My previous exercises of analysing network traffic exposed me to the network layer but to a very small extent.
Making a proxy gave some idea about the working of application layer.
This particular project was aimed for developing a deeper understanding of all layers of the TCP/IP protocol. The program mainly involves changing of physical and logical addresses, port checking and computing checksum at the ethernet, network and transport layer.
code - https://github.com/pragya1990/http-forwarder (written in C)
Consider a scenario in which one laptop(say server) is acting as a HTTP forwarder(it has access to the internet by WLAN) for another laptop(say client, which is not connected to the internet) and both laptops are connected to each other by LAN.
Steps while sending a packet :
1) Sending --> (in the child process)listen at eth1 and if destination port == 80 , then modify packet - (a) write destination ip and source port in router.txt (b) change source IP, source and destination mac addr, checksum (c) inject the modified packet in wlan1 interface using pcap_inject.
2) --> Receiving : (in the parent process)listen to wlan1 and if source ip & destination port number exist in router.txt & source port == 80,then modify packet - (a) change destination ip, source and destination mac addr, checksum. (b) inject the modified packet in eth0 interface using pcap_inject.
The response from the server includes tcp handshake packets(syn, syn-ack, ack) and one "http get" request.
Consider a scenario in which one laptop(say server) is acting as a HTTP forwarder(it has access to the internet by WLAN) for another laptop(say client, which is not connected to the internet) and both laptops are connected to each other by LAN.
Steps while sending a packet :
1) Sending --> (in the child process)listen at eth1 and if destination port == 80 , then modify packet - (a) write destination ip and source port in router.txt (b) change source IP, source and destination mac addr, checksum (c) inject the modified packet in wlan1 interface using pcap_inject.
2) --> Receiving : (in the parent process)listen to wlan1 and if source ip & destination port number exist in router.txt & source port == 80,then modify packet - (a) change destination ip, source and destination mac addr, checksum. (b) inject the modified packet in eth0 interface using pcap_inject.
The response from the server includes tcp handshake packets(syn, syn-ack, ack) and one "http get" request.
Here's the wireshark dump of one such packet sent. (162.254.3.1 is the IP address of the client laptop and 125.252.226.160(some random site)
3 0.000370 162.254.3.1 125.252.226.160 TCP 51442 > http [SYN] Seq=0 Win=5840 Len=0 MSS=1460
5 0.063316 125.252.226.160 162.254.3.1 TCP http > 51442 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
6 0.063568 162.254.3.1 125.252.226.160 TCP 51442 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0
7 0.063996 162.254.3.1 125.252.226.160 HTTP GET / HTTP/1.1
8 0.064114 125.252.226.160 162.254.3.1 TCP http > 51443 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
9 0.064381 162.254.3.1 125.252.226.160 TCP 51443 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0
No comments:
Post a Comment