CODEWITHSUNDEEP
socketsnetwork-programming
Charles
Charles

Reputation: 21

Can I set an arbitrary value for a IP packet's total length?

When I use raw socket to forge a IP packet, it seems that I can set an arbitrary value for its total length without regarding the true size of IP packet.

However, when I use Wireshark to catch the packet, I found the total length has been corrected to be the true size. This really confused me.

Can somebody explain this issue? I will be very grateful for your help.

Thanks.

Upvotes: 0

Views: 1920

Answers (1)

Diego Pino
Diego Pino

Reputation: 11586

When sending a packet larger than its actual size, the additional data in the payload is a chunk of zeroes. That's what in theory you should see on a captured packet of this kind when inspecting it with Wireshark (or tcpdump). For instance:

IP 192.168.0.3.17664 > 178.60.128.48.1: tcp 32
        0x0000:  4500 0064 f0d0 4000 4006 56ab c0a8 0003  E..d..@[email protected].....
        0x0010:  b23c 8030 4500 0001 0000 0000 ff06 dbe4  .<.0E...........
        0x0020:  c0a8 0003 b23c 8030 04d2 0050 0000 0000  .....<.0...P....
        0x0030:  0000 0000 5002 16d0 b3c4 0000 4142 4344  ....P.......ABCD
        0x0040:  4546 4748 494a 4b4c 4d4e 4f50 5152 5354  EFGHIJKLMNOPQRST
        0x0050:  5556 5758 595a 0000 0000 0000 0000 0000  UVWXYZ..........
        0x0060:  0000 0000                                ....

This is TCP packet to google.com (178.60.128.48). The payload is "ABC...XYZ", but the IP's total_length has been manually increased. The result is zero padding in the payload until completing the total length of the packet.

That said, my bet is that the problem is in the sendto system call. This is the call that actually sends a packet on the socket. But this call also sets the total_length of the packet.

ssize_t sendto(int sockfd, const void *buf, size_t len, int flags,
               const struct sockaddr *dest_addr, socklen_t addrlen);

I suspect you have tweaked the packet's total_length field in the IPv4 header, but the len parameter on the sendto call has not been modified, so the packet's total length is overwritten to its original size when is sent.

That's my suspicion but it's hard to tell without checking the code.

Upvotes: 1

Related Questions