发送任意(原始)数据包
[英]Sending arbitrary (raw) packets
问题描述
I've seen it asked elsewhere but no one answers it to my satisfaction: how can I receive and send raw packets? 
我已经看到它在其他地方问了但是没有人满意地回答:我怎样才能接收和发送原始数据包?
By "raw packets", I mean where I have to generate all the headers and data, so that the bytes are completely arbitrary, and I am not restricted in any way. 通过“原始数据包”,我的意思是,我必须生成所有头和数据,使字节完全是任意的, 而且我不以任何方式限制。 This is why Microsofts RAW sockets won't work, because you can't send TCP or UDP packets with incorrect source addresses. 这就是为什么Microsofts RAW套接字无法工作的原因,因为您无法发送具有错误源地址的TCP或UDP数据包。
I know you can send packets like I want to with WinPCAP but you cannot receive raw information with it, which I also need to do. 我知道您可以使用WinPCAP发送我想要的数据包,但是您无法使用它接收原始信息,我也需要这样做。
1 个解决方案
解决方案1
9 已采纳 2011-06-17 18:16:47
First of all decide what protocol layer you want to test malformed data on: 首先确定要测试格式错误的数据的协议层:
Ethernet 以太网络
If you want to generate and receive invalid Ethernet frames with a wrong ethernet checksum, you are more or less out of luck as the checksumming is often done in hardware, and in the cases they're not, the driver for the NIC performs the checksumming and there's no way around that at least on Windows. 如果您希望生成和接收带有错误以太网校验和的无效以太网帧,那么您或多或少会因为校验和通常在硬件中完成而失败,并且在它们不是的情况下,NIC的驱动程序执行校验和并且至少在Windows上没有办法解决这个问题。 NetBSD provides that option for most of it drivers that does ethernet checksumming in the OS driver though. NetBSD为大多数在OS驱动程序中执行以太网校验和的驱动程序提供了该选项。
The alternative is to buy specialized hardware, (eg cards from Napatech, you might find cheaper ones though), which provides an API for sending and receiving ethernet frames however invalid you would want. 另一种方法是购买专用硬件(例如Napatech的卡,你可能会找到更便宜的硬件),它提供了一个用于发送和接收以太网帧的API,但是你想要的无效。
Be aware that sending by sending invalid ethernet frames, the receiving end or a router inbetween will just throw the frames away, they will never reach the application nor the OS IP layer. 请注意,通过发送无效的以太网帧,接收端或中间的路由器发送只会丢帧,它们永远不会到达应用程序或OS IP层。 You'll be testing the NIC or NIC driver on the receiving end. 您将在接收端测试NIC或NIC驱动程序。
IP IP
If all you want is to send/receive invalid IP packets, winpcap lets you do this. 如果你想要的只是发送/接收无效的IP数据包,winpcap允许你这样做。 Generate the packets, set up winpcap to capture packets, use winpcap to send.. 生成数据包,设置winpcap来捕获数据包,使用winpcap发送..
Be aware that packets with an invalid IP checksum other invalid fields, the TCP/IP stack the receiving application runs on will just throw the IP packets away, as will any IP/layer 3 router inbetween the sender and receiver do. 请注意,具有无效IP校验和其他无效字段的数据包,接收应用程序运行的TCP / IP堆栈将丢弃IP数据包,发送器和接收器之间的任何IP /第3层路由器都会丢弃。 They will not reach the application. 他们无法联系到申请表。 If you're generating valid IP packets, you'll also need to generate valid UDP and implement a TCP session with valid TCP packets yourself in order for the application to process them, otherwise they'll also be thrown away by the TCP/IP stack 如果您正在生成有效的IP数据包,您还需要自己生成有效的UDP并使用有效的TCP数据包实现TCP会话,以便应用程序处理它们,否则它们也会被TCP / IP丢弃堆
You'll be testing the lower part of the TCP/IP stack on the receiving end. 您将在接收端测试TCP / IP堆栈的下半部分。
TCP/UDP TCP / UDP
This is not that different from sending/receiving invalid IP packets. 这与发送/接收无效IP数据包没有什么不同。 You an do all this with winpcap, though routers will not throw them away, as long as the ethernet/IP headers are ok. 你可以使用winpcap完成所有这些工作,但只要以太网/ IP头没问题,路由器就不会丢弃它们。 An application will not receive these packets though, they'll be thrown away by the TCP/IP stack. 应用程序不会收到这些数据包,它们将被TCP / IP堆栈丢弃。 You'll be testing the upperpart of the TCP/IP stack on the receiving end. 您将在接收端测试TCP / IP堆栈的上部。
Application Layer 应用层
This is the (sane) way of actually testing the application(unless your "application" actually is a TCP/IP stack, or lower). 这是实际测试应用程序的(理智)方式(除非您的“应用程序”实际上是TCP / IP堆栈,或更低)。 You send/receive data as any application would using sockets, but generate malformed application data as you want. 您可以使用任何应用程序使用套接字发送/接收数据,但可以根据需要生成格式错误的应用程序数据。 The application will receive this data, it's not thrown away by lower protocol layers. 应用程序将接收此数据,它不会被较低的协议层丢弃。
Although one particular form of tests with TCP can be hard to test - namely varying the TCP segments sent, if you eg want to test that an application correctly interprets the TCP data as a stream. 虽然使用TCP的一种特定形式的测试可能很难测试 - 即改变发送的TCP段,如果您想测试应用程序正确地将TCP数据解释为流。 (eg you want to send the string "hello" in 5 segments and somehow cause the receiving application to read() the characters one by one). (例如,您希望在5个段中发送字符串“hello”,并以某种方式使接收应用程序逐个读取()字符。 If you don't need speed, you can usually get that behaviour by inserting pauses in the sending and turn off nagel's algorithm (TCP_NDELAY) and/or tune the NIC MTU. 如果您不需要速度,通常可以通过在发送中插入暂停并关闭nagel的算法(TCP_NDELAY)和/或调整NIC MTU来获得该行为。
Remember that any muckery with lower level protocols in a TCP stream, eg cause one of the packets to have an invalid/diffferent IP source address just gets thrown away by lower level layers. 请记住,TCP流中具有较低级别协议的任何muckery,例如导致其中一个数据包具有无效/不同的IP源地址,只会被较低级别的层丢弃。
You'll be testing an application running on top of TCP/UDP(or any other IP protocol). 您将测试在TCP / UDP(或任何其他IP协议)上运行的应用程序。
Alternatives 备择方案
switch to another OS, where you at least can use raw sockets without the restrictions of recent windows.
切换到另一个操作系统,你至少可以使用原始套接字,而不受最近窗口的限制。 Implement a transparent drop insert solution based on the "Ethernet" or "IP" alternative above.
基于上面的“以太网”或“IP”替代方案实施透明的插入式插入解决方案。 ie you have your normal client application, your normal server application. 即你有正常的客户端应用程序,您的正常服务器应用程序。 You break a cable inbetween them, insert your box with 2 NICs where you programatically alter bytes of the frames received and send them back out again on the other NIC. 你在它们之间断开电缆,插入带有2个NIC的盒子,在那里以编程方式改变收到的帧的字节,然后在另一个NIC上再次发送它们。 This'll allow you to easily introduce packet delays in the system as well. 这样您就可以轻松地在系统中引入数据包延迟。 Linux' netfilter already have this capability which you can easily build on top of, often with just configuration or scripting. Linux的netfilter已经具备了这种功能,您可以轻松地构建它,通常只需配置或编写脚本。 If you can alter the receiving application you want to test, have it read data from something else such as a file or pipe and feed it random bytes/packets as you wish.
如果您可以更改要测试的接收应用程序,请让它从其他内容(如文件或管道)读取数据,并根据需要随机提供字节/数据包。 Hybrid model, mainly for TCP application testing, but also useful for eg testing UDP ICMP responses.
混合模型,主要用于TCP应用程序测试,但也可用于测试UDP ICMP响应。 Set up a TCP connection using sockets. 使用套接字设置TCP连接。 Send your invalid application data using sockets. 使用套接字发送无效的应用程序数据。 Introduce random malformed packets(much easier than programming with raw sockets that set up a TCP session and then introduce lower layer errors). 引入随机格式错误的数据包(比使用设置TCP会话的原始套接字编程然后引入较低层错误容易得多)。 Send malformed IP or UDP/TCP packets, or perhaps ICMP packets using WinPcap, though communicate with the socket code to the winpcap code so you'll the addresses/port correct, such that the receiving application sees it. 发送格式错误的IP或UDP / TCP数据包,或者使用WinPcap发送ICMP数据包,尽管使用套接字代码与winpcap代码进行通信,这样您的地址/端口就会正确,这样接收应用程序就可以看到它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.