nexmon – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | Random Packet Generator |
| 2 | ----------------------- |
||
| 3 | randpkt is a small utility creates a libpcap trace file full of random packets. |
||
| 4 | You can control the number of packets, the maximum size of each packet, |
||
| 5 | and the type of each packet. It is not build by default, but you |
||
| 6 | can create it in the top-level Wireshark directory by typing: |
||
| 7 | |||
| 8 | make randpkt |
||
| 9 | |||
| 10 | By creating many randomized packets of a certain type, you can |
||
| 11 | test packet sniffers to see how well they handle malformed packets. |
||
| 12 | The sniffer can never trust the data that it sees in the packet because |
||
| 13 | you can always sniff a very bad packet that conforms to no standard. |
||
| 14 | Randpkt produces __very bad__ packets. |
||
| 15 | |||
| 16 | When creating packets of a certain type, randpkt uses a sample |
||
| 17 | packet that is stored internally to randpkt. It uses this as the |
||
| 18 | starting point for your random packets, and then adds extra random |
||
| 19 | bytes to the end of this sample packet. |
||
| 20 | |||
| 21 | For example, if you choose to create random ARP packets, randpkt |
||
| 22 | will create a packet which contains a predetermined Ethernet II header, |
||
| 23 | with the Type field set to ARP. After the Ethernet II header, it will |
||
| 24 | put a random number of bytes with random values. |
||
| 25 | |||
| 26 | Run 'randpkt' with no options to see the usage statement. As of the |
||
| 27 | writing of this text, the usage is: |
||
| 28 | |||
| 29 | Usage: randpkt [-b maxbytes] [-c count] [-t type] filename |
||
| 30 | |||
| 31 | The usage statement produced by randpkt will list the legal types. |
||
| 32 | |||
| 33 | If you choose a maxbytes value that is less than the size of the |
||
| 34 | sample packet, then your packets would contain only the sample |
||
| 35 | packet... not much variance there! Randpkt exits on that condition. |
||
| 36 | |||
| 37 | To add a new packet type to randpkt, you must add information |
||
| 38 | in the following locations. |
||
| 39 | |||
| 40 | 1) Add the packet type name to the enum of produceable packets: |
||
| 41 | |||
| 42 | /* Types of produceable packets */ |
||
| 43 | enum { |
||
| 44 | PKT_ARP, |
||
| 45 | PKT_ETHERNET, |
||
| 46 | PKT_FDDI, |
||
| 47 | PKT_LLC, |
||
| 48 | PKT_TR |
||
| 49 | }; |
||
| 50 | |||
| 51 | |||
| 52 | 2) Type in the bytes from your sample packet |
||
| 53 | |||
| 54 | /* Ethernet, indicating ARP */ |
||
| 55 | guint8 pkt_arp[] = { |
||
| 56 | 0xff, 0xff, 0xff, 0xff, |
||
| 57 | 0xff, 0xff, 0x00, 0x00, |
||
| 58 | 0x32, 0x25, 0x0f, 0xff, |
||
| 59 | 0x08, 0x06 |
||
| 60 | }; |
||
| 61 | |||
| 62 | |||
| 63 | 3) Add a record to the 'examples' array. The fields are |
||
| 64 | 1. Abbreviation (for use in '-t' command line argument) |
||
| 65 | 2. Full name (for use in usage statement) |
||
| 66 | 3. Enum type |
||
| 67 | 4. Array holding sample packet |
||
| 68 | 5. Wiretap encapsulation type of datalink layer in your |
||
| 69 | sample packet |
||
| 70 | 6. Length of sample packet. Use the handy array_length() |
||
| 71 | macro to avoid counting the bytes yourself. |
||
| 72 | |||
| 73 | |||
| 74 | pkt_example examples[] = { |
||
| 75 | { "arp", |
||
| 76 | "Address Resolution Protocol", |
||
| 77 | PKT_ARP, |
||
| 78 | pkt_arp, |
||
| 79 | WTAP_ENCAP_ETHERNET, |
||
| 80 | array_length(pkt_arp) }, |
||
| 81 | |||
| 82 | { "eth", |
||
| 83 | "Ethernet", |
||
| 84 | PKT_ETHERNET, |
||
| 85 | NULL, |
||
| 86 | WTAP_ENCAP_ETHERNET, |
||
| 87 | |||
| 88 | }; |
||
| 89 | |||
| 90 | Note that packets that designate only their datalink type have no sample |
||
| 91 | arrays, since the only thing that needs to be set is the datalink type, |
||
| 92 | which is a field in the libpcap frame record; it's not a part of the |
||
| 93 | packet itself. |
||
| 94 | |||
| 95 | Enjoy! |