0

I'm trying to build a packet using jnetpcap, according to the packets I receive.
I'm currently using jnetpcap-1.4.r1425, and am running into several problems.

The following code is common to all my problems: 

JPacket wPacket = new JMemoryPacket(size);
wPacket.order(ByteOrder.BIG_ENDIAN);
wPacket.setUShort(12, 0x0800);
wPacket.scan(JProtocol.ETHERNET_ID);
wEth = wPacket.getHeader(new Ethernet());
wEth.source(sourceMac);
wEth.destination(destMac);
wEth.checksum(wEth.calculateChecksum());
headersize = 14;

wPacket.setUByte(14, 0x40 | 0x05);
wPacket.scan(JProtocol.ETHERNET_ID);
wIp4 = wPacket.getHeader(new Ip4());

if (packet.hasHeader(Icmp.ID))
  wIp4.type(Ip4.Ip4Type.ICMP);
else if (packet.hasHeader(Tcp.ID))
  wIp4.type(Ip4.Ip4Type.TCP);
else if (packet.hasHeader(Udp.ID))
  wIp4.type(Ip4.Ip4Type.UDP);

wIp4.length(500 - wEth.size());
wIp4.source(dIP);
wIp4.destination(sIP);
wIp4.ttl(32);
wIp4.flags(0);
wIp4.offset(0);
wIp4.checksum(wIp4.calculateChecksum());
headersize += 20;
  1. Attempting to get TCP header from above packet gives me null

After the above portion of code, I check the original packet for UDP/TCP/ICMP headers.
The portion for TCP reads as follows:

if (packet.hasHeader(Tcp.ID))
{
  wPacket.scan(JProtocol.ETHERNET_ID);
  wTcp = wPacket.getHeader(new Tcp());

  ......
}

This is the same thing I do for the UDP portion, but the TCP portion errors out.
It turns out wTcp == null, and I have no idea why it comes out this way.

  1. ICMP checksum is wrong

The check sums of the common portion work out fine.
However, the ICMP checksum always comes out as being incorrect.

This is what I'm doing for ICMP: 

else if (packet.hasHeader(icmp) && icmp.hasSubHeader((new Icmp.EchoRequest())))
{
  wPacket.scan(JProtocol.ETHERNET_ID);
  wIcmp = wPacket.getHeader(new Icmp());
  wIcmp.setUByte(0, 0);
  wIcmp.setUByte(1, 0);
  JHeader[] tmp = {new Icmp.EchoReply()};
  wIcmp.setSubHeaders(tmp);
  wIcmp.checksum(wIcmp.calculateChecksum());
  headersize += 8 + 4;
}

If anyone can point out what I might be doing wrong, I would much appreciated.

Edit:

toDebugString() and hexdump() after the scan in the above TCP section.
I figure whatever the problem, it can be found here,

JMemory: JMemory@7fd8a0c932d8class org.jnetpcap.packet.JPacket$State: size=304 bytes
JMemory: owner=packet.JScanner.class(size=631888/offset=529976)
JPacket.State#002: sizeof(packet_state_t)=184
JPacket.State#002: sizeof(header_t)=40 and *3=120
JPacket.State#002: pkt_header_map[0]=0x0000000000000007
JPacket.State#002: pkt_header_map[1]=0x0000000000000000
JPacket.State#002: pkt_header_map[2]=0x0000000000000000
JPacket.State#002: pkt_header_map[3]=0x0000000000000000
JPacket.State#002:         pkt_flags=0x00000000
JPacket.State#002:  pkt_header_count=3
JPacket.State#002:       pkt_wirelen=500 bytes
JPacket.State#002:        pkt_caplen=500 bytes
JPacket.State#002   : [         Protocol(ID/Flag) | Start | Prefix | Header | Gap | Payload | Postfix ]
JPacket.State#002[0]: [         ETHERNET( 1/0800) |     0 |      0 |     14 |   0 |     486 |       0 ]
JPacket.State#002[1]: [              IP4( 2/0800) |    14 |      0 |     20 |   0 |     466 |       0 ]
JPacket.State#002[2]: [          PAYLOAD( 0/0800) |    34 |      0 |    466 |   0 |       0 |       0 ]

0000:*68 01 00 5e  00 00 01 5f  93 48 01 04  08 00*45 00    h..^..._.H....E.
0010: 01 e6 00 00  00 00 20 06  1d 37 2d 37  80 71 3d f0    ...... ..7-7.q=.
0020: 90 43*13 c0  d8 7f 00 00  01 00 00 00  d8 7f 00 00    .C..............
0030: 02 00 00 00  74 2f 73 74  88 1e 13 c0  d8 7f 00 00    ....t/st........
0040: 00 00 00 00  6c 64 3b 3e  00 00 00 00  00 00 00 00    ....ld;>........
0050: 03 00 01 00  00 00 00 00  b5 00 00 00  00 00 00 00    ................
0060: 01 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00    ................
0070: 03 00 00 00  74 70 63 61  e0 1e 13 c0  d8 7f 00 00    ....tpca........
0080: 02 00 00 00  d8 7f 00 00  02 00 00 00  72 6d 61 74    ............rmat
0090: 88 1e 13 c0  d8 7f 00 00  00 00 00 00  75 6d 56 61    ............umVa
00a0: 00 00 00 00  00 00 00 00  03 00 01 00  00 00 00 00    ................
00b0: 19 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00    ................
00c0: 00 00 00 00  00 00 00 00  00 00 00 00  49 47 01 00    ............IG..
00d0: 00 00 00 00  00 00 00 00  00 00 00 00  d8 7f 00 00    ................
00e0: 02 00 00 00  6f 42 79 74  88 1e 13 c0  d8 7f 00 00    ....oByt........
00f0: 00 00 00 00  65 03 00 00  00 00 00 00  00 00 00 00    ....e...........
0100: 03 00 01 00  29 56 01 00  b8 00 00 00  00 00 00 00    ....)V..........
0110: 04 00 00 00  00 00 00 00  09 00 0b 00  00 00 00 00    ................
0120: 09 00 06 00  09 00 07 00  f0 1e 13 c0  d8 7f 00 00    ................
0130: 01 00 00 00  00 00 00 00  02 00 00 00  6f 6c 2f 6c    ............ol/l
0140: 88 1e 13 c0  d8 7f 00 00  00 00 00 00  45 74 68 65    ............Ethe
0150: 00 00 00 00  00 00 00 00  03 00 01 00  4c 6f 72 67    ............Lorg
0160: b5 00 00 00  d8 7f 00 00  05 00 00 00  00 00 00 00    ................
0170: 00 00 00 00  00 00 00 00  06 00 00 00  61 64 65 72    ............ader
0180: 00 1f 13 c0  d8 7f 00 00  03 00 00 00  72 67 2f 6a    ...........rg/j
0190: 02 00 00 00  63 61 70 2f  88 1e 13 c0  d8 7f 00 00    ....cap/........
01a0: 00 00 00 00  4e 31 30 4d  00 00 00 00  00 00 00 00    ....N10M........
01b0: 03 00 01 00  75 69 74 65  b1 00 00 00  6c 72 67 2f    ....uite....lrg/
01c0: 00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00    ................
01d0: 61 6e 6e 6f  74 61 74 65  00 00 00 00  00 00 00 00    annotate........
01e0: 00 00 00 00  74 65 3b 01  02 00 00 00  4e 01 00 03    ....te;.....N...
01f0: 1d 31 50 a2*                                          .1P.

And here are the same for the icmp packet at the end.

JMemory: JMemory@7fd8a0c94588class org.jnetpcap.packet.JPacket$State: size=344 bytes
JMemory: owner=packet.JScanner.class(size=631888/offset=534760)
JPacket.State#018: sizeof(packet_state_t)=184
JPacket.State#018: sizeof(header_t)=40 and *4=160
JPacket.State#018: pkt_header_map[0]=0x0000000000001007
JPacket.State#018: pkt_header_map[1]=0x0000000000000000
JPacket.State#018: pkt_header_map[2]=0x0000000000000000
JPacket.State#018: pkt_header_map[3]=0x0000000000000000
JPacket.State#018:         pkt_flags=0x00000000
JPacket.State#018:  pkt_header_count=4
JPacket.State#018:       pkt_wirelen=500 bytes
JPacket.State#018:        pkt_caplen=500 bytes
JPacket.State#018   : [         Protocol(ID/Flag) | Start | Prefix | Header | Gap | Payload | Postfix ]
JPacket.State#018[0]: [         ETHERNET( 1/0800) |     0 |      0 |     14 |   0 |     486 |       0 ]
JPacket.State#018[1]: [              IP4( 2/0800) |    14 |      0 |     20 |   0 |     466 |       0 ]
JPacket.State#018[2]: [             ICMP(12/0800) |    34 |      0 |      8 |   0 |     458 |       0 ]
JPacket.State#018[3]: [          PAYLOAD( 0/0800) |    42 |      0 |    458 |   0 |       0 |       0 ]

0000:*68 01 00 5e  00 00 01 5f  93 48 01 04  08 00*45 00    h..^..._.H....E.
0010: 01 e6 00 00  00 00 20 01  64 76 2d 37  80 71 58 c6    ...... .dv-7.qX.
0020: 2e 33*00 00  70 ed 00 00  00 00*00 00  00 00 53 87    .3..p.........S.
0030: 71 42 a6 f7  ad 57 f2 54  11 00 3e 61  ca 6e 49 b0    qB...W.T..>a.nI.
0040: a7 f7 59 4d  b7 42 5e 05  0a f4 65 f9  5a 25 46 98    ..YM.B^...e.Z%F.
0050: dc ed 5a d0  2f a7 39 4d  02 73 bd c9  9f 11 bc ab    ..Z./.9M.s......
0060: d2 70 34 9b  d0 be 15 9c  cc 88 3e 9e  4f f4 aa e3    .p4.......>.O...
0070: 98 b5 14 88  e8 2e f5 8b  16 f5 be 47  a1 e2 31 f9    ...........G..1.
0080: 82 68 d3 1e  d1 5d fb d0  b9 7f 95 63  0d f6 67 be    .h...].....c..g.
0090: 38 df 34 df  b5 48 65 f0  ff 79 82 79  72 6d 6b b0    8.4..He..y.yrmk.
00a0: 21 ee 69 6b  0f 0a ba f2  f5 52 d0 93  c2 66 b9 16    !.ik.....R...f..
00b0: 2f 67 dc 56  48 27 40 85  0c 4d b4 b5  2f 81 bf 43    /g.VH'@..M../..C
00c0: 58 f5 2b 9d  19 87 b0 3e  14 a6 f9 d3  3e f7 b0 ca    X.+....>....>...
00d0: 41 b1 73 05  89 6e 2c fb  6c 57 de 33  7f 5c 97 be    A.s..n,.lW.3.\..
00e0: c1 d9 d0 f5  53 60 70 83  3a a6 3e 54  1e 8e ae 4e    ....S`p.:.>T...N
00f0: 80 4b 24 7b  35 4e 48 f3  df 29 f1 c4  6e 5e f0 53    .K${5NH..)..n^.S
0100: 15 f7 18 89  1e 4d 41 93  26 8d 72 90  fa 83 ec a3    .....MA.&.r.....
0110: f8 d1 60 b6  63 49 a3 19  8c e3 c1 1b  20 b3 db 3c    ..`.cI...... ..<
0120: a4 cd 42 f9  53 ee 9d 86  7f f3 8b a0  c2 ff f4 9e    ..B.S...........
0130: a4 ce 58 28  e0 b9 c2 0f  13 bf 87 a5  85 91 ff e6    ..X(............
0140: 44 8c 93 43  33 b1 b4 ce  1c 02 22 19  9d da 28 7e    D..C3....."...(~
0150: 49 a6 84 c9  97 4a 1e 27  27 66 5d f2  b1 45 15 73    I....J.''f]..E.s
0160: 05 22 d6 9c  06 54 e7 17  2d 1d f6 7b  f5 3c 3a d0    ."...T..-..{.<:.
0170: 43 40 1e 3e  80 18 a3 eb  2d 2b c5 ad  7b 71 6b 83    C@.>....-+..{qk.
0180: 3f 2b d7 5d  19 01 4d fc  66 57 69 38  97 f8 b2 aa    ?+.]..M.fWi8....
0190: 79 1c a7 0a  b0 e5 33 7e  b9 ef 23 27  78 a3 62 5a    y.....3~..#'x.bZ
01a0: e7 26 e7 ff  ce 34 31 86  ad d6 01 3c  f8 7d 6c 30    .&...41....<.}l0
01b0: ed f7 62 d8  98 ce 21 bf  e2 cd 3e 6a  8e a2 f0 48    ..b...!...>j...H
01c0: 30 62 5b 29  ed ab 91 82  d2 56 e8 12  15 2d 17 68    0b[).....V...-.h
01d0: a9 f5 d4 c9  95 3d b7 48  ce 91 c3 e7  a4 92 1f 6d    .....=.H......m
01e0: e0 f1 0d ca  6a 67 a1 a3  60 22 6d 98  80 ac b7 62    ....jg..`"m....b
01f0: 03 7f 4a df*
Cong Hui
  • 202
  • 5
  • 16
  • Can you provide a hexdump with `System.out.println(FormatUtils.hexdump(wPacket));` of the generated packet and also after each scan dump the state tables `System.out.println(wPacket.getState().toDebugString());`. This will show exactly what is in the packet. – Mark Bednarczyk May 21 '15 at 14:21
  • BTW: the easiest way to build new packets is using a template. First hexdump a packet you would like to use as a template and then copy/paste the the hexdump into a String. Then use the string to initialize JPacket with and you have the original packet as a template. Next just modify the important variables and recalculate checksums. For example `JPacket packet = new JMemoryPacket(VariousInMemoryPackets.PACKET_1); packet.scan(Ethernet.ID);` where the full example can be found under tests/org.jnetpcap.header.TestPeering. – Mark Bednarczyk May 21 '15 at 14:30
  • Example: [link to template example](https://sourceforge.net/p/jnetpcap/code/HEAD/tree/jnetpcap/trunk/tests/java1.5/org/jnetpcap/header/TestPeering.java) – Mark Bednarczyk May 21 '15 at 14:36
  • I did consider using the template example, but for my purpose here, I'd like to attempt to create the packet from scratch. The toDebugString() and hexdump() are provided in edit. – Cong Hui May 22 '15 at 08:59

1 Answers1

0

My suggestion is to read and understand the code that is written by the author of jnetpcap.

Specifically the code that reads the data from a pcap file and creates a packet from scratch. Basically how the peering works.

gagarwa
  • 1,426
  • 1
  • 15
  • 28