Tilted Forum Project Discussion Community

Tilted Forum Project Discussion Community (https://thetfp.com/tfp/)
-   Tilted Technology (https://thetfp.com/tfp/tilted-technology/)
-   -   802.3 Frame Decoding (https://thetfp.com/tfp/tilted-technology/40706-802-3-frame-decoding.html)

Fallon 01-06-2004 03:28 PM
802.3 Frame Decoding
 
So, my teacher today gave our class an assignment to capture a ARP packet, then manually decode it. He told us to search the net for a form to decode it. I searched through one of my important classes for a stupid form but could not find a damn thing. I dunno if I'm not lookin in the right place, but does anyone know where I can get one? Thanks.

kel 01-06-2004 06:30 PM
http://www.inetdaemon.com/tutorials/lan/arp.html
Code:
TRANSMISSION LAYER for 802.x protocols


                      1      2      3      3      4
        0      7      5      3      1      9      7
      +------------------------------------------------+
      |          Destination MAC Address              |
      +------------------------------------------------+
      |            Source MAC Address                  |
      +---------------+--------------------------------+
      | Protocol Type |
      +-------+-------+
ARP
PACKET                1      2      3      3      4
DATA    0      7      5      3      1      9      7
      +---------------+---------------+----------------+
      |      HRD      |      PRO      |  HLN  |  PLN  |
      +---------------+---------------+----------------+
      |      OP      |      SHA ...
      +------------------------------------------------+
      |      SPA ...
      +------------------------------------------------+
      |      THA ...
      +------------------------------------------------+
      |      TPA ...
      +------------------------------------------------+
      |      SHA ...

Ethernet transmission layer
(not necessarily accessible to the user):
  DESTINATION    48.bit: Destination Address
  SOURCE          48.bit: Source Address
  PROTOCOL TYPE  16.bit: Protocol type
                          (set to ARP).

Ethernet packet data:
HRD  16.bit: Hardware address space
              (e.g., Ethernet, Packet Radio Net.)
PRO  16.bit: Protocol address space. 
              For Ethernet hardware, this is from
              the set of type fields ether_typ$.
HLN    8.bit: Hardware Address Length (0-255 Bytes)
PLN    8.bit: Protocol Address Length (0-255 Bytes)
OP    16.bit: Opcode: either request or reply
SHA  nbytes: Sender Hardware Address (this packet),
              n from the HLN field.
SPA  mbytes: Sender Protocol Address (this packet),
              m from the PLN field.
THA  nbytes: Target Hardware Address (this packet),
              (if known).
TPA  mbytes: Target Protocol Address
Also see ftp://ftp.isi.edu/in-notes/rfc826.txt for the RFC that defines ARP packets.

Pragma 01-06-2004 06:31 PM
www.ethereal.com has a lot of information on packet decoding.

It also has (I believe) the struct definitions for ARP packets (look under the randpkt section, they detail exactly how to create random packets that conform to whatever struct you pass them).

Sounds like an interesting project, though. :D

Fallon 01-06-2004 06:50 PM
This is simple and it's only manual decoding by hand. In another class next year, we have to make a client-server program and our own protocol I believe, without talking to other classmates about stuff really...so ya.. =p

kel 01-06-2004 06:55 PM
Protocol shmotocol. If your writing on top of TCP then anything is a breeze.


All times are GMT -8. The time now is 06:15 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76