Could i inject packets to Linux TCP stack without modifying the ethernet driver? Could i do this with using a library or sth ?
Thank you,
If by 'inject packets to Linux TCP stack' you mean send some data that the Linux kernel will treat as a frame coming from an Ethernet interface then you can use a 'tap' device. If an IP packet (layer 3) is good enough, then use a 'tun' device.
http://en.wikipedia.org/wiki/TUN/TAP
http://www.kernel.org/pub/linux/kernel/people/marcelo/linux-2.4/Documentation/networking/tuntap.txt
Libnet
Libnet is a generic networking API that provides access to several protocols. It is not designed as a 'all in one' solution to networking. Currently many features that are common in some network protocols are not available with Libnet, such as streaming via TCP/IP. We feel that Libnet should not provide specific features that are possible in other protocols. If we restrict Libnet to the minimal needed to communicate (datagram/packets) then this allows it to support more interfaces.
Otherwise, if you're just wondering about injecting hand-crafted packets into the network, read the man pages and look for online help with raw sockets. Some good places to start are man 7 raw, man packet, and there are some ok tutorials at security-freak.net, though the code there is not written particularly well for my tastes.
Related
I am currently learning about networking. I am going through the TCP IP and OSI model and try to pick apart what protocol belongs to which layer. I am a bit confused over Media Access Control. Does it just refer to the hardware id of the network card or is it the name of the protocol responsible for it? I tried to find any RFCs for MAC on IETF to provide some definitions for me, but I couldn't find anything.
"MAC" stands for media access control - it's a sublayer of the data link layer (L2) in the OSI model.
One of the most popular protocols in this layer is Ethernet which covers the physical layer and the data link layer. You can find all about Ethernet at IEEE 802.3 (requires registration but is free).
Another extremely popular L1/L2 protocol stack is WiFi (IEEE 802.11) but that's a lot more complicated and hard to start with.
No, the MAC is not a protocol in that you won't find any 'MAC spec' that you can implement. MACs are typically embedded in hardware devices and expose functionality to send and receive frames to the media that they're controlling.
How they expose that functionality is up to the manufacturer of the MAC. They don't follow any standard protocol. You might find simple SPI interfaces, register-based access, DMA transfer or others.
I have a question concerning tcp packet sniffing with golang.
We have written a small tool which captures all incoming TCP packets comming from a fibre Tap.
The current implementation uses a libpcap wrapper under Linux. We need to port this tool to Windows. Of course, it is not possible at the moment.
So my question is, is there a cross platform solution for sniffing packets? We only need TCP packets, IP headers , no Ethernet Data and not all features of libpcap.
If there is no cross platform solution, two Code implementation would be ok, too. I know one can use raw sockets under Linux (and with some limitations under Windows). Does Golang support raw sockets and is there an example implementation for sniffing packets with sockets?
Tanks!! :-)
You should be able to use the ipv4 package from go.net.
Package ipv4 implements IP-level socket options for the Internet Protocol version 4.
The ipv4.RawConn type and it's associated methods should work cross-platform.
A RawConn represents a packet network endpoint that uses the IPv4 transport. It is used to control several IP-level socket options including IPv4 header manipulation. It also provides datagram based network I/O methods specific to the IPv4 and higher layer protocols that handle IPv4 datagram directly such as OSPF, GRE.
There is also an equivalent package for ipv6.
Take a look at https://code.google.com/p/gopacket/ since it supports pcap (requires cgo for this) and can decode a number of protocols including tcp/ip.
I am writing a simple OS with the network feature. But i don't know how to begin the networt part. the Linux Device Driver is not easy to read.
Could you give me some matearials or suggestions?
Take a look at lwIP - A Lightweight TCP/IP stack. It implements all necessary functionality to send/receive UDP datagrams and to establish TCP connections.
lwIP is licenced under the BSD licence, so you may use it even in non-opensource project.
Can someone explain the concepts of IPoIB and TCP over infiniband? I understand the overall concept and data rates provided by native infiniband, but dont quite understand how TCP and IPoIB fit in. Why do u need them and what do they do? What is the difference when someone says their network uses IPoIB or TCP with infiniband? Which one is better? I am not from a strong networking background, so it would be nice if you could elaborate.
Thank you for your help.
InfiniBand adapters ("HCAs") provide a couple of advanced features that can be used via the native "verbs" programming interface:
Data transfers can be initiated directly from userspace to the hardware, bypassing the kernel and avoiding the overhead of a system call.
The adapter can handle all of the network protocol of breaking a large message (even many megabytes) into packets, generating/handling ACKs, retransmitting lost packets, etc. without using any CPU on either the sender or receiver.
IPoIB (IP-over-InfiniBand) is a protocol that defines how to send IP packets over IB; and for example Linux has an "ib_ipoib" driver that implements this protocol. This driver creates a network interface for each InfiniBand port on the system, which makes an HCA act like an ordinary NIC.
IPoIB does not make full use of the HCAs capabilities; network traffic goes through the normal IP stack, which means a system call is required for every message and the host CPU must handle breaking data up into packets, etc. However it does mean that applications that use normal IP sockets will work on top of the full speed of the IB link (although the CPU will probably not be able to run the IP stack fast enough to use a 32 Gb/sec QDR IB link).
Since IPoIB provides a normal IP NIC interface, one can run TCP (or UDP) sockets on top of it. TCP throughput well over 10 Gb/sec is possible using recent systems, but this will burn a fair amount of CPU. To your question, there is not really a difference between IPoIB and TCP with InfiniBand -- they both refer to using the standard IP stack on top of IB hardware.
The real difference is between using IPoIB with a normal sockets application versus using native InfiniBand with an application that has been coded directly to the native IB verbs interface. The native application will almost certainly get much higher throughput and lower latency, while spending less CPU on networking.
Hy folks,
I'm kinda new to low level networking. I need to intercepts all TCP/UDP packets and potentially filter or substitute them with new ones.
What would be the best way to intercept these packets and inject new one? I'm only targeting Windows platforms.
You want WinPcap if you're on Windows. What you're going to need to do is intercept (and filter) packets with WinPcap and then write a program that does packet creation when/if you want it.
Write a program that uses libpcap at TCPDump contains tons of API for messing with low-level networking
I want to develop a program, not just use a tool
This page has some references to other pages which introduce the network device driver architectures: NDIS Intermediate driver interface.
You can use tools like wireshark to intercept traffic.
If you planning to write a program which will do all this stuff , then you may need to go to driver level to intercept all traffic.
wireshark uses libpcap . I am not sure but that may help