-1

Consider the WinPcap tutorial for sending a single packet. To start running it, it is relatively straightforward:

  1. copy and paste the code into your IDE for C (in my case code::blocks)
  2. add #define HAVE_REMOTE to the 1st line
  3. set the build options (link libraries and directories)
  4. set the proper mac addresses
  5. fill the array with the data you want to send
  6. compile and execute (as administrator)

It works nice and is well documented. If you run the other tutorial for capturing packets, you will see that the packet is transmitted properly.

However, if you set the 13th array element to 0~5, the packet will not be transmitted properly. For example, before sending down the packet, add the following line of code:

packet[12]=5;

This way, the packet that was previously being transmitted, no longer will be transmitted (without any error message). Which doesn't make any sense. According to the documentation, this array element is already part of the payload (ie: no longer mac address, length or header), and could be any integer from 0 to 255.

Issue
Why this 13th array element is causing the packets to no longer be transmitted?

Mark Messa
  • 440
  • 4
  • 22

1 Answers1

0

packet[12] and packet[13] contain the used EtherType, for example, for IP this is 0x0800.

See here and here for a list of EtherType numbers.

Which doesn't make any sense. According to the documentation, this array element is already part of the payload (ie: no longer mac address, length or header), and could be any integer from 0 to 255.

It doesn't seem like that:

pcap_sendpacket() takes as arguments a buffer containing the data to send, the length of the buffer and the adapter that will send it. Notice that the buffer is sent to the net as is, without any manipulation. This means that the application has to create the correct protocol headers in order to send something meaningful.

So you need to assemble the full packet yourself, including IP-header, TCP-header, checksums etc.

Danny_ds
  • 11,201
  • 1
  • 24
  • 46
  • _the application has to create the correct protocol headers_ ok, the problem is that the tutorial code gives you the false impression that the protocol header is only the mac addresses. – Mark Messa Jan 07 '16 at 15:34
  • By the way, if you just want to pass an ascii message through raw wifi, what `EtherType` numbers would you recomend? – Mark Messa Jan 07 '16 at 15:38
  • @MarkMessa - No, it's a lot more than that: Ethernet header:6+6+2 (last 2 for EtherType) - if EtherType == 0x0800 (IP) -> IP header is needed, if protocol in IP header is TCP an TCP header is needed after that, etc.. – Danny_ds Jan 07 '16 at 15:38
  • @MarkMessa - Check this: http://stackoverflow.com/questions/34454592/raw-wifi-packets-with-winpcap – Danny_ds Jan 07 '16 at 15:39
  • _it's a lot more than that_ Of course, if you wanna use TCP/IP you must include their headers also. However, just for raw wifi (fake ethernet emulation), I really had the impression that all was necessary was the mac addresses. Thanks for correcting me regarding the EtherType. – Mark Messa Jan 07 '16 at 15:42
  • _Check this:_ Yes, I'm aware of this question. Great debate. Any specific point there you would like to highlight? – Mark Messa Jan 07 '16 at 15:46
  • @MarkMessa - I am not that familiar with _raw wifi (fake ethernet emulation)_, this might be something for another question. – Danny_ds Jan 07 '16 at 16:20
  • @MarkMessa: If you want to exchange data, you generally should inform how the data is structured and what the fields mean. For Ethernet your question would have been answered by a simple look at Wikipedia. – too honest for this site Jan 07 '16 at 16:37