Date: Sun, 24 Jun 2001 22:48:17 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: freebsd-net@freebsd.org Subject: hping2 Headaches Message-ID: <20010624224817.L11961@blossom.cjclark.org>
next in thread | raw e-mail | index | archive | help
I am having a hell of a time getting hping2 (from ports) make sense to me. Can someone hint me in as to what is going on here? I'm running hping2 in debugger and I get to where it puts the packet on the wire in 'send_ip()' in sendip.c, result = sendto(sockraw, packet, packetsize, 0, (struct sockaddr*)&remote, sizeof(remote)); Now, 'packet' is a pretty standard TCP/IP packet. I am trying to craft a RST with certain seq. and ack. numbers. The source port number will be at bytes 20 and 21 in such a packet (20 for the IP header and source port is the first two bytes from the TCP header). So, in gdb(1), I check those values, (gdb) x/2b packet + 20 0x8062014: 0x04 0xab And it reports the values I wanted (1195 decimal). (I'll skip the problem reading values from the command line which makes entering the seq. and ack. painful, I understand why that does not work.) However, I'm watching what actually comes out of the interface (tun0) with tcpdump(8), 22:32:22.335423 209.247.139.131.13811 > 207.217.77.22.119: R 2147483647:2147483647(0) win 512 0x0000 4500 0028 50c0 0000 4006 afa5 d1f7 8b83 E..(P...@....... 0x0010 cfd9 4d16 35f3 0077 7fff ffff 17a4 c243 ..M.5..w.......C 0x0020 5004 0200 a324 0000 P....$.. But is sendto(2) messing up sending it or tcpdump(8) messing up reading/displaying it? And this works find when I send it over an Ethernet device (dc0). At least both the sender and receiver report the same, correct thing from tcpdump(8). Not quite sure what to check next. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010624224817.L11961>