windows internet programming part 3.html

黑客培训教程

(which more than likely you will) you can still download version 2.0
for your version of windows from the microsoft website, windows 3.1
unfortunately does not have a 2.0 version microsoft has decided not
to release a 16 bit one. Of course if you have Windows 3.1 what the
fuck are you doing? suddenly springs to mind, oh well, go away. Now
Windows32 systems have Winsock however different versions have varying
amounts of support for raw sockets. All Version 2 stacks have support
for creating ICMP packets using Raw Sockets but Only Windows NT4, 2000
and XP have the capability for creating TCP and UDP packets. D'ont
worry there is still alot of things you can do with ICMP alone if you
use a Win 9x system. Before we go into the programming side of things
we must now cover the IP, ICMP, TCP and UDP protocols in more detail.
If you have read Part 1 of this tutorial you should have a pretty good
idea about how all the protocols work if not thats ok it shouldn't be
too bad and you should be able to understand things, so please read
on for explenations of the Protocols.


3.0 THE INTERNET HEADERS
=======================================

In part 1 we discussed the different Internet protocols and how they
fit together with packets so you should know pretty well how data is
transfered across the internet and understand many of the fields
within the different headers, if you aren't sure or cant quite
remember I suggest you read the first few sections of Part 1 of this
tutorial. Well now that you have a pretty good idea about the different
headers and understand the idea behind them we are going to have to go
into slightly more detail about the different headers and their
respective fields.



3.1 THE IP HEADER
=======================================

   +---------------------------------+--------------------------------+
   |Version |  IHL   |     TOS       |         Total Length           |
   | 4 bits | 4 bits |    8 bits     |            16 bits             |
   +--------+--------+---------------+------+-------------------------+
   |        Identification           |Flags |     Fragment Offset     |
   |            16 bits              |3 bits|         13 bits         |
   +-----------------+---------------+------+-------------------------+
   |  Time to Live   |   Protocol    |        Header Checksum         |
   |      8 bits     |    8 bits     |             16 bits            |
   +-----------------+---------------+--------------------------------+
   |                        Source Address                            |
   |                            32 bits                               |
   +------------------------------------------------------------------+
   |                      Destination Address                         |
   |                            32 bits                               |
   +------------------------------------------------+-----------------+
   |                     Options                    |     Padding     |
   +------------------------------------------------+-----------------+

   FIG 1.0  - Structure of an IP Header


As you can see above the IP header has a total of 14 Fields.

1.  Version
2.  IHL
3.  TOS
4.  Total Length
5.  Identification
6.  Flags
7.  Fragment Offset
8.  Time To Live
9.  Protocol
10. Header Checksum
11. Source Address
12. Destination Address
13. Options
14. Padding


1.  Version		- The version field describes what version of the IP Protocol
			  is being used, we will be using IPv4 because it is more
			  supported and IPv6 is not yet fully implemented.

2.  IHL			- The Internet Header Length (IHL) contains the length of the
			  Internet Header in 32 bit words. Minimum value for a header
			  is 5.

3.  TOS			- The Type Of Servive (TOS) field was designed to tell routers
			  how the packet is to be handled for example so that packets
			  that need to move quickly like streaming audio would have a
			  higher TOS value than other packets so that routers would
			  send them across the network faster. These days most routers
			  do not process the TOS field because it would waste too much
			  of the routers time so we usually just set the TOS field to
			  0.

4.  Total Length 		- This field contains the total size of the Internet Packet
			  including headers and data. Typical IP headers are 20 bytes
			  in size, same with TCP ones, so an Internet Packet with an
			  IP Header, a TCP Header and no data would be 20 + 20 = 40
			  bytes in length, Total Length = 40 Bytes.

5.  Identification		- This field is used to aid in tracking fragmented packets,
			  each fragment has the same ID as the first datagram, the
			  ID's of datagrams following each other is usually
			  incremented, because this value must be unique most
			  applications use there process id to fill in this field.

6.  Flags			- Flags are used with IP to control fragmentation, there are
			  4 flags.


			1-NO FLAGS		       [VALUE = 0x00]

			  Does not specify any fragmentation options

			  		     


			2-MORE FRAGMENT		       [VALUE - 0X01]

			  Means there is more fragments to be
			  recieved after this packet

			  		     


			3-DONT FRAGMENT		       [VALUE = 0X02]

			  Tells the stack not to fragment this packet

			
			4-MORE & DONT		       [VALUE = 0X03]

			  Tells the stack that there are more packets
			  to be recieved after this one and not to
			  fragment it

			  		     


		    NOTE: THE LAST FRAGMENT CANNOT HAVE A FLAG OF 0X01 (MORE FRAG)
			  AS THERE ARE NO OTHER PACKETS TO FOLLOW.



7.  Fragment Offset	- The fragment offset is used for placing different packets
			  in the correct order when reassembling Datagrams. The first
			  fragment must have a value of 0 and the last must be equal
			  to the value of Total Length. Value is measured in units of
			  64 bits (8 octets).

8.  Time To Live	- The Time To Live (TTL) field was created so that if a packet
			  cannot find its destination it will be destroyed rather than
			  travel across the internet indefinately, if packets kept
			  mounting in this fashion it would seriously degrade network
			  performance. Each router that a packet meets decrements the
			  value of the TTL field by one. If the value is decremented
			  to 0 before it reaches its destination the packet will be
			  destroyed and an error sent back to the computer that the
			  packet originated from. If the TTL is set to 0 on creation
			  it will immediately be destroyed.

9.  Protocol		- This field specifies what protocol is being carried in the
			  datagram eg; TCP.

			  The most common values are as follows:

			  IPPROTO_TCP	= TCP
			  IPPROTO_UDP	= UDP
			  IPPROTO_ICMP	= ICMP

			  Other protocols and there values will be specified later.

10. Header Checksum	- The checksum is the size of the Internet Header, it is used
			  to verify the integrity of a packet by comparing the headers
			  size with the value of the checksum. Certain fields in the
			  IP Header change troughout transport such as the TTL field
			  because of this the checksum is recalculated and verified
			  by each router or gateway it encounters.

11. Source Address		- The IP Address of the computer that the packet originated
			  from. In other words if you sent a packet this field would
			  contain your IP Address. This lets the computer being sent
			  the packet know where it came from and where to send a reply.

12. Destination Address 	- The IP Address of the computer that the packet is being sent.
			  Lets routers that the packet meets know where to send the
			  packet to.

13. Options		- Mostly the options aren't filled out and they are very rarely
			  used at all so we wont discuss them very much. There are
			  however 3 interesting options that we will discuss here,
			  they are:

			  1. Loose Source Routing
			  2. Strict Source Routing
			  3. Record Routing.

			  1. Loose Routing
			  
			  Loose Routing allows us to specify the source computer (us)
			  and the destination computer's IP Address's in the IP
			  header along with the address's of a couple of other routers
			  that the packet must travel across between, then we can
			  better control how the packet travels across the internet.

			  2. Strict Routing

			  Strict Routing allows us to specify the source computer (us)
			  and the destination computer's IP Address's in the IP
			  header along with the address's of other routers, the packet
			  then has to travel along this exact route to get to its
			  destination, using this we can route our packets around
			  routers or gateways that are down or not responding, this
			  also means that if you wanted to you could ensure that the
			  packet travels across certain networks and passes certain
			  routers, of course this isn't recommended as you could
			  'accidentaly' bypass security restrictions on some networks
			  by using this method, which is naughty.

			  3. Record Routing

			  Im sure we are all familiar with the traceroute program
			  which uses the ICMP protocol to tell us what routers our
			  packets are traveling trough to get to there destination,
			  record routing can be used ina  similiar way, by setting
			  this option every router that the packet meets places its
			  IP Address into the IP Header, we can then examine the packet
			  and see what IP Address's it contains.

		    NOTE: AN IP HEADER CAN ONLY BE A MAXIMUM OF 60 BYTES LONG AND THE
			  HEADER IS 20 BYTES IN LENGTH, EACH IP ADDRESS IS 4 BYTES IN
			  SIZE SO AN IP HEADER CAN ONLY CONTAIN A MAXIMUM OF 10 IP
			  ADDRESS'S EACH.


14. Padding		- Padding is there to respect the 32 bits boundary, its composed
			  of 0's.



3.2 THE TCP HEADER
=======================================

Well before we get into the TCP header we first have to explain how exactly a TCP connection
is formed between two hosts. The First host sends a TCP packet with one of the fields in the
header set with a value of SYN, this is known as a SYN (synchronise) packet. So what is this
packet synchronising? A potential problem with a TCP connection would be  if a connection was
established between some internet user at home and a shop on the internet, the user views his
details but in the mean time some-1 were to pretend they were that user and the webshop sent
that users details to that person instead of the real user (such as the real users credit
card numbers?). Because of this a thing called an acknowledgement number was created, the
number is defined by the server and the syn packet is used to transmit this number to the
host, both sides of the connection now have the same Acknowledgement number and they are
synchronised! The Acknowledgement number will be contained in all TCP packets troughout this
session and if any packets recieved at either side have a wrong Acknowledgement number then
the packet will be discarded.

The second host will now send another TCP packet this time with a field set to ACK
(Acknowledge) this is known as a SYN_ACK packet. Its purpose is to acknowledge the reception
of the SYN packet.

Once the first host has recieved the SYN_ACK packet it sends one last ACK packet, just to be
sure to be sure.

As you can see this process involves 3 steps.

1. Host sends SYN packet to target start a connection
2. Target sends host an ACK packet saying it recieved the SYN.
3. Host sends target an ACK packet to confirm and connection is established.

Because of these 3 steps the TCP connection is known as the Three-Way-Handshake.



   +---------------------------------+--------------------------------+
   |          Source Port            |       Destination Port         |
   |            16 bits              |           16 bits              |
   +---------------------------------+--------------------------------+
   |                          Sequence Number                         |
   |                              32 bits                             |
   +------------------------------------------------------------------+
   |                      Acknowledgment Number                       |
   |				  32 bits			      |
   +--------+------------+-----------+--------------------------------+
   |D-Offset|  Reserved  | Ctrl Bits |   	   Window               |
   | 4 bits |   6 bits   |   6 bits  |	   16 bits              |
   +--------+------------+-----------+--------------------------------+
   |            Checksum             |        Urgent Pointer          |
   |             16 bits             |            16 bits             |
   +---------------------------------+--------------+-----------------+
   |                     Options                    |     Padding     |
   +------------------------------------------------+-----------------+
   |				Data			      |
   +------------------------------------------------------------------+


   FIG 1.1  - Structure of a TCP Header


There are 12 fields in total in the TCP Header and your Datagram.

1.  Source Port
2.  Destination Port
3.  Sequence Number
4.  Acknowledgement Number
5.  Data Offset
6.  Reserved
7.  Control Bits
8.  Window
9.  Checksum
10. Urgent Pointer
11. Options
12. Padding



1.  Source Port		- The Source port number.

2.  Destination Port	- The Destination port number.

3.  Sequence No.		- The sequence number is used to ensure that segments
			  recieved by a host are from where they claim to be,
			  this prevents people from hijacking connections.

4.  Acknowledgement No. 	- The acknowledgement number to ensure both sides of
			  the connection are authentic, as explained above.

5.  Data Offset		- The Data Offset in the header is expressed in 32 bit
			  words. The default is 5 if you have no options set
			  in the TCP header.

6.  Reserved		- This field is reserved for future use, you must have
			  it set to 0.

7.  Control Bits		- This is the field that contains values such as SYN
			  and ACK. It has a total of 6 values.

    		    	  URG:  Send Urgent Data to destination.
    		    	  ACK:  Acknowledgment of Data.
    			  PSH:  Push Data to destination.
    			  RST:  Reset the connection.