Accessing Raw Packet Data
For some situations it is necessary to be able to access either raw packet data or the raw packet header from within libnet. This can be useful, from a debugging standpoint, for handcrafting packets and for assembling truly unusual data packets.
libnet provides functions for
“culling” the packet data from a
libnet context, and for culling an individual
packet header from a context and protocol tag. These functions are
available only if the libnet injection type was
one of LIBNET_LINK_ADV,
LIBNET_RAW4_ADV, or
LIBNET_RAW6_ADV. These functions are as
follows:
int libnet_adv_cull_packet (libnet_t *l, u_int8_t **packet, u_int32_t *packet_s);
int libnet_adv_cull_header (libnet_t *l, libnet_ptag_t ptag, u_int8_t **header,
u_int32_t *header_s);Both functions return 1 on success and
-1 on failure, and you can query the errors using
libnet_geterror()
. For each function, the packet or
header in network byte order and the size of the data returned are
pointed to by the pointers supplied to the functions.
As noted earlier, culling a packet can be useful for debugging purposes, but it also gives you control over the format of the data to be sent out, which can can allow you to create protocol types not yet supported by libnet or to create unusual packets. For example, I have used this functionality to create packets for the Microsoft Teredo protocol that is included in Windows XP updates and is outlined at http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/teredo.mspx ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
