In this episode I decided to take a slight diversion into networking fundamentals. As before, if you want to learn more about installing the ONICS tool suite, go back and listen to HPR 2882.
There are three key concepts to understand about modern networks. They are:
digital - the networks carry bits and bytes (binary digits)
packet switched - devices break data into blobs of data called "packets" and take turns sending and receiving those packets to/from other devices attached to the network
internetworked -- machines communicate using a protocol that allows traffic to traverse across multiple, independently-managed networks in a uniform way
2 laptops connected to a home wifi network that has Internet connectivity.
Practicing sending data from a source machine to a destination machine. Both are running Linux.
Source machine:
Destination machine
Internet Router:
Address - a number that identifies a machine's interface in a network
Packet - a blob of binary data sent as a unit over a network
Route - a rule that specifies how to forward traffic to a given address
Router / Gateway - a machine that uses the IP protocol and forwards traffic between multiple networks that it connects to
Network Protocol - a set of rules and data formats for exchanging information over a network
rawpkt - take a blob of data and wrap it in an XPKT format (so other ONICS tools can understand what it is)
ethwrap - take an XPKT and prepend an Ethernet header to it
ipwrap - take an XPKT and prepend an IP header to it
pktin - read a stream of packets from a network interface
pflt - filter a stream of packets so that only those matching a pattern get through
pktout - send a stream of packets to a network interface
x2hpkt - convert XPKTs into a hex dump
xpktdump - like x2hpkt, but send the output to a pager like 'less' for easy reading
$ sudo pktin wlo1 |
pflt "not ip and eth.dst == 6c:88:14:7c:2e:14" |
x2hpkt
$ echo "hello world" |
rawpkt |
ethwrap "eth.dst = 6c:88:14:7c:2e:14; "
"eth.src = 00:22:fa:a7:69:90; "
"eth.ethtype = 12;" |
sudo pktout wlan0
Note that while I broke up the field setting commands into multiple lines in ethwrap, they can all be part of a single quoted string if desired. To store the packet to a file rather than send it instead do something
$ echo ... | rawpkt | ethwrap ... > outfile.xpkt
One can then dump the packet by running:
$ xpktdump outfile.xpkt
or send the packet by running:
$ sudo pktout outfile.xpkt wlan0
$ sudo pktin wlo1 |
pflt "ip and ip.proto == 255" |
x2hpkt
$ echo "hello world" |
rawpkt |
ipwrap "ip.saddr = 192.168.0.4;"
"ip.daddr = 192.168.0.248;"
"ip.len = 32;"
"ip.ttl = 64;"
"ip.proto = 255;" |
ethwrap "eth.dst = 6c:88:14:7c:2e:14; "
"eth.src = 00:22:fa:a7:69:90; "
"eth.ethtype = 0x800;" |
sudo pktout wlan0
Note that while I broke up the field setting commands into multiple lines in ipwrap and ethwrap, they can all be part of a single quoted string if desired. Also note that it is not actually necessary to set the 'ip.len' and 'eth.ethtype' fields: the tools will do that automatically.
$ sudo pktin wlo1 |
pflt "ip and ip.proto == 255" |
x2hpkt
$ echo "hello world" |
rawpkt |
ipwrap "ip.saddr = 192.168.0.4;"
"ip.daddr = 192.168.0.248;"
"ip.ttl = 64;"
"ip.proto = 255;" |
ethwrap "eth.dst = 00:0d:b9:23:f2:51; "
"eth.src = 00:22:fa:a7:69:90; " |
sudo pktout wlan0
There are several differences between the packets that arrive at the destination machine when sending directly over the local network versus sending via an IP gateway (router). I've mentioned how the Ethernet header is different. Can you find the other differences? What causes these differences?
TIP: instead of sending the pktin
command to x2hpkt, send it to a file. Do this for both local network send and for sending via the router saving each to different files. Then run pdiff
on the two files to highlight the differences.
Unless otherwise stated, our shows are released under a Creative Commons Attribution-ShareAlike 3.0 Unported (CC BY-SA 3.0) license.
The HPR Website Design is released to the Public Domain.