Network Tools

While working with low-level network programming, I found I could benefit from a few new tools. I decided to develop release-able versions of them so I could publish them online here.

pcap2c

pcap2c - Version 1.0 - June 19th, 2007
Written by Vanya A. Sergeev - vsergeev at gmail

Download the latest pcap2c source here: pcap2c-1.0.tar.gz
Download a gziped x86 linux binary of pcap2c here: pcap2c-linux-x86-1.0.gz

pcap2c converts a pcap capture file (such as one from Ethereal/Wireshark or tcpdump) into a C source file, where the packets are stored as unsigned char arrays. These packets can then be compiled into a C program where they can be easily used for further manipulation, retransmission, etc.

Usage: ./pcap2c <libpcap capture file> <C source file>

The program creates a dedicated unsigned char array for every packet (i.e. packet0[], packet4[]). After all of these dedicated character arrays have been created, a master packets array is created, which is an array of pointers to each of the dedicated packet arrays. With its complement, the master packet lengths array, a C program can look up packet data by its index in the master packets array, and look up the packet’s length with the master packet lengths array (i.e. allPackets[4] and allPacketLengths[4]).

pcap2c should compile with gcc on just about anything.

pcap2c is released under the GNU General Public License version 2.

Please notify me of any bugs or suggestions at vsergeev at gmail.

Sample output “icmp_ping.c”:

unsigned char packet0[98] = {0x00,0x0F,0x66,0xCD,0x06,0xDE,0x00,0x16,0xCB,
0xA2,0x94,0xB2,0x08,0x00,0x45,0x00,0x00,0x54,0x00,0x00,0x40,0x00,0x40,0x01,
0xB6,0xF3,0xC0,0xA8,0x01,0x64,0xC0,0xA8,0x01,0x01,0x08,0x00,0x51,0x78,0x6E,
0x3B,0x00,0x01,0x3D,0xBB,0x79,0x46,0x94,0x46,0x02,0x00,0x08,0x09,0x0A,0x0B,
0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,
0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37};

unsigned char packet1[98] = {0x00,0x16,0xCB,0xA2,0x94,0xB2,0x00,0x0F,0x66,
0xCD,0x06,0xDE,0x08,0x00,0x45,0x00,0x00,0x540xB9,0xD1,0x00,0x00,0x40,0x01,
0x3D,0x22,0xC0,0xA8,0x01,0x01,0xC0,0xA8,0x01,0x64,0x00,0x00,0x59,0x78,0x6E,
0x3B,0x00,0x01,0x3D,0xBB,0x79,0x46,0x94,0x46,0x02,0x00,0x08,0x09,0x0A,0x0B,
0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,
0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37};

unsigned char packet2[98] = {0x00,0x0F,0x66,0xCD,0x06,0xDE,0x00,0x16,0xCB,
0xA2,0x94,0xB2,0x08,0x00,0x45,0x00,0x00,0x54,0x00,0x00,0x40,0x00,0x40,0x01,
0xB6,0xF3,0xC0,0xA8,0x01,0x64,0xC0,0xA8,0x01,0x01,0x08,0x00,0xF4,0x6A,0x6E,
0x3B,0x00,0x02,0x3E,0xBB,0x79,0x46,0xF0,0x52,0x02,0x00,0x08,0x09,0x0A,0x0B,
0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,
0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37};

unsigned char packet3[98] = {0x00,0x16,0xCB,0xA2,0x94,0xB2,0x00,0x0F,0x66,
0xCD,0x06,0xDE,0x08,0x00,0x45,0x00,0x00,0x54,0xB9,0xD2,0x00,0x00,0x40,0x01,
0x3D,0x21,0xC0,0xA8,0x01,0x01,0xC0,0xA8,0x01,0x64,0x00,0x00,0xFC,0x6A,0x6E,
0x3B,0x00,0x02,0x3E,0xBB,0x79,0x46,0xF0,0x52,0x02,0x00,0x08,0x09,0x0A,0x0B,
0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,
0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37};

unsigned char packet4[98] = {0x00,0x0F,0x66,0xCD,0x06,0xDE,0x00,0x16,0xCB,
0xA2,0x94,0xB2,0x08,0x00,0x45,0x00,0x00,0x54,0x00,0x00,0x40,0x00,0x40,0x01,
0xB6,0xF3,0xC0,0xA8,0x01,0x64,0xC0,0xA8,0x01,0x01,0x08,0x00,0xB8,0x69,0x6E,
0x3B,0x00,0x03,0x3F,0xBB,0x79,0x46,0x2B,0x53,0x02,0x00,0x08,0x09,0x0A,0x0B,
0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,
0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37};

unsigned char packet5[98] = {0x00,0x16,0xCB,0xA2,0x94,0xB2,0x00,0x0F,0x66,
0xCD,0x06,0xDE,0x08,0x00,0x45,0x00,0x00,0x54,0xB9,0xD3,0x00,0x00,0x40,0x01,
0x3D,0x20,0xC0,0xA8,0x01,0x01,0xC0,0xA8,0x01,0x64,0x00,0x00,0xC0,0x69,0x6E,
0x3B,0x00,0x03,0x3F,0xBB,0x79,0x46,0x2B,0x53,0x02,0x00,0x08,0x09,0x0A,0x0B,
0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,
0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,0x36,0x37};

unsigned char *allPackets[6] = {packet0, packet1, packet2, packet3, packet4, packet5};

int allPacketLengths[6] = {98, 98, 98, 98, 98, 98};

deja-packet

deja-packet - Version 1.0 - June 26th, 2007
Written by Vanya A. Sergeev - vsergeev at gmail

Download the latest deja-packet source here: deja-packet-1.0.tar.gz
Download a gziped x86 linux binary of deja-packet here: deja-packet-linux-x86-1.0.gz

deja-packet transmits raw packets through a specified interface.

Usage: ./deja-packet -pcap <libpcap capture file> <interface name>
   or: ./deja-packet -raw <raw packet file> <interface name>

Note: you must be root to successfully transmit packets with deja-packet due to the Linux security restrictions with raw sockets.

deja-packet is basically a simple debugging tool that retransmits packets you may later want to observe as they traverse the network (watching them get routed, bridged, etc.). A packet sniffer like Wireshark can be used for further tracking/analysis of the transmitted packet.

In the [-p]cap mode, deja-packet transmits selected packets from a libpcap capture file (such as one created by Ethereal/Wireshark, or tcpdump). In the [-r]aw mode, deja-packet transmits the raw contents of a file as one whole packet.

The [-p]cap mode is interactive: the user will be continuously prompted to select which packet from the libpcap capture file to transmit, until the “q” character is encountered, where the program will quit.

Example pcap mode:

$ sudo ./deja-packet -p icmp_ping.pcap eth0
Select packet number (1 to 6) for transmission or q for quit: 1
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 2
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 5
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 6
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: q
$

In the [-r]aw mode, deja-packet exits immediately after the attempted transmission is complete (allows deja-packet to be easily used with a script).

Example raw mode:

$ sudo ./deja-packet -r samplepacket eth0
Successfully transmitted packet!
$

icmp_ping.pcap is included as a sample libpcap capture file.
To compile deja-packet, simply use the command “make”.
deja-packet remains Linux-only because it requires PF_PACKET sockets.

deja-packet is released under the GNU General Public License version 2.

Please notify me of any bugs or suggestions at vsergeev at gmail.

Print This Page Print This Page