From owner-freebsd-net Sun Jun 24 22:46:57 2001 Delivered-To: freebsd-net@freebsd.org Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120]) by hub.freebsd.org (Postfix) with ESMTP id 978CF37B401 for ; Sun, 24 Jun 2001 22:46:54 -0700 (PDT) (envelope-from cjc@earthlink.net) Received: from blossom.cjclark.org (dialup-209.247.139.131.Dial1.SanJose1.Level3.net [209.247.139.131]) by albatross.prod.itd.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id WAA13945 for ; Sun, 24 Jun 2001 22:46:52 -0700 (PDT) Received: (from cjc@localhost) by blossom.cjclark.org (8.11.4/8.11.3) id f5P5mHL15340 for freebsd-net@freebsd.org; Sun, 24 Jun 2001 22:48:17 -0700 (PDT) (envelope-from cjc) Date: Sun, 24 Jun 2001 22:48:17 -0700 From: "Crist J. Clark" To: freebsd-net@freebsd.org Subject: hping2 Headaches Message-ID: <20010624224817.L11961@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I am having a hell of a time getting hping2 (from ports) make sense to me. Can someone hint me in as to what is going on here? I'm running hping2 in debugger and I get to where it puts the packet on the wire in 'send_ip()' in sendip.c, result = sendto(sockraw, packet, packetsize, 0, (struct sockaddr*)&remote, sizeof(remote)); Now, 'packet' is a pretty standard TCP/IP packet. I am trying to craft a RST with certain seq. and ack. numbers. The source port number will be at bytes 20 and 21 in such a packet (20 for the IP header and source port is the first two bytes from the TCP header). So, in gdb(1), I check those values, (gdb) x/2b packet + 20 0x8062014: 0x04 0xab And it reports the values I wanted (1195 decimal). (I'll skip the problem reading values from the command line which makes entering the seq. and ack. painful, I understand why that does not work.) However, I'm watching what actually comes out of the interface (tun0) with tcpdump(8), 22:32:22.335423 209.247.139.131.13811 > 207.217.77.22.119: R 2147483647:2147483647(0) win 512 0x0000 4500 0028 50c0 0000 4006 afa5 d1f7 8b83 E..(P...@....... 0x0010 cfd9 4d16 35f3 0077 7fff ffff 17a4 c243 ..M.5..w.......C 0x0020 5004 0200 a324 0000 P....$.. But is sendto(2) messing up sending it or tcpdump(8) messing up reading/displaying it? And this works find when I send it over an Ethernet device (dc0). At least both the sender and receiver report the same, correct thing from tcpdump(8). Not quite sure what to check next. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message