Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^2: udp recv question

by smackdab (Pilgrim)
on Jun 28, 2004 at 01:46 UTC ( #370075=note: print w/ replies, xml ) Need Help??


in reply to Re: udp recv question
in thread udp recv question

Thanks, NetPacket::ICMP looks great and I know I will need to decode the ICMP packet once I can figure out how to recv() it...

My question is a UDP->ICMP question.

I am sending out a UDP packet, which in the examples I have seen is valid and my example works correctly (when viewed from a sniffer type product).

When a UDP port isn't available on the remote machine a ICMP unreachable packet is sent back.

I can't figure out how to "read" that packet...and that is my question.


Comment on Re^2: udp recv question
Re^3: udp recv question
by tachyon (Chancellor) on Jun 28, 2004 at 02:50 UTC

    You really don't want to code this yourself. Here is a trivial example for interest sake only. It shows you how to build a packet (and its checksum) and that you do get data back which as you can see it is encoded in a binary packet format.

    use IO::Socket; use constant ICMP_ECHO => 8; use constant SUBCODE => 0; # No ICMP subcode for ECHO and ECHOR +EPLY use constant ICMP_STRUCT => "C2 n3 A64"; my $icmp = IO::Socket::INET->new( PeerAddr => 'perlmonks.org', Proto=>'icmp' ); print "Got socket\n"; my $data = '1'x64; my $seq = 1; my $checksum = 0; my $msg = pack(ICMP_STRUCT, ICMP_ECHO, SUBCODE, $checksum, $$, $seq, $ +data); $checksum = checksum($msg); my $msg = pack(ICMP_STRUCT, ICMP_ECHO, SUBCODE, $checksum, $$, $seq, $ +data); print "Sending: $msg\n"; $icmp->send($msg); $icmp->recv(my $buf, 1500); print "Got: $buf"; print "Done\n"; sub checksum { my ($msg ) = @_; my $len_msg = length($msg); my $num_short = int($len_msg / 2); my $chk = 0; for my $short (unpack("n$num_short", $msg)) { $chk += $short; } $chk += (unpack("C", substr($msg, $len_msg - 1, 1)) << 8) if $len_ms +g % 2; $chk = ($chk >> 16) + ($chk & 0xffff); return(~(($chk >> 16) + $chk) & 0xffff); }

    cheers

    tachyon

      I VERY MUCH APPRECIATE YOUR COMMENTS.

      I can also be quite dense on some of these matters...but:
      I am NOT trying to SEND an ICMP packet.
      I AM trying to see if a remote UDP port is "open"
      My assumption has been to send a UDP packet out
      and if the port is CLOSED, then I get a ICMP error msg back
      Otherwise I know the remote port is OPEN...

      The code above sends an UDP packet out and an ICMP error msg is sent back. But I DON'T know how to grab it. I tried reading on the UDP and ICMP sockets but neither *seem* to have it.

      Are you saying that I need to send an ICMP packet out???

      Again, sorry if I am missing something completely obvious ;-)
        Yes, he is telling you that.

        Taken from the RFC 768

        The UDP protocol provides a procedure for application programs to send messages to other programs with a minimum of protocol mechanism. The protocol is transaction oriented, and delivery and duplicate protection are not guaranteed. Applications requiring ordered reliable delivery of streams of data should use the Transmission Control Protocol (TCP).

        You need to read up on port scanning. UDP is connectionless ie you can't see if a port is open by seeing if you can connect a socket to it, you have to send some data and check for a response.

        Port scanning usually means scanning for TCP ports, which are connection-oriented and therefore give good feedback to the attacker. UDP, or connection-less traffic, responds in a different manner. In order to find UDP ports, the attacker generally sends empty UDP datagrams at the port. If the port is listening, the service will send back an error message or ignore the incoming datagram. If the port is closed, then the operating system sends back an "ICMP Port Unreachable" message.

        Note that UDP packets may be dropped by all manner of devices along the way (so you get no response). The response, if it is coming, will arrive on the socket you sent the probe out on as shown. You have to send some sort of valid(ish) UDP packet to incite a response from the server.

        NetworkInfo::Discovery::Scan does what you want and you can pull code from there.

        cheers

        tachyon

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://370075]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (5)
As of 2014-07-24 05:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (157 votes), past polls