linux/ip.h, rename ipheader structure reference to iphdr, and rename the ip header fields according to the structure described in the latter file.

I tried to sniff packets with tcpdump and it works now (i didn't try with wireshark but it must work too)

Try this fixed code:

// Must be run by root lol! Just datagram, no payload/data
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/udp.h>
#include <linux/ip.h>

// The packet length
#define PCKT_LEN 35

// UDP header's structure
struct udpheader {
    unsigned short int udph_srcport;
    unsigned short int udph_destport;
    unsigned short int udph_len;
    unsigned short int udph_chksum;
};
// total udp header length: 8 bytes (=64 bits)

// Function for checksum calculation. From the RFC,
// the checksum algorithm is:
//  "The checksum field is the 16 bit one's complement of the one's
//  complement sum of all 16 bit words in the header.  For purposes of
//  computing the checksum, the value of the checksum field is zero."
unsigned short csum(unsigned short *buf, int nwords)
{       //
    unsigned long sum;
    for(sum=0; nwords>0; nwords--)
        sum += *buf++;
    sum = (sum >> 16) + (sum &0xffff);
    sum += (sum >> 16);
    return (unsigned short)(~sum);
}

// Source IP, source port, target IP, target port from the command line arguments
int main(int argc, char *argv[])
{
    int sd;
    // No data/payload just datagram
    char buffer[PCKT_LEN];
    // Our own headers' structures
    struct iphdr *ip = (struct iphdr *) buffer;
    struct udpheader *udp = (struct udpheader *) (buffer + sizeof(struct iphdr));
    // Source and destination addresses: IP and port
    struct sockaddr_in sin, din;
    int one = 1;
    const int *val = &one;

    memset(buffer, 0, PCKT_LEN);

    if(argc != 5)
    {
        printf("- Invalid parameters!!!\n");
        printf("- Usage %s <source hostname/IP> <source port> <target hostname/IP> <target port>\n", argv[0]);
        exit(-1);
    }

    // Create a raw socket with UDP protocol
    sd = socket(PF_INET, SOCK_RAW, IPPROTO_UDP);
    if(sd < 0)
    {
        perror("socket() error");
        // If something wrong just exit
        exit(-1);
    }
    else
        printf("socket() - Using SOCK_RAW socket and UDP protocol is OK.\n");

    // The source is redundant, may be used later if needed
    // The address family
    sin.sin_family = AF_INET;
    din.sin_family = AF_INET;
    // Port numbers
    sin.sin_port = htons(atoi(argv[2]));
    din.sin_port = htons(atoi(argv[4]));
    // IP addresses
    sin.sin_addr.s_addr = inet_addr(argv[1]);
    din.sin_addr.s_addr = inet_addr(argv[3]);

    // Fabricate the IP header or we can use the
    // standard header structures but assign our own values.
    ip->ihl = 5;
    ip->version = 4;
    ip->tos = 16; // Low delay
    ip->tot_len = sizeof(struct iphdr) + sizeof(struct udpheader);
    ip->id = htons(54321);
    ip->ttl = 64; // hops
    ip->protocol = 17; // UDP
    // Source IP address, can use spoofed address here!!!
    ip->saddr = inet_addr(argv[1]);
    // The destination IP address
    ip->daddr = inet_addr(argv[3]);

    // Fabricate the UDP header. Source port number, redundant
    udp->udph_srcport = htons(atoi(argv[2]));
    // Destination port number
    udp->udph_destport = htons(atoi(argv[4]));
    udp->udph_len = htons(sizeof(struct udpheader));

    // Calculate the checksum for integrity
    ip->check = csum((unsigned short *)buffer, sizeof(struct iphdr) + sizeof(struct udpheader));

    // Inform the kernel do not fill up the packet structure. we will build our own...
    if(setsockopt(sd, IPPROTO_IP, IP_HDRINCL, val, sizeof(one)) < 0)
    {
        perror("setsockopt() error");
        exit(-1);
    }
    else
        printf("setsockopt() is OK.\n");

    // Send loop, send for every 2 second for 100 count
    printf("Trying...\n");
    printf("Using raw socket and UDP protocol\n");
    printf("Using Source IP: %s port: %u, Target IP: %s port: %u.\n", argv[1], atoi(argv[2]), argv[3], atoi(argv[4]));

    int count;
    int i;
    for(count = 1; count <=20; count++)
    {
        if((i = sendto(sd, buffer, PCKT_LEN, 0, (struct sockaddr *)&sin, sizeof(sin))) < 0)
        // Verify
        {
            perror("sendto() error");
            exit(-1);
        }
        else
        {
            printf("Count #%u - sendto() is OK. Data Length# %d\n", count,i);
            sleep(2);
        }
    }
    close(sd);
    return 0;
}

score 0 · Answer 4 · answered Dec 08 '21 at 05:44

I'm guessing you based that on this example code, which has multiple fatal bugs. It has wasted many hours of my life.

But to answer this specific question (and to help anyone else who is unfortunate enough to try to use that code), the bug that prevents you from seeing the packets in wireshark is here:

sin.sin_addr.s_addr = inet_addr(argv[1]);

This sets the address used for sending the packet in sentdo() to the source address. Therefore, the packet is sent over the loopback interface, and it goes nowhere. (Wireshark or other capture tools will be able to see the packet if you capture the lo/loopback interface, fwiw.)

So the corrected line for this particular program is:

sin.sin_addr.s_addr = inet_addr(argv[3]);

Wireshark doesn't detect any packet sent. sendto return 0

4 Answers4