Skip to content

Sniffer - ICMP v1.0
Compare
Choose a tag to compare
@kl3ssydra kl3ssydra released this 22 Oct 20:52
· 1 commit to main since this release
Sniffer_ICMP
0c629f0
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

  • To be able to read from the raw socket the reply, use instead of IPPROTO_RAW - IPPROTO_ICMP: socket (AF_INET, SOCK_RAW, IPPROTO_ICMP);

  • Do not "cook" IP-header - delete that code. Thus, with IPPROTO_ICMP the application is in charge only for ICMP packet, header and data, not for the IPheader.

  • "Cook" and add only ICMP, whereas kernel will add IPv4 header by itself.

  • Remove setsockopt() IP_HDRINCL since we are not "cooking" the IP-header

  • When receiving, though, we are getting the whole IP packet and must extract the
    ICMP reply.

  • Note, that you get a copy of all ICMP packets sent to the host and should filter
    the relevant.

  • Check the sent ICMP packet in Wireshark. If the checksum is not correct (zero),
    you missed to remove IP-header offset in ICMP-header checksum copying or
    calculations.


image

Assets 3
Loading