I am having a hell of a time getting hping2 (from ports) make sense to
me. Can someone hint me in as to what is going on here?
I'm running hping2 in debugger and I get to where it puts the packet
on the wire in 'send_ip()' in sendip.c,
result = sendto(sockraw, packet, packetsize, 0,
(struct sockaddr*)&remote, sizeof(remote));
Now, 'packet' is a pretty standard TCP/IP packet. I am trying to craft
a RST with certain seq. and ack. numbers. The source port number will
be at bytes 20 and 21 in such a packet (20 for the IP header and
source port is the first two bytes from the TCP header). So, in
gdb(1), I check those values,
(gdb) x/2b packet + 20
0x8062014: 0x04 0xab
And it reports the values I wanted (1195 decimal). (I'll skip the
problem reading values from the command line which makes entering the
seq. and ack. painful, I understand why that does not work.)
However, I'm watching what actually comes out of the interface (tun0)
with tcpdump(8),
22:32:22.335423 209.247.139.131.13811 > 207.217.77.22.119: R
2147483647:2147483647(0) win 512
0x0000 4500 0028 50c0 0000 4006 afa5 d1f7 8b83 E..(P...@.......
0x0010 cfd9 4d16 35f3 0077 7fff ffff 17a4 c243 ..M.5..w.......C
0x0020 5004 0200 a324 0000 P....$..
But is sendto(2) messing up sending it or tcpdump(8) messing up
reading/displaying it? And this works find when I send it over an
Ethernet device (dc0). At least both the sender and receiver report
the same, correct thing from tcpdump(8).
Not quite sure what to check next.
--
Crist J. Clark [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
