I have been trying to encapsulate a TCP packet inside a custom UDP header using scapy. To create the packet, I use the command:
a = IP(dst = "142.251.33.110") / UDP() / IP(dst = "104.215.148.63") / TCP()
From what I understand, this should create a TCP packet with an outer UDP header (the IPs are of random websites). However, when I use Wireshark to inspect the packets, it shows the protocol as DNS and the protocol is malformed as well (probably because it is expecting a DNS packet and getting a different one).
How do I resolve this issue?
Related
I have a question about network protocols. When I'm receiving packets to decode it how I can determine if its TCP or UDP or ICMP?
Is there any sign of byte number can I use it to know?
The IPv4 packet header has a Protocol field which tells you which protocol is in the packet payload.
With IPv6 it is a little more complex. The IPv6 packet Next Header field will tell you the same thing if there are no IPv6 extension headers. If there are IPv6 extension headers, you will need to follow the chain of headers to get the last header in order to determine the payload type.
IP protocol datagram header contains a Protocol field to define the protocol used in the data portion of the IP datagram.
How does a TCP packet identify the its application level protocols? I don't see similar fields in the TCP header format. So it all depends on the port number?
If so, does it mean I can silently switch the application protocol on the same port, just like what happens when WebSocket uses a handshake request in the format of HTTP to tell the server to switch from HTTP to WebSocket protocol?
TCP itself does not care about the application layer protocol used. The closest thing is the port number. Port numbers are used to distinguish different connections on the same host. When a packet is received, the operating system uses the port number to determine which program it belongs to. Although many protocols have standard port numbers, you are not required to use them.
So yes, you can switch protocols on the same port.
In network, a tunnel is a logical connection between two nodes. In the tunnel, there are multiple routers that physically comprise the path. Hence the packets in a tunnel are essentially routed via IP. (correct me if I am wrong)
This makes sense to a layer 3 tunneling protocol, where a passenger protocol is encapsulated in an IP protcol. Routeres inside a tunnel can make use of the extra IP headers to route packets to tunnel endpoints.
However in a layer 2 tunneling protocol, a passenger protocol is encapsulated in an layer2 protcol. For example, in L2TP as below, we can see the original packet(ppp header+ppp payload) is encapsulated within a L2TP header, UDP header, IPSec header, IP header, Data-link header. Since we already have a outer IP header, which sufficies to route the whole packets through the tunnel to its endpoints. why do we bother to add another extra data-link header? The only reason that seemes possible to me is that it tries to send this packets over a ppp link or a WAN link, but in practice this link is logical and consists of numerous physical routers. So why would you want to add a extra link layer header? and how would this packet be processed in the tunnel?
If i established openvpn connection through udp(proto udp), can i use tcp in it(tcp convert to udp somehow), or only udp?
In short: Yes, you can send TCP through an VPN-Tunnel which is transported via UDP.
In fact you can tunnel any protocol support by OpenVPN no matter what transport you choose.
You can use any protocol you like, even raw IP. OpenVPN simulates a fully-fledged network device (to some extend – whether it's based on the Ethernet or the IP layer depends on configuration) which behaves like any other network adapter. So you can of course use TCP and UDP in it.
The packages sent via the OpenVPN devices are encrypted and passed through the UDP “connection” used by OpenVPN to the remote side, where they're decrypted and passed on to routing to forward them to their final destination (which might be the remote itself).
Im using tcpdump to generate some captures between a client, proxy and an origin server.
I was wondering if its possible to either within wireshark or thru some param to indicate in each packet what TCP status the device is at e.g. ip 10.20.30.34 -- CLOSE_WAIT etc..
This is not possible within Wireshark (and AFAIK not within tcpdump either).