Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Custom packet injection through routers 2

Status
Not open for further replies.
Khoeth

Khoeth

Technical User
Mar 8, 2005
7
US
Hello,
I'm new to the forum. I am trying to further my self education in the area of TCP/IP protocol in order to gain a better understanding of it, but I'm stumped by a question that I cannot seem to get an answer to. Here is the hypothetical situation: my computer (booting linux) is behind a rouer. computer B is also behind a router. I'm using my favorite custom packet injection tool (nemesis, packit, etc.) to test various system's reactions to different custom packets and sniffing the 'conversation' with ethereal. Assuming the program I'm using has no limitations and can configure every piece of a packet, how would I send a packet (the type is of little concern to me in this situation) to Computer B (behind the router) instead of simply sending my packet to computer B's router? In the ethereal readout, the IP header shows source and destination IP addresses in the form "Source = xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) Destination = yyy.yyy.yyy.yyy (yyy.yyy.yyy.yyy). I thought I might accomplish my goal by setting the Destination IP header to read (for example) 20.147.3.68 (192.168.1.100), but all examples of IP headers use only the IP address of the computer behind the network in both, or the router for both. If anyone can shed some insight into this issue, I would be very appreciative. It is safe to assume I have a secure grasp of TCP/IP protocol in any explaination.

Khoeth Mora
patton525@hotmail.com
 
Sort by date Sort by votes
I think that you are confusing Ethereal's display with the packet header. The value in parenthesis from Ethereal's display is the DNS lookup value of the given IP address. Your addresses are either not resolvable, or you have name resolution turned off.

The reason that you don't see the actual IP address of the destination device is that that device is using Network Address Translation (NAT). The 192.168.x.x address is not resolvable on the Internet, so the router's resolvable address is used for all packets. The router at the remote end remembers each connection that has been established and rewrites the packet header as the incoming and outgoing packets arrive, so that the RFC 1918 address (192.168.1.100 in your example) can be reached from the Internet.

You would have to establish some static NAT translations on Computer B's Router in order for any unsolicited connection requests to arrive at Computer B.


pansophic
 
Upvote 0 Downvote
thanks for the help, that clears up a good deal. Can you expand on the idea of establishing static NAT translations on computer B's router (unless these answers can be found in RFC 1918, which I am about to read). I would also be very appreciative if you pointed me in the direction of some technical information regarding the manipulation of two way traffic by routers (specifics rather then concepts). thank you very much for the assistance, you've made this ordeal easier on me.

feel free to Contact me at patton525@hotmail.com
 
Upvote 0 Downvote
The static routes need to be established by the administrator that operates computer B's router. RFC 1918 pertains to non-resolvable IP address blocks that can be used for private network assignment.

NAT allows many computers to use a few IP addresses. Static routes are established to allow computers that are behind a router or firewall that is performing NAT to be accessible for inbound connections over the Internet. A specific port associated with the resolvable IP address is defined to be translated to a specific RFC 1918 address on a specific port. The ports do not have to be the same, and the IP addresses are never the same.

Without static route definitions, none of the computers behind a NAT'd router are directly accessible for incoming connections.

As far as the manipulations are concerned, they are very simple. On outgoing packets, the Source IP address is rewritten from the RFC 1918 address to the resolvable address. Generally the port isn't rewritten unless some other computer has already consumed that port.

On incoming packets, the destination IP address is rewritten, and if necessary, the port is rewritten.

There is a state table in the router that maintains a socket (IP address and associated port) to socket association for every active connection.


pansophic
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DWheater
  • Locked
  • Question
FTP through Back to Back Firewalls
Replies
0
Views
109
DWheater
DWheater
TheFaz_
  • Locked
  • Question
Sending udp packets from fpga to the computer using Lwip tcp/ip stack using C programming
Replies
0
Views
563
TheFaz_
TheFaz_
lagg
  • Locked
  • Question
Packet loss and timeout
Replies
1
Views
149
chieftan
chieftan
Pushpat
  • Locked
  • Question
send trap to ipnetwork through snmptrap command
Replies
0
Views
122
Pushpat
Pushpat
Pushpat
  • Locked
  • Question
send trap to ipnetwork through snmptrap command
Replies
0
Views
121
Pushpat
Pushpat

Part and Inventory Search

Sponsor

Back
Top