Do I have to enter src and dst mac address in forged packet?

views:

answers:

+1 Q:

Do I have to enter src and dst mac address in forged packet?

I have started coding a packet injector and read up a bit on what one has to do. One thing I'm wondering though is when I create the IP header the h_source and h_dest fields should contain the mac address of the sender and receiver. Do I have to do this and is there a quick way to find out the mac address of the destination? Let's say I craft a ICMP ping packet or some arbitrary TCP packet. Would be nice to just be able to say "send it to 192.168.0.10 from 192.168.0.1" and not having to care about the mac addresses. I guess the kernel normaly fills this in but letting it interfere here would not allow me complete control over the packet.

Yes, you will need to fill this in. You can use ARP to determine the MAC address of a given IP address: http://en.wikipedia.org/wiki/Address_Resolution_Protocol

Vicky 2010-07-14 10:09:03

+4 A:

I'm afraid you've got that wrong, IP has no knowledge of the MAC adress, only the ethernet layer knows that. That's why you need the ARP protocol to determine which mac adress to send an IP packet to. Normally, you know which subnet you belong to, if your destination IP is local, you ARP for the MAC and send it diretly (this is usually done at a much lower level though). If it's not on your local subnet, you ARP for the gateway IP and send it there instead, which will forward it somehow.

The only source and destination present in the IP header are the source and destination IP addresses.

HTH.

EDIT:
For clarification. When sending via the gateway, the IP packet is normally not touched (except TTL, and, because of that, the checksum). There are situations where the IP packet must be fragmented, but that's a different issue. The point is the source and destination addresses remain the same, it's only on the layer below where we're actually saying it should be sent via some gateway or router.

roe 2010-07-14 10:09:15

I meant to say the ethernet header... I mixed it up with the ip header... sorry

inquam 2010-07-14 10:37:39

Well @inquam, you don't have to create the mac header if you just want to send IP packets. If you want to forge the mac-source and destination, then quite naturally you'd have to fill those in yourself as well, I really don't see your question then anymore.

roe 2010-07-14 11:36:25

If I want to craft a packet by hand I thought I had to do all the headers myself... But can I get the kernel to do the ethernet header for me and I can muck around as much as I want with the ip header and tcpheader and it's options?

inquam 2010-07-14 11:41:58

@inquam; that's what raw sockets are for, see this http://www.tenouk.com/Module43a.html for example. You do need to specify the protocol in the `socket` call in this case, to let the kernel know where it's supposed to look for the destination address (IP in this case)

roe 2010-07-14 12:13:11

@roe, you might want to mention NAT, which is so common with home and corporate IPv4 networks now, as an exception to your statement about gateways.

Nikolai N Fetissov 2010-07-14 14:36:38

@Nikolai; how is that an exception? The computer on the inside doesn't care about that? Or you mean exception to the "normally not touched"? Yeah, that's what I meant by normally, there are situations where you do want to change the IP header (e.g. NAT, or something else you might want to tweak, such as flags, or if you need fragmentation). But I was trying to make a point regarding protocol layer separation.. :)

roe 2010-07-15 06:22:33

ansaurus

tags:

views:

answers:

Do I have to enter src and dst mac address in forged packet?

related questions