Posted by seltorn on 2000-01-03
yO! > On Sun, Jan 02, 2000 at 05:29:41PM +0100, Ng Oon Keat wrote: > > Hi. How to write a Ping program ??? Do I need to establish connection when > > I ping ?? If establishing connection is needed, which port should I connect > > and what data/packet should I send ?? Thanks.... > IIRC ping does not use the tcp (transport control protol) or udp (some > datagramm packets) but it uses ICMP (Internet Control Message > Protocol). you're wrong about layer level - ICMP is delivered OVER ip. you'll see it later. ping is icmp_echo_request (type 8 code 0). how to create the whole thing? uhh =) icmp packet looks like this: ip header || icmp message data ip header is 20 bytes long, icmp data length is defined inside the message. after ip header we have icmp header (it's on the top of icmp message data). it looks like 8 bit type + 8 bit code + 16 bit crc. as i said, ping is type 8 code 0. if i send the packet and then rip it off using a sniffer, i would get something like that: 00000000: 00 40 05 16 56 AA 00 00 b4 54 b1 BB 08 00 45 00 00000010: 00 54 54 ed 00 00 40 01 19 d9 d1 AA BB CC d1 BB 00000020: CC EE 08 00 67 74 41 2d 00 00 5a 9b 5b 36 ab 89 00000030: 03 00 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 00000040: 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 00000050: 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 00000060: 36 37 the first line is destination MAC address (48 bits), source MAC address (48b), carrier protocol (16 bits, here we have IP). then we have 4 bits msb (here, for ipv4 we have 4), then lsb (number of 32 bit words in header, here we have 5). then we have 8 bit ToS (type of service, here 00). what do we have thereafter? 00 54 is total length (16 bit max, in bytes). then fragment id (16 bit), 3 bit flags, 13 bit frag offset (which is rather boring to be discussed here). then TTL (time to live, 8 bits max). then Ip Protocol Type (8 bits, here ICMP = 01). then we have 16-bit checksum, then source IP (32 bits), destination ip (32 bits). then we have 16bit total length of the whole datagram (the thing we transfer). if you guys want deeper explanations, read rfc. lets go on with icmp packet now. (starts on 00000020 + 16 bits). first thing we get is 08, which is echo request, then icmp kode 0. then checksum, then process identifier (PiD for unices, random shit (AFAIK) for windozes). then we have sequence number and finally 56 bytes of data. herein we don't need it so we fill it with random shit because icmp echo request doesn't require additional parameters, but sometimes (like with icmp redirect) some data should be modified to fit the situation. when we get packet back, it looks almost the same, but source/destination MAC and IP addresses are switched and icmp type is changed from 8 to 0 (echo reply). sorry for such long letter, but i'm bored from useless two line answers in this list (err, something like 'i dunno what is that exactly, go read somewhere'). i hope this letter will make someone feel sorry for such stupid answers. i'm not offending anyone. this took 5 minutes to think over, 2 minutes to generate a packet and to sniff it and 10 more to write. is 20 minutes too much time to help someone who knows less than you? -- seltorn // ai :: black metal :: coding on booze :: network penetration To signoff send a mail to listserver@xxxx.xx.xx with "signoff tcg" in the body of your message.
Previous post | Next post | Timeline | Home