I need to send this with tcp.

May 3, 2012 at 10:13 PM

So I heard this wrapper would be suitable for raw sockets work and is able to spoof ips and more . What I am trying to do is send an http "GET" request over a tcp connection with a spoofed ip . On a web browser I captured using wire shark and this is what I got :

2 0.703830000 192.168.1.3 120.85.143.100 TCP 66 64674 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
3 0.780141000 120.85.143.100 192.168.1.3 TCP 66 http > 64674 [SYN, ACK] Seq=0 Ack=1 Win=14300 Len=0 MSS=1430 SACK_PERM=1 WS=64
4 0.780265000 192.168.1.3 120.85.143.100 TCP 54 64674 > http [ACK] Seq=1 Ack=1 Win=17160 Len=0
5 0.780772000 192.168.1.3 120.85.143.100 HTTP 1307 GET /myrequest HTTP/1.1
6 0.845900000 120.85.143.100 192.168.1.3 TCP 60 http > 64674 [ACK] Seq=1 Ack=1254 Win=16832 Len=0
7 0.872040000 120.85.143.100 192.168.1.3 HTTP 466 HTTP/1.1 204 No Content
8 1.069792000 192.168.1.3 120.85.143.100 TCP 54 64674 > http [ACK] Seq=1254 Ack=413 Win=16748 Len=0

(the ip that I send the request to is just a sample ip)

 

SEQ is always the same first its 0 and then 1 this is why its possible to send and spoof the ip . But I am not sure how to implement this with pcap.net , I want on each request a unique IP to be generate and send the http request with a spoofed ip using VB.net and this wrapper.

Coordinator
May 4, 2012 at 7:51 AM

Hi codeplexor,

 

I suggest you take a look at BuildHttpPacket() in the Sending Packets part of the user guide.

 

I believe that Wireshark gives you the logical sequence number of the TCP and not the actual sequence number and that's why you always get 0 and 1.

You can disable that Wireshark feature so it would give you the actual sequence number.

 

I hope this helps,

 

Boaz.

May 4, 2012 at 5:14 PM
Edited May 4, 2012 at 6:35 PM

Hmm When I tried the example from the user guide everything complied right but seems like nothing is being sent according to wireshark ....

May 4, 2012 at 11:36 PM
brickner wrote:

Hi codeplexor,

 

I suggest you take a look at BuildHttpPacket() in the Sending Packets part of the user guide.

 

I believe that Wireshark gives you the logical sequence number of the TCP and not the actual sequence number and that's why you always get 0 and 1.

You can disable that Wireshark feature so it would give you the actual sequence number.

 

I hope this helps,

 

Boaz.

 

Oh and I was wrong about the sequence numbers . Wireshark automatically converts the sequence number into a relative number. So it's not *really* starting at 0.

But I am still wondering how to send those http requests , It seems like I can't see any being sent from using the example in user guide

Coordinator
May 5, 2012 at 8:12 PM

Did you run the full example and didn't see any packets being sent?

It worked when I've tried it... Are you sure you call SendPacket() on the HTTP packet and you're using the right device and also sniffing it using Wireshark?

 

Boaz.

May 12, 2012 at 11:14 PM

I left the network device code that's why it didn't send anything .

 

I have another question . How can I send http headers with the packets ? like user agent , accept , keep-alive and more ... ?

Coordinator
May 13, 2012 at 10:17 AM

Use HttpLayer.

You can add an HttpHeader using the HttpLayer.Header property.

 

I hope this helps,

 

Boaz.