Home
Log in

Articles tagged #parsing

Crafting ICMP-bearing IPv4 packets with the help of bitvec
Dec 12, 2019
clock icon 1 hour 21 min #networking · #icmp · #rust · #ip · #parsing

So. Serializing IPv4 packets. Easy? Well, not exactly.

IPv4 was annoying to parse, because we had 3-bit integers, and 13-bit integers, and who knows what else. Serializing it is going to be exactly the same.

Right now, we don't have a way to serialize that.

Let's take the version and ihl fields, both of which are supposed to take 4 bits, together making a byte. We could serialize them like this:

Read more
Crafting ARP packets to find a remote host's MAC address
Dec 12, 2019
clock icon 35 min #networking · #rust · #win32 · #ffi · #arp · #ethernet · #parsing

Alright. ALRIGHT. I know, we're all excited, but let's think about what we're doing again.

So we've managed to look at real network traffic and parse it completely. We've also taken some ICMP packets, parsed them, and then serialized them right back and we got the exact same result.

So I know what you're thinking - let's just move our way down the stack again - stuff that ICMP packet in an IP packet, then in an Ethernet frame, and then serialize the whole thing.

Read more
Parsing and serializing ICMP packets with cookie-factory.
Dec 12, 2019
clock icon 42 min #networking · #icmp · #rust · #ip · #parsing

In the last part, we've finally parsed some IPv4 packets. We even found a way to filter only IPv4 packets that contain ICMP packets.

There's one thing we haven't done though, and that's verify their checksum. Folks could be sending us invalid IPv4 packets and we'd be parsing them like a fool!

This series is getting quite long, so let's jump right into it.

Read more
Parsing IPv4 packets, including numbers smaller than bytes
Nov 21, 2019
clock icon 36 min #networking · #icmp · #rust · #ip · #parsing

Hello and welcome to Part 11 of this series, wherein we finally use some of the code I prototyped way back when I was planning this series.

Where are we standing?

Let's review the progress we've made in the first 10 parts: first, we've started thinking about what it takes for computers to communicate. Then, we've followed a rough outline of the various standards and protocols that have emerged since the 1970s.

Read more
Consuming Ethernet frames with the nom crate
Nov 05, 2019
clock icon 43 min #networking · #ethernet · #rust · #assembly · #parsing

Now that we've found the best way to find the "default network interface"... what can we do with that interface?

Well, listen for network traffic of course!

Rust code
use rawsock::open_best_library;
use std::time::Instant;

fn main() -> Result<(), Error> {
    let lib = open_best_library()?;

    let iface_name = format!(r#"\Device\NPF_{}"# netinfodefault_nic_guid?
     iface = libiface_name?

    

    
     start = 
    iface |packet| 
        
            
            startelapsed
            packetlen
        
    ?
Read more

Go back to the homepage.