I have 'Sender.exe' and 'Receiver.exe'. Sender will send the images to the receiver. I have captured the packets sent by Sender to receiver through Wireshark and exported them as PDML format.
Now, I have to fuzz the captured packets and send to the receiver system. As a first step, I need to know the following: Is there a way to send the packets captured in PDML format or XML format?
In order to do that, you would have to 1) hope that every single byte of the packet was represented as a field with value= and 2) write your own code to take all the value=s of the fields and put them into a binary packet (i.e., undo the conversion of the raw packet data into PDML) and send that packet.
There is nothing in Wireshark that will do this for you.
Related
Say we have sender A sending a message to receiver B using TCP. Say the message to be sent from A to B is split into three packets of length 500 bytes, 500 bytes and 50 bytes, to be sent in that order. How does A indicate to B that the packet of length 50 bytes is the last part of the message? I can understand that an ACK from B to A, sent every other packet received by B, indicates using the sequence number how much data has been received by B since the last ACK was sent by B. I read that FIN is used to terminate the connection between the sender and receiver. However, I can't find a description of how the the last packet, of a message split into several packets, is indicated. I'm thinking the packets have to be reassembled, in order, before the message is sent to the receiving application. I think that as one of TCPs actions is to split the message into packets, there must be some way of the sender flagging the last packet of a message has been sent.
I think that as one of TCPs actions is to split the message into
packets
No, TCP takes a stream of data and segments it into PDUs called segments. It is IP that uses the TCP segments as the payload of IP packets, which are in turn the payload of the data-link protocol, e.g. ethernet, frames.
However, I can't find a description of how the the last packet, of a
message split into several packets, is indicated.
Something like that is up to a higher protocol, e.g. HTTP. I think you are looking at TCP the wrong way. A TCP connection is like a bidirectional pipe; whatever you put in one end comes out the other end. TCP has no idea of the data structure, it just sends whatever it gets from the application or application-layer protocol. When an application or application-layer protocol is through using the connection, it tells TCP to tear it down.
The receiving TCP simply receives data and reorders it, asking for lost or missing segments. It passes properly ordered data up to the application or application-layer protocol, having no idea of the data structure because it is just a data stream to TCP.
Also, remember that both ends of a TCP connection are peers that can send and receive, and either end can send a segment with FIN that tells the other end that it is done sending, but the end sending the FIN is obligated to continue to receive until the other end also sends a FIN to say it is done sending. Either side could also kill the connection with a RST segment.
there must be some way of the sender flagging the last packet of a
message has been sent.
Probably, but that is not the job of TCP, that is up to the application or application-layer protocol. When the application-layer is done, it tells TCP to close, and that starts the FIN process. TCP has no idea what is the last part of a message is because it knows nothing about the data. It keeps the pipe open until it is told to close it.
I develop a network program that is used to transfer files , it works . But I just know it can works , and I don't know how to monitor and evaluate it . So I want to know what aspects a network program usually need to consider and monitor and how to monitor .
First make sure which protocol you have been used to send files (either TCP or UDP).
1.If you are using TCP at transport layer ,at the receiving end you can use TCPDUMP
packet analyzer to analyze all packets receiving on TCP port and its content.
2.If you want to analyze packets irrespective of protocols used at different layers, you can use wireshark packet analyzer to analyze all packets received on different networks like ethernet,PPP, loop back ,frame relay. you can use IP address of sender host as a reference to extract packets ( you need some reference to extract packets because wire shark will return all the packets received on the NIC interface). Once you extract the packets received from your sender host, you can analyze the packet payload to check whether files content has been received properly or not.
3.you can redirect data ( payload) of all received packets into some file. Once your program is done with receiving packets, you can check with that file to check data has been properly received or not. ( you can use this method only to test your client/server programs within a system)
when a packet goes out libpcap timestamps the packet, but where does the time stamp of packet reside i.e, whether it resides in data of packet.
If on reception side if the same packet is received does the time stamp at transmitted side will be over written at reception side by libpcap.
libpcap does not timestamp outgoing packets. On the transmit side, timestamping can be done as a part of some network protocol. For example, with TCP one can use the Timestamp option (RFC 1323). If the TCP timestamp option is enabled, the outgoing packets will most likely be timestamped by the network stack.
On the receive side, libpcap receives the packet from the OS and will rely on the kernel to give it a valid timestamp. The kernel will get the timestamp from either the network interface driver or the networking stack.
The receive timestamp should not be a part of the packet and hence wont overwrite the senders timestamp, which will be a part of the received packet. (as in case of TCP)
Hope that answers your question?
How do TCP knows which is the last packet of a large file (that was segmented by tcp) in the scenario that the connection is kept-established. (like ftp or sending mp3 on yahoo messenger)
I mean how does it know which packet carries data of one.mp3 and which packet carries data of another.mp3 ??
Anyone ?
Thank you
There are at least 2 possible approaches.
Declare upfront how much data you're going to send. Something like a packet that declares Sending a message that's 4008 bytes long
The second approach is to use a terminating sequence (nastier to process)
So the receiver:
Tries to read the declared amount or
Scans for the terminating sequence
TCP is a stream protocol and fragmentation should be transparent to a TCP application. It operates on streams of data, never packets. A stream is assembled to its intended order using the sequence numbers. The sequence of bytes send by application is encapsulated in tcp segments. The stream is recreated on the receiver side before data is delivered to the application.
The IP protocol can do fragmentation.
Each TCP segment goes to the IP layer and may be fragmented there. Segment is reassembled by collecting all of the packets and offset field from the header is used to put it in the right place.
If a client receives a damaged packet then it will know that after comparing the packet's checksum to the one in the header.
But can a sender know when a packet has reached the client in a damaged form?
First of all, it seems you are making a confusion. CSMA/CD is for detecting when somebody else is using the link so that a collision doesn't happen. It's its only purpose.
Second, ethernet senders cannot find out if the frame they sent arrives malformed. There is no acknowledgement. The upper-layer protocols must take precautions.