Tilted Forum Project Discussion Community

- Tilted Technology (https://thetfp.com/tfp/tilted-technology/)

- - 802.3 Frame Decoding (https://thetfp.com/tfp/tilted-technology/40706-802-3-frame-decoding.html)

802.3 Frame Decoding

So, my teacher today gave our class an assignment to capture a ARP packet, then manually decode it. He told us to search the net for a form to decode it. I searched through one of my important classes for a stupid form but could not find a damn thing. I dunno if I'm not lookin in the right place, but does anyone know where I can get one? Thanks.

http://www.inetdaemon.com/tutorials/lan/arp.html

Code:

TRANSMISSION LAYER for 802.x protocols





                       1       2       3       3       4

        0      7       5       3       1       9       7

       +------------------------------------------------+

       |          Destination MAC Address               |

       +------------------------------------------------+

       |            Source MAC Address                  |

       +---------------+--------------------------------+

       | Protocol Type | 

       +-------+-------+

ARP 

PACKET                 1       2       3       3       4

DATA    0      7       5       3       1       9       7

       +---------------+---------------+----------------+

       |      HRD      |      PRO      |  HLN  |   PLN  |

       +---------------+---------------+----------------+

       |      OP       |      SHA ...

       +------------------------------------------------+

       |      SPA ...

       +------------------------------------------------+

       |      THA ...

       +------------------------------------------------+

       |      TPA ...

       +------------------------------------------------+

       |      SHA ...



Ethernet transmission layer 

(not necessarily accessible to the user):

  DESTINATION     48.bit: Destination Address

  SOURCE          48.bit: Source Address

  PROTOCOL TYPE   16.bit: Protocol type

                          (set to ARP).



Ethernet packet data:

HRD   16.bit: Hardware address space 

              (e.g., Ethernet, Packet Radio Net.)

PRO   16.bit: Protocol address space.  

              For Ethernet hardware, this is from

              the set of type fields ether_typ$.

HLN    8.bit: Hardware Address Length (0-255 Bytes)

PLN    8.bit: Protocol Address Length (0-255 Bytes)

OP    16.bit: Opcode: either request or reply

SHA   nbytes: Sender Hardware Address (this packet), 

              n from the HLN field.

SPA   mbytes: Sender Protocol Address (this packet), 

              m from the PLN field.

THA   nbytes: Target Hardware Address (this packet),

              (if known).

TPA   mbytes: Target Protocol Address

Also see ftp://ftp.isi.edu/in-notes/rfc826.txt for the RFC that defines ARP packets.

www.ethereal.com has a lot of information on packet decoding.

It also has (I believe) the struct definitions for ARP packets (look under the randpkt section, they detail exactly how to create random packets that conform to whatever struct you pass them).

Sounds like an interesting project, though. :D

This is simple and it's only manual decoding by hand. In another class next year, we have to make a client-server program and our own protocol I believe, without talking to other classmates about stuff really...so ya.. =p

Protocol shmotocol. If your writing on top of TCP then anything is a breeze.