Permalink
Browse files

Update flag types, update documentation.

  • Loading branch information...
1 parent b48589e commit 013e89b1fa0d0ed544f7fd30a03ed50c6f99a8f4 @jeagle jeagle committed Feb 16, 2012
Showing with 754 additions and 108 deletions.
  1. +2 −2 Makefile
  2. +101 −29 README.pod
  3. +18 −13 ethertype-to-c.pl
  4. +532 −9 flag_names.c
  5. +8 −0 flag_names.h
  6. +3 −5 icmp-xml-to-c.pl
  7. +1 −1 ipproto-to-c.pl
  8. +89 −49 synfrag.c
View
@@ -1,4 +1,4 @@
-OBJS = synfrag.o checksums.o
+OBJS = synfrag.o checksums.o flag_names.o
SRCS = $(OBJS,.o=.c)
CFLAGS += -Wall
@@ -14,5 +14,5 @@ synfrag: $(OBJS)
$(CC) $(LDFLAGS) -lpcap -o synfrag $(OBJS)
clean:
- rm -rf *.o synfrag
+ rm -rf $(OBJS) synfrag
View
@@ -46,76 +46,148 @@ can be discarded.
=head1 Examples
-The following is a simple example test using synfrag to probe TCP port 22 via
-unfragmented IPv4. Note that the dstmac parameter is set to that of the router
-between the srcip's network and the dstip's network:
+=head2 v4-tcp
+
+The following example uses synfrag to probe TCP port 22 via unfragmented
+IPv4. Note that the dstmac parameter is set to that of the router between
+the srcip's network and the dstip's network:
%sudo ./synfrag \
- --srcip 10.72.122.120
- --dstip 10.72.107.254 \
- --interface eth1 \
- --dstmac 00:00:0C:07:AC:01 \
- --dstport 22 \
- --test v4-tcp
+ --srcip 10.72.122.120 \
+ --dstip 10.72.107.254 \
+ --interface eth1 \
+ --dstmac 00:00:0C:07:AC:01 \
+ --dstport 22 \
+ --test v4-tcp
Starting test "v4-tcp". Opening interface "eth1".
- Ethernet Frame, ethertype 2048
+ Ethernet Frame, ethertype 0x0800 (ETHERTYPE_IP)
Src MAC 00:1A:4B:C6:F5:2E
Dest MAC 00:00:0C:07:AC:01
IPv4 Packet:
Src IP: 10.72.122.120
Dst IP: 10.72.107.254
- Protocol: 6
- Frag Offset: 0
- Flags: 0
- Iphl: 5
+ Protocol: 6 (IPPROTO_TCP)
+ Frag Offset: 0 (0 bytes)
+ Flags: 0 (None)
+ Iphl: 5 (20 bytes)
TCP Packet:
Src Port: 44128
Dst Port: 22
- Seq Num: 6026158
+ Seq Num: 637685203
Ack Num: 0
- Syn: 1
- Ack: 0
- Rst: 0
+ Flags: 2 (SYN)
Packet transmission successful, waiting for reply...
IPv4 Packet:
Src IP: 10.72.107.254
Dst IP: 10.72.122.120
- Protocol: 6
- Frag Offset: 0
- Flags: 2
- Iphl: 5
+ Protocol: 6 (IPPROTO_TCP)
+ Frag Offset: 0 (0 bytes)
+ Flags: 2 (DF)
+ Iphl: 5 (20 bytes)
TCP Packet:
Src Port: 22
Dst Port: 44128
- Seq Num: 321403012
- Ack Num: 6026159
- Syn: 1
- Ack: 1
- Rst: 0
+ Seq Num: 392222197
+ Ack Num: 637685204
+ Flags: 18 (SYN, ACK)
Test was successful.
+=head2 v4-frag-optioned-tcp
+
+In this example, synfrag will send a fragmented IPv4 TCP SYN packet to the
+target host, with the initial fragment padded out to 68 bytes. Most hosts will
+drop fragmented IPv4 TCP SYN packets, which is the case here. Note the target
+responds with an ICMP fragment reassembly time exceeded message, though synfrag
+will only see the reply if we increase the default timeout to 60 seconds.
+
+ sudo ./synfrag \
+ --srcip 10.72.122.120 \
+ --dstip 10.72.107.254 \
+ --interface eth1 \
+ --dstmac 00:00:0C:07:AC:01 \
+ --dstport 22 \
+ --test v4-frag-optioned-tcp \
+ --timeout 60
+ Starting test "v4-frag-optioned-tcp". Opening interface "eth1".
+
+ Ethernet Frame, ethertype 0x0800 (ETHERTYPE_IP)
+ Src MAC 00:1A:4B:C6:F5:2E
+ Dest MAC 00:00:0C:07:AC:01
+
+ IPv4 Packet:
+ Src IP: 10.72.122.120
+ Dst IP: 10.72.107.254
+ Protocol: 6 (IPPROTO_TCP)
+ Frag Offset: 0 (0 bytes)
+ Flags: 1 (MF)
+ Iphl: 13 (52 bytes)
+
+ TCP Packet:
+ Src Port: 44128
+ Dst Port: 22
+ Seq Num: 956140482
+ Ack Num: 2409889792
+ Flags: 2 (SYN)
+
+ IPv4 Packet:
+ Src IP: 10.72.122.120
+ Dst IP: 10.72.107.254
+ Protocol: 6 (IPPROTO_TCP)
+ Frag Offset: 1 (8 bytes)
+ Flags: 0 (None)
+ Iphl: 5 (20 bytes)
+
+ Packet transmission successful, waiting for reply...
+
+ IPv4 Packet:
+ Src IP: 10.72.107.254
+ Dst IP: 10.72.122.120
+ Protocol: 1 (IPPROTO_ICMP)
+ Frag Offset: 0 (0 bytes)
+ Flags: 0 (None)
+ Iphl: 5 (20 bytes)
+
+ ICMP Packet:
+ Type: 11 (Time Exceeded)
+ Code: 1 (Fragment Reassembly Time Exceeded)
+
+ Test failed.
+
=head1 License
synfrag is released under the BSD license. synfrag includes BSD licensed code
from libnet, and links against libpcap, also licensed under the BSD license.
=head1 Copyright
-Copyright Yahoo! Inc, 2012
+Copyright 2012, Yahoo! Inc. All rights reserved.
=head1 Author
John Eaglesham
=head1 Changes
+=head2 1.1 - 20120215
+
+Initial release as open source, thanks Yahoo!
+
+Converted documentation to POD, added examples.
+
+Fixed extra free() after timeout.
+
+Print pretty flag names.
+
+Allow users to specify a timeout period.
+
=head2 1.0 - 20120209
-Initial release as open source.
+
+Internal release.
View
@@ -38,19 +38,24 @@
my $fh;
-open( $fh, '<', '/usr/include/net/ethernet.h' ) || die "Failed to open /usr/include/net/ethernet.h: $!";
-
print qq#char *ether_protocol_to_name( unsigned short protocol )\n{\n#;
-while( my $l = <$fh> ) {
- # BSD style.
- if ( $l =~ /^\s*#define\s+(ETHERTYPE_[[:graph:]]+)\s+(0x[[:xdigit:]]+)/ ) {
- next if ord( $2 ) > 65535;
- print qq# if ( protocol == $2 ) return "$1";\n#;
-
- # Linux style.
- } elsif ( $l =~ /^\s+(IPPROTO_[[:graph:]]+)\s+=\s+(0x[[:xdigit:]]+)/ ) {
- next if ord( $2 ) > 65535;
- print qq# if ( protocol == $2 ) return "$1";\n#;
+
+if ( open( $fh, '<', '/usr/include/linux/if_ether.h' ) ) {
+ while( my $l = <$fh> ) {
+ if ( $l =~ /^\s*#define\s+ETH_P_([[:graph:]]+)\s+(0x[[:xdigit:]]+)/ ) {
+ next if ord( $2 ) > 65535;
+ print qq# if ( protocol == $2 ) return "ETHERTYPE_$1";\n#;
+ }
+ }
+
+} else {
+ open( $fh, '<', '/usr/include/net/ethernet.h' ) || die "Failed to open /usr/include/linux/if_ether.h and /usr/include/net/ethernet.h: $!";
+
+ while( my $l = <$fh> ) {
+ if ( $l =~ /^\s*#define\s+(ETHERTYPE_[[:graph:]]+)\s+(0x[[:xdigit:]]+)/ ) {
+ next if ord( $2 ) > 65535;
+ print qq# if ( protocol == $2 ) return "$1";\n#;
+ }
}
}
-print qq# return "Unassigned";\n}\n#;
+print qq# return "Unassigned";\n}\n\n#;
Oops, something went wrong.

0 comments on commit 013e89b

Please sign in to comment.