Avidity Software

I've recently decided to forgo writing all the low level details of packet creation and manipulation and instead take full advantage of the fantastic libnet library. This has many benefits, including not reinventing the wheel, using a library that's already been debugged and tested through use in many applications, and progress will just be much faster. :) The only reason I wanted to do the low level stuff myself was to learn from it, but I feel I've got a good handle on it already, and having looked through the libnet source code, it's VERY clean and readable. If I wanna know how they did something, I can easily find out. Ya gotta love open source. :)

So having decided this, I started using libnet's packet building functions instead of building the packet myself and just using libnet's libnet_write() function to put it on the wire. After getting by my ignorance, things fell into place. Note to self: when working with libnet, you need to build the packet top down instead of bottom up, (TCP header, then the IP header, then the ethernet header). So at the moment, I'm sending probe packets on ranges of IP addresses, however I still need to add the code to get the replies or lack thereof back.

I also found a link to a really good Powerpoint presentation about the latest incarnation of the libnet library that can be found here.

So I've recently made a small breakthrough on the scanning side of things. I've managed to send raw ARP requests and sniff the replies off the wire. The nice thing about this is that I no longer need to hard code MAC addresses for my target hosts into my code. W00t! This has larger implications as it verifies that the actual packet sniffing functions in libnet don't block, so I can start sniffing and call the packet processing functions that DO block at a convenient time, or maybe a different thread? Good food for thought! This also lays out the basic structure of the code I need to write to send a SYN packet and wait for the reply.

I've also been thinking of how to start integrating this network code into my wxWidgets code for the VNCAdmin rewrite. It feels awkward since the wxWidgets code is nice and tidy in their C++ classes, however the network code is some down and dirty C splattered all over the place. Oh well, we'll get there.

For the past few weeks I've been delving as deeply as I can into TCP/IP coding, especially dealing with raw sockets and raw packet data. It's terribly interesting. My first epiphany was that a packet coming off the network card is just a string of characters, (unsigned chars). To make working with this string easier, you can map it directly to C structures which allows you to fill in the specific fields of the packet and shoot it off to the wire. This also works in reverse for reading and getting data out of the packets. Excellent!

So now I'm reading and writing the raw packets I need to be able to send any kind of scan I want, (SYN, FIN, etc), but I need to be able to read the right ones! I can send a SYN packet to a machine, but I need to get the reply back, whether it be a SYN/ACK or a RST or any other possibilities. Using the libpcap library I can capture/filter packets easily, however it seems the library functions for capturing block program execution like a stop light, so I'm thinking that I need to look into spawning a packet filtering thread. Sounds reasonable to me.