SlideShare a Scribd company logo

#!binbash# Decode a UDP packet raw binary dataDonelet offs=40.pdf

A
aesalem06

#!/bin/bash # Decode a UDP packet raw binary dataDone let offs=40 declare -i ws declare -i end declare -i rmndr declare -i byteval declare -i bitws NetworkOrder16Bit() { ws=`hexdump -s $offs -n 1 -e \'1/1 \"%u\"\' test2.pkts` ((offs+=1)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e \'1/1 \"%u\"\' test2.pkts` ((offs+=1)) ((ws+=byteval)) } NetworkOrder32Bit() { ws=`hexdump -s $offs -n 1 -e \'1/1 \"%u\"\' test2.pkts` ((offs+=1)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e \'1/1 \"%u\"\' test2.pkts` ((offs+=1)) ((ws+=byteval)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e \'1/1 \"%u\"\' test2.pkts` ((offs+=1)) ((ws+=byteval)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e \'1/1 \"%u\"\' test2.pkts` ((offs+=1)) ((ws+=byteval)) } echo echo end=$offs+74 #Start with the destination MAC address hexdump -s $offs -n 6 -e \'\"Ether Dest: \" 5/1 \"%02x:\" 1/1 \"%02x\ \"\' test2.pkts ((offs+=6)) # Then the source hexdump -s $offs -n 6 -e \'\"Ether Src: \" 5/1 \"%02x:\" 1/1 \"%02x\ \"\' test2.pkts ((offs+=6)) # Next is the packet type, but its in network byte order so we can\'t # use \'1/2 \"%04x\"\' - we may be run on a system with another byte order and you\'ll # get different output hexdump -s $offs -n 2 -e \'\"Ether Type: \" 2/1 \"%02x\" \"\ \"\' test2.pkts ((offs+=2)) # IP header # Get the version/len value into a variable we can do arithmetic with byteval=`hexdump -s $offs -n 1 -e \'1/1 \"%u\"\' test2.pkts` ((offs+=1)) # The most significant 4 bits are the IP version ((bitws=byteval&0xF0)) ((bitws/=16)) echo \"IP Version: $bitws\" # Least significant 4 bits are the header length ((bitws=byteval&0x0F)) ((bitws*=4)) echo \"Header Length: $bitws\" # Type of service byteval=`hexdump -s $offs -n 1 -e \'1/1 \"%u\"\' test2.pkts` ((offs+=1)) # Precedence ((bitws=byteval&0xE0)) ((bitws/=32)) echo \"Precedence: $bitws\" # Delay ((bitws=byteval&0x10)) if (( bitws )) then echo \"Minimize delay\" fi # Throughput ((bitws=byteval&0x08)) if (( bitws )) then echo \"High throughput\" fi # Reliability ((bitws=byteval&0x08)) if (( bitws )) then echo \"High reliability\" fi # Cost ((bitws=byteval&0x08)) if (( bitws )) then echo \"Minimize cost\" fi # Message length - in network byte order NetworkOrder16Bit echo \"Message Length: $ws\" # ID hexdump -s $offs -n 2 -e \'\"ID: \" 2/1 \"%02x\" \"\ \"\' test2.pkts ((offs+=2)) # Flags byteval=`hexdump -s $offs -n 1 -e \'1/1 \"%u\"\' test2.pkts` ((offs+=1)) # DF ((bitws=byteval&0x40)) if (( bitws != 0)) then echo \"Don\'t fragment\" else # More fragments ((bitws=byteval&0x20)) if (( bitws )) then echo \"More fragments\" fi # Fragment number ((ws=bitws&0x1F)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e \'1/1 \"%u\"\' test2.pkts` ((ws+=byteval)) echo \"Fragment number: $ws\" fi ((offs+=1)) hexdump -s $offs -n 1 -e \'\"TTL: \" 1/1 \"%u\ \"\' test2.pkts ((offs+=1)) hexdump -s $offs -n 1 -e \'\"Protocol: \" 1/1 \"%u\ \"\' test2.pkts ((offs+=1)) hexdump -s $offs -n 2 -e \'\"Header checksum: \" 2/1 \"%02x\" \"\ \"\' test2.pkts ((offs.

Education
1 of 12
Download to read offline
#!/bin/bash # Decode a UDP packet raw binary dataDone let offs=40 declare -i ws declare -i end declare -i rmndr declare -i byteval declare -i bitws NetworkOrder16Bit() { ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) } NetworkOrder32Bit() { ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) } echo echo end=$offs+74
#Start with the destination MAC address hexdump -s $offs -n 6 -e '"Ether Dest: " 5/1 "%02x:" 1/1 "%02x "' test2.pkts ((offs+=6)) # Then the source hexdump -s $offs -n 6 -e '"Ether Src: " 5/1 "%02x:" 1/1 "%02x "' test2.pkts ((offs+=6)) # Next is the packet type, but its in network byte order so we can't # use '1/2 "%04x"' - we may be run on a system with another byte order and you'll # get different output hexdump -s $offs -n 2 -e '"Ether Type: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) # IP header # Get the version/len value into a variable we can do arithmetic with byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # The most significant 4 bits are the IP version ((bitws=byteval&0xF0)) ((bitws/=16)) echo "IP Version: $bitws" # Least significant 4 bits are the header length ((bitws=byteval&0x0F)) ((bitws*=4)) echo "Header Length: $bitws" # Type of service byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # Precedence ((bitws=byteval&0xE0)) ((bitws/=32)) echo "Precedence: $bitws" # Delay ((bitws=byteval&0x10)) if (( bitws )) then echo "Minimize delay" fi
# Throughput ((bitws=byteval&0x08)) if (( bitws )) then echo "High throughput" fi # Reliability ((bitws=byteval&0x08)) if (( bitws )) then echo "High reliability" fi # Cost ((bitws=byteval&0x08)) if (( bitws )) then echo "Minimize cost" fi # Message length - in network byte order NetworkOrder16Bit echo "Message Length: $ws" # ID hexdump -s $offs -n 2 -e '"ID: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) # Flags byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # DF ((bitws=byteval&0x40)) if (( bitws != 0)) then echo "Don't fragment" else # More fragments ((bitws=byteval&0x20)) if (( bitws ))
then echo "More fragments" fi # Fragment number ((ws=bitws&0x1F)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((ws+=byteval)) echo "Fragment number: $ws" fi ((offs+=1)) hexdump -s $offs -n 1 -e '"TTL: " 1/1 "%u "' test2.pkts ((offs+=1)) hexdump -s $offs -n 1 -e '"Protocol: " 1/1 "%u "' test2.pkts ((offs+=1)) hexdump -s $offs -n 2 -e '"Header checksum: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) hexdump -s $offs -n 4 -e '"Source IP Addr: " 3/1 "%02u." 1/1 "%02u "' test2.pkts ((offs+=4)) hexdump -s $offs -n 4 -e '"Dest IP Addr: " 3/1 "%02u." 1/1 "%02u "' test2.pkts ((offs+=4)) # TCP header NetworkOrder16Bit echo "Source Port: $ws" NetworkOrder16Bit echo "Dest Port: $ws" hexdump -s $offs -n 4 -e '"Sequence Number: " 4/1 "%02x" " "' test2.pkts ((offs+=4)) hexdump -s $offs -n 4 -e '"ACK Number: " 4/1 "%02x" " "' test2.pkts ((offs+=4)) ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws/=16)) ((ws*=4)) echo "Header Length: $ws" byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts`
((offs+=1)) ((bitws=byteval&0x80)) echo -n "Flags: " if (( bitws )) then echo -n "CWR " fi ((bitws=byteval&0x80)) if (( bitws )) then echo -n "CWR " fi ((bitws=byteval&0x40)) if (( bitws )) then echo -n "ECN " fi ((bitws=byteval&0x20)) if (( bitws )) then echo -n "URG " fi ((bitws=byteval&0x10)) if (( bitws )) then echo -n "ACK " fi ((bitws=byteval&0x08)) if (( bitws )) then echo -n "PSH " fi ((bitws=byteval&0x04)) if (( bitws )) then echo -n "RES "
fi ((bitws=byteval&0x02)) if (( bitws )) then echo -n "SYN " fi ((bitws=byteval&0x01)) if (( bitws )) then echo -n "FIN " fi echo NetworkOrder16Bit echo "Window Size: $ws" hexdump -s $offs -n 2 -e '"Checksum: " 2/1 "%02x" " "' test2.pkts ((offs+=1)) # Some more of the packet echo echo hexdump -s $offs -n 128 -C test2.pkts echo echo Solution #!/bin/bash # Decode a UDP packet raw binary dataDone let offs=40 declare -i ws declare -i end declare -i rmndr declare -i byteval declare -i bitws NetworkOrder16Bit() { ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1))
((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) } NetworkOrder32Bit() { ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) } echo echo end=$offs+74 #Start with the destination MAC address hexdump -s $offs -n 6 -e '"Ether Dest: " 5/1 "%02x:" 1/1 "%02x "' test2.pkts ((offs+=6)) # Then the source hexdump -s $offs -n 6 -e '"Ether Src: " 5/1 "%02x:" 1/1 "%02x "' test2.pkts ((offs+=6)) # Next is the packet type, but its in network byte order so we can't # use '1/2 "%04x"' - we may be run on a system with another byte order and you'll # get different output hexdump -s $offs -n 2 -e '"Ether Type: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) # IP header
# Get the version/len value into a variable we can do arithmetic with byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # The most significant 4 bits are the IP version ((bitws=byteval&0xF0)) ((bitws/=16)) echo "IP Version: $bitws" # Least significant 4 bits are the header length ((bitws=byteval&0x0F)) ((bitws*=4)) echo "Header Length: $bitws" # Type of service byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # Precedence ((bitws=byteval&0xE0)) ((bitws/=32)) echo "Precedence: $bitws" # Delay ((bitws=byteval&0x10)) if (( bitws )) then echo "Minimize delay" fi # Throughput ((bitws=byteval&0x08)) if (( bitws )) then echo "High throughput" fi # Reliability ((bitws=byteval&0x08)) if (( bitws )) then echo "High reliability" fi
# Cost ((bitws=byteval&0x08)) if (( bitws )) then echo "Minimize cost" fi # Message length - in network byte order NetworkOrder16Bit echo "Message Length: $ws" # ID hexdump -s $offs -n 2 -e '"ID: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) # Flags byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # DF ((bitws=byteval&0x40)) if (( bitws != 0)) then echo "Don't fragment" else # More fragments ((bitws=byteval&0x20)) if (( bitws )) then echo "More fragments" fi # Fragment number ((ws=bitws&0x1F)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((ws+=byteval)) echo "Fragment number: $ws" fi ((offs+=1)) hexdump -s $offs -n 1 -e '"TTL: " 1/1 "%u "' test2.pkts
((offs+=1)) hexdump -s $offs -n 1 -e '"Protocol: " 1/1 "%u "' test2.pkts ((offs+=1)) hexdump -s $offs -n 2 -e '"Header checksum: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) hexdump -s $offs -n 4 -e '"Source IP Addr: " 3/1 "%02u." 1/1 "%02u "' test2.pkts ((offs+=4)) hexdump -s $offs -n 4 -e '"Dest IP Addr: " 3/1 "%02u." 1/1 "%02u "' test2.pkts ((offs+=4)) # TCP header NetworkOrder16Bit echo "Source Port: $ws" NetworkOrder16Bit echo "Dest Port: $ws" hexdump -s $offs -n 4 -e '"Sequence Number: " 4/1 "%02x" " "' test2.pkts ((offs+=4)) hexdump -s $offs -n 4 -e '"ACK Number: " 4/1 "%02x" " "' test2.pkts ((offs+=4)) ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws/=16)) ((ws*=4)) echo "Header Length: $ws" byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((bitws=byteval&0x80)) echo -n "Flags: " if (( bitws )) then echo -n "CWR " fi ((bitws=byteval&0x80)) if (( bitws )) then echo -n "CWR " fi
((bitws=byteval&0x40)) if (( bitws )) then echo -n "ECN " fi ((bitws=byteval&0x20)) if (( bitws )) then echo -n "URG " fi ((bitws=byteval&0x10)) if (( bitws )) then echo -n "ACK " fi ((bitws=byteval&0x08)) if (( bitws )) then echo -n "PSH " fi ((bitws=byteval&0x04)) if (( bitws )) then echo -n "RES " fi ((bitws=byteval&0x02)) if (( bitws )) then echo -n "SYN " fi ((bitws=byteval&0x01)) if (( bitws )) then echo -n "FIN " fi echo
NetworkOrder16Bit echo "Window Size: $ws" hexdump -s $offs -n 2 -e '"Checksum: " 2/1 "%02x" " "' test2.pkts ((offs+=1)) # Some more of the packet echo echo hexdump -s $offs -n 128 -C test2.pkts echo echo

Recommended

Laziness in Swift
Laziness in Swift Laziness in Swift
Laziness in Swift
SwiftWro
 
lldb – Debugger auf Abwegen
lldb – Debugger auf Abwegenlldb – Debugger auf Abwegen
lldb – Debugger auf Abwegen
inovex GmbH
 
Super Advanced Python –act1
Super Advanced Python –act1Super Advanced Python –act1
Super Advanced Python –act1
Ke Wei Louis
 
M12 random forest-part01
M12 random forest-part01M12 random forest-part01
M12 random forest-part01
Raman Kannan
 
Error Control in Multimedia Communications using Wireless Sensor Networks report
Error Control in Multimedia Communications using Wireless Sensor Networks reportError Control in Multimedia Communications using Wireless Sensor Networks report
Error Control in Multimedia Communications using Wireless Sensor Networks report
Muragesh Kabbinakantimath
 
20141106 asfws unicode_hacks
20141106 asfws unicode_hacks20141106 asfws unicode_hacks
20141106 asfws unicode_hacks
Cyber Security Alliance
 
Adventures In Data Compilation
Adventures In Data CompilationAdventures In Data Compilation
Adventures In Data Compilation
Naughty Dog
 
Ruby 1.9
Ruby 1.9Ruby 1.9
Ruby 1.9
guestaef7ea
 

Recommended

Laziness in Swift
Laziness in Swift Laziness in Swift
Laziness in Swift
SwiftWro
 
lldb – Debugger auf Abwegen
lldb – Debugger auf Abwegenlldb – Debugger auf Abwegen
lldb – Debugger auf Abwegen
inovex GmbH
 
Super Advanced Python –act1
Super Advanced Python –act1Super Advanced Python –act1
Super Advanced Python –act1
Ke Wei Louis
 
M12 random forest-part01
M12 random forest-part01M12 random forest-part01
M12 random forest-part01
Raman Kannan
 
Error Control in Multimedia Communications using Wireless Sensor Networks report
Error Control in Multimedia Communications using Wireless Sensor Networks reportError Control in Multimedia Communications using Wireless Sensor Networks report
Error Control in Multimedia Communications using Wireless Sensor Networks report
Muragesh Kabbinakantimath
 
20141106 asfws unicode_hacks
20141106 asfws unicode_hacks20141106 asfws unicode_hacks
20141106 asfws unicode_hacks
Cyber Security Alliance
 
Adventures In Data Compilation
Adventures In Data CompilationAdventures In Data Compilation
Adventures In Data Compilation
Naughty Dog
 
Ruby 1.9
Ruby 1.9Ruby 1.9
Ruby 1.9
guestaef7ea
 
Yg byev2e
Yg byev2eYg byev2e
Yg byev2e
longphi2812
 
Aprils fool 2014
Aprils fool 2014Aprils fool 2014
Aprils fool 2014
bijan_
 
DataTypes.ppt
DataTypes.pptDataTypes.ppt
DataTypes.ppt
RithikRaj25
 
Stupid Awesome Python Tricks
Stupid Awesome Python TricksStupid Awesome Python Tricks
Stupid Awesome Python Tricks
Bryan Helmig
 
Ns2programs
Ns2programsNs2programs
Ns2programs
Meenakshi Devi
 
MH prediction modeling and validation in r (2) classification 190709
MH prediction modeling and validation in r (2) classification 190709MH prediction modeling and validation in r (2) classification 190709
MH prediction modeling and validation in r (2) classification 190709
Min-hyung Kim
 
Programming Lisp Clojure - 2장 : 클로저 둘러보기
Programming Lisp Clojure - 2장 : 클로저 둘러보기Programming Lisp Clojure - 2장 : 클로저 둘러보기
Programming Lisp Clojure - 2장 : 클로저 둘러보기
JangHyuk You
 
Oh Composable World!
Oh Composable World!Oh Composable World!
Oh Composable World!
Brian Lonsdorf
 
Htdp05
Htdp05Htdp05
Htdp05
Kyungryul KIM
 
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Mozaic Works
 
Advanced Data Visualization in R- Somes Examples.
Advanced Data Visualization in R- Somes Examples.Advanced Data Visualization in R- Somes Examples.
Advanced Data Visualization in R- Somes Examples.
Dr. Volkan OBAN
 
Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)
Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)
Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)
MongoSF
 
第13回数学カフェ「素数!!」二次会 LT資料「乱数!!」
第13回数学カフェ「素数!!」二次会 LT資料「乱数!!」第13回数学カフェ「素数!!」二次会 LT資料「乱数!!」
第13回数学カフェ「素数!!」二次会 LT資料「乱数!!」
Ken'ichi Matsui
 
Lập trình Python cơ bản
Lập trình Python cơ bảnLập trình Python cơ bản
Lập trình Python cơ bản
Nguyen Thi Lan Phuong
 
PHP 7 – What changed internally?
PHP 7 – What changed internally?PHP 7 – What changed internally?
PHP 7 – What changed internally?
Nikita Popov
 
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
RootedCON
 
Introduction aux Macros
Introduction aux MacrosIntroduction aux Macros
Introduction aux Macros
univalence
 
Session07 recursion
Session07 recursionSession07 recursion
Session07 recursion
HarithaRanasinghe
 
PyCon2009_AI_Alt
PyCon2009_AI_AltPyCon2009_AI_Alt
PyCon2009_AI_Alt
Hiroshi Ono
 
JavaSE7 Launch Event: Java7xGroovy
JavaSE7 Launch Event: Java7xGroovyJavaSE7 Launch Event: Java7xGroovy
JavaSE7 Launch Event: Java7xGroovy
Yasuharu Nakano
 
Youd only need SOCl2 So d then na .pdf
Youd only need SOCl2 So d then na .pdf Youd only need SOCl2 So d then na .pdf
Youd only need SOCl2 So d then na .pdf
aesalem06
 
you can see the difference bw IE5 and IE6 is ver.pdf
you can see the difference bw IE5 and IE6 is ver.pdf you can see the difference bw IE5 and IE6 is ver.pdf
you can see the difference bw IE5 and IE6 is ver.pdf
aesalem06
 

More Related Content

Similar to #!binbash# Decode a UDP packet raw binary dataDonelet offs=40.pdf

Aprils fool 2014
Aprils fool 2014Aprils fool 2014
Aprils fool 2014
bijan_
 
Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)
Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)
Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)
MongoSF
 
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
RootedCON
 
Introduction aux Macros
Introduction aux MacrosIntroduction aux Macros
Introduction aux Macros
univalence
 
PyCon2009_AI_Alt
PyCon2009_AI_AltPyCon2009_AI_Alt
PyCon2009_AI_Alt
Hiroshi Ono
 
JavaSE7 Launch Event: Java7xGroovy
JavaSE7 Launch Event: Java7xGroovyJavaSE7 Launch Event: Java7xGroovy
JavaSE7 Launch Event: Java7xGroovy
Yasuharu Nakano
 

Similar to #!binbash# Decode a UDP packet raw binary dataDonelet offs=40.pdf (20)

Yg byev2e
Yg byev2eYg byev2e
Yg byev2e
 
Aprils fool 2014
Aprils fool 2014Aprils fool 2014
Aprils fool 2014
 
DataTypes.ppt
DataTypes.pptDataTypes.ppt
DataTypes.ppt
 
Stupid Awesome Python Tricks
Stupid Awesome Python TricksStupid Awesome Python Tricks
Stupid Awesome Python Tricks
 
Ns2programs
Ns2programsNs2programs
Ns2programs
 
MH prediction modeling and validation in r (2) classification 190709
MH prediction modeling and validation in r (2) classification 190709MH prediction modeling and validation in r (2) classification 190709
MH prediction modeling and validation in r (2) classification 190709
 
Programming Lisp Clojure - 2장 : 클로저 둘러보기
Programming Lisp Clojure - 2장 : 클로저 둘러보기Programming Lisp Clojure - 2장 : 클로저 둘러보기
Programming Lisp Clojure - 2장 : 클로저 둘러보기
 
Oh Composable World!
Oh Composable World!Oh Composable World!
Oh Composable World!
 
Htdp05
Htdp05Htdp05
Htdp05
 
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
Stefan Kanev: Clojure, ClojureScript and Why They're Awesome at I T.A.K.E. Un...
 
Advanced Data Visualization in R- Somes Examples.
Advanced Data Visualization in R- Somes Examples.Advanced Data Visualization in R- Somes Examples.
Advanced Data Visualization in R- Somes Examples.
 
Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)
Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)
Map/reduce, geospatial indexing, and other cool features (Kristina Chodorow)
 
第13回数学カフェ「素数!!」二次会 LT資料「乱数!!」
第13回数学カフェ「素数!!」二次会 LT資料「乱数!!」第13回数学カフェ「素数!!」二次会 LT資料「乱数!!」
第13回数学カフェ「素数!!」二次会 LT資料「乱数!!」
 
Lập trình Python cơ bản
Lập trình Python cơ bảnLập trình Python cơ bản
Lập trình Python cơ bản
 
PHP 7 – What changed internally?
PHP 7 – What changed internally?PHP 7 – What changed internally?
PHP 7 – What changed internally?
 
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
 
Introduction aux Macros
Introduction aux MacrosIntroduction aux Macros
Introduction aux Macros
 
Session07 recursion
Session07 recursionSession07 recursion
Session07 recursion
 
PyCon2009_AI_Alt
PyCon2009_AI_AltPyCon2009_AI_Alt
PyCon2009_AI_Alt
 
JavaSE7 Launch Event: Java7xGroovy
JavaSE7 Launch Event: Java7xGroovyJavaSE7 Launch Event: Java7xGroovy
JavaSE7 Launch Event: Java7xGroovy
 

More from aesalem06

The yield to maturity (YTM) is the measure of bonds rate of return t.pdf
The yield to maturity (YTM) is the measure of bonds rate of return t.pdfThe yield to maturity (YTM) is the measure of bonds rate of return t.pdf
The yield to maturity (YTM) is the measure of bonds rate of return t.pdf
aesalem06
 
TDS (Total Dissolved Solids ) is a measure of the combined content o.pdf
TDS (Total Dissolved Solids ) is a measure of the combined content o.pdfTDS (Total Dissolved Solids ) is a measure of the combined content o.pdf
TDS (Total Dissolved Solids ) is a measure of the combined content o.pdf
aesalem06
 
Meiosis, inheritance and variationThe uniqueness and similarities.pdf
Meiosis, inheritance and variationThe uniqueness and similarities.pdfMeiosis, inheritance and variationThe uniqueness and similarities.pdf
Meiosis, inheritance and variationThe uniqueness and similarities.pdf
aesalem06
 
Inter-Process-Communication (or IPC for short) are mechanisms provid.pdf
Inter-Process-Communication (or IPC for short) are mechanisms provid.pdfInter-Process-Communication (or IPC for short) are mechanisms provid.pdf
Inter-Process-Communication (or IPC for short) are mechanisms provid.pdf
aesalem06
 
imple cellular phones that do very little over voice and text line o.pdf
imple cellular phones that do very little over voice and text line o.pdfimple cellular phones that do very little over voice and text line o.pdf
imple cellular phones that do very little over voice and text line o.pdf
aesalem06
 

More from aesalem06 (20)

Youd only need SOCl2 So d then na .pdf
Youd only need SOCl2 So d then na .pdf Youd only need SOCl2 So d then na .pdf
Youd only need SOCl2 So d then na .pdf
 
you can see the difference bw IE5 and IE6 is ver.pdf
you can see the difference bw IE5 and IE6 is ver.pdf you can see the difference bw IE5 and IE6 is ver.pdf
you can see the difference bw IE5 and IE6 is ver.pdf
 
they have the same vapour pressure .pdf
they have the same vapour pressure .pdf they have the same vapour pressure .pdf
they have the same vapour pressure .pdf
 
The elements As, Sb and Bi show no tendency to fo.pdf
The elements As, Sb and Bi show no tendency to fo.pdf The elements As, Sb and Bi show no tendency to fo.pdf
The elements As, Sb and Bi show no tendency to fo.pdf
 
taking the distance from point P in water for len.pdf
taking the distance from point P in water for len.pdf taking the distance from point P in water for len.pdf
taking the distance from point P in water for len.pdf
 
PH3 Phosphine H3N ammonia H3PO2 Hypophosphorus.pdf
PH3 Phosphine H3N ammonia H3PO2 Hypophosphorus.pdf PH3 Phosphine H3N ammonia H3PO2 Hypophosphorus.pdf
PH3 Phosphine H3N ammonia H3PO2 Hypophosphorus.pdf
 
order is 3 and it is a linear .pdf
order is 3 and it is a linear .pdf order is 3 and it is a linear .pdf
order is 3 and it is a linear .pdf
 
Nope. When an atom is ionized it only affects the.pdf
Nope. When an atom is ionized it only affects the.pdf Nope. When an atom is ionized it only affects the.pdf
Nope. When an atom is ionized it only affects the.pdf
 
L2^12 .pdf
L2^12 .pdf L2^12 .pdf
L2^12 .pdf
 
HOCl (aq) + HCI(aq) - H2O(l) + Cl2 (g) 6Cl2(g) +.pdf
HOCl (aq) + HCI(aq) - H2O(l) + Cl2 (g) 6Cl2(g) +.pdf HOCl (aq) + HCI(aq) - H2O(l) + Cl2 (g) 6Cl2(g) +.pdf
HOCl (aq) + HCI(aq) - H2O(l) + Cl2 (g) 6Cl2(g) +.pdf
 
In Atmospehere Pressure = 105760 = 0.138 Atmo.pdf
In Atmospehere Pressure = 105760 = 0.138 Atmo.pdf In Atmospehere Pressure = 105760 = 0.138 Atmo.pdf
In Atmospehere Pressure = 105760 = 0.138 Atmo.pdf
 
H2SO4 is a strong electrolyte. It dissociates alm.pdf
H2SO4 is a strong electrolyte. It dissociates alm.pdf H2SO4 is a strong electrolyte. It dissociates alm.pdf
H2SO4 is a strong electrolyte. It dissociates alm.pdf
 
DE is positive in exothermic reactions .pdf
DE is positive in exothermic reactions .pdf DE is positive in exothermic reactions .pdf
DE is positive in exothermic reactions .pdf
 
The yield to maturity (YTM) is the measure of bonds rate of return t.pdf
The yield to maturity (YTM) is the measure of bonds rate of return t.pdfThe yield to maturity (YTM) is the measure of bonds rate of return t.pdf
The yield to maturity (YTM) is the measure of bonds rate of return t.pdf
 
TDS (Total Dissolved Solids ) is a measure of the combined content o.pdf
TDS (Total Dissolved Solids ) is a measure of the combined content o.pdfTDS (Total Dissolved Solids ) is a measure of the combined content o.pdf
TDS (Total Dissolved Solids ) is a measure of the combined content o.pdf
 
magnesium oxide + water = magnesium hydroxideMgO (s) + H2O (l) =.pdf
magnesium oxide + water = magnesium hydroxideMgO (s) + H2O (l) =.pdfmagnesium oxide + water = magnesium hydroxideMgO (s) + H2O (l) =.pdf
magnesium oxide + water = magnesium hydroxideMgO (s) + H2O (l) =.pdf
 
Meiosis, inheritance and variationThe uniqueness and similarities.pdf
Meiosis, inheritance and variationThe uniqueness and similarities.pdfMeiosis, inheritance and variationThe uniqueness and similarities.pdf
Meiosis, inheritance and variationThe uniqueness and similarities.pdf
 
Inter-Process-Communication (or IPC for short) are mechanisms provid.pdf
Inter-Process-Communication (or IPC for short) are mechanisms provid.pdfInter-Process-Communication (or IPC for short) are mechanisms provid.pdf
Inter-Process-Communication (or IPC for short) are mechanisms provid.pdf
 
B)120.0° note So3 is sp2-hybridized and adopts .pdf
B)120.0° note So3 is sp2-hybridized and adopts .pdf B)120.0° note So3 is sp2-hybridized and adopts .pdf
B)120.0° note So3 is sp2-hybridized and adopts .pdf
 
imple cellular phones that do very little over voice and text line o.pdf
imple cellular phones that do very little over voice and text line o.pdfimple cellular phones that do very little over voice and text line o.pdf
imple cellular phones that do very little over voice and text line o.pdf
 

Recently uploaded

會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
中 央社
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
CaitlinCummins3
 
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaPersonalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
EADTU
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
中 央社
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
AnaAcapella
 
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sean M. Fox
 

Recently uploaded (20)

會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
 
OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsOSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems
 
SURVEY I created for uni project research
SURVEY I created for uni project researchSURVEY I created for uni project research
SURVEY I created for uni project research
 
PSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptxPSYPACT- Practicing Over State Lines May 2024.pptx
PSYPACT- Practicing Over State Lines May 2024.pptx
 
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes GuàrdiaPersonalisation of Education by AI and Big Data - Lourdes Guàrdia
Personalisation of Education by AI and Big Data - Lourdes Guàrdia
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdfFICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
FICTIONAL SALESMAN/SALESMAN SNSW 2024.pdf
 
Mattingly "AI & Prompt Design: Named Entity Recognition"
Mattingly "AI & Prompt Design: Named Entity Recognition"Mattingly "AI & Prompt Design: Named Entity Recognition"
Mattingly "AI & Prompt Design: Named Entity Recognition"
 
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文會考英文
 
VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 
ANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptxANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptx
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
male presentation...pdf.................
male presentation...pdf.................male presentation...pdf.................
male presentation...pdf.................
 
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPSSpellings Wk 4 and Wk 5 for Grade 4 at CAPS
Spellings Wk 4 and Wk 5 for Grade 4 at CAPS
 
Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
 
e-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopale-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopal
 
Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptxObserving-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptx
 
Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...
 
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading RoomSternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
Sternal Fractures & Dislocations - EMGuidewire Radiology Reading Room
 

#!binbash# Decode a UDP packet raw binary dataDonelet offs=40.pdf

  • 1. #!/bin/bash # Decode a UDP packet raw binary dataDone let offs=40 declare -i ws declare -i end declare -i rmndr declare -i byteval declare -i bitws NetworkOrder16Bit() { ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) } NetworkOrder32Bit() { ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) } echo echo end=$offs+74
  • 2. #Start with the destination MAC address hexdump -s $offs -n 6 -e '"Ether Dest: " 5/1 "%02x:" 1/1 "%02x "' test2.pkts ((offs+=6)) # Then the source hexdump -s $offs -n 6 -e '"Ether Src: " 5/1 "%02x:" 1/1 "%02x "' test2.pkts ((offs+=6)) # Next is the packet type, but its in network byte order so we can't # use '1/2 "%04x"' - we may be run on a system with another byte order and you'll # get different output hexdump -s $offs -n 2 -e '"Ether Type: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) # IP header # Get the version/len value into a variable we can do arithmetic with byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # The most significant 4 bits are the IP version ((bitws=byteval&0xF0)) ((bitws/=16)) echo "IP Version: $bitws" # Least significant 4 bits are the header length ((bitws=byteval&0x0F)) ((bitws*=4)) echo "Header Length: $bitws" # Type of service byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # Precedence ((bitws=byteval&0xE0)) ((bitws/=32)) echo "Precedence: $bitws" # Delay ((bitws=byteval&0x10)) if (( bitws )) then echo "Minimize delay" fi
  • 3. # Throughput ((bitws=byteval&0x08)) if (( bitws )) then echo "High throughput" fi # Reliability ((bitws=byteval&0x08)) if (( bitws )) then echo "High reliability" fi # Cost ((bitws=byteval&0x08)) if (( bitws )) then echo "Minimize cost" fi # Message length - in network byte order NetworkOrder16Bit echo "Message Length: $ws" # ID hexdump -s $offs -n 2 -e '"ID: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) # Flags byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # DF ((bitws=byteval&0x40)) if (( bitws != 0)) then echo "Don't fragment" else # More fragments ((bitws=byteval&0x20)) if (( bitws ))
  • 4. then echo "More fragments" fi # Fragment number ((ws=bitws&0x1F)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((ws+=byteval)) echo "Fragment number: $ws" fi ((offs+=1)) hexdump -s $offs -n 1 -e '"TTL: " 1/1 "%u "' test2.pkts ((offs+=1)) hexdump -s $offs -n 1 -e '"Protocol: " 1/1 "%u "' test2.pkts ((offs+=1)) hexdump -s $offs -n 2 -e '"Header checksum: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) hexdump -s $offs -n 4 -e '"Source IP Addr: " 3/1 "%02u." 1/1 "%02u "' test2.pkts ((offs+=4)) hexdump -s $offs -n 4 -e '"Dest IP Addr: " 3/1 "%02u." 1/1 "%02u "' test2.pkts ((offs+=4)) # TCP header NetworkOrder16Bit echo "Source Port: $ws" NetworkOrder16Bit echo "Dest Port: $ws" hexdump -s $offs -n 4 -e '"Sequence Number: " 4/1 "%02x" " "' test2.pkts ((offs+=4)) hexdump -s $offs -n 4 -e '"ACK Number: " 4/1 "%02x" " "' test2.pkts ((offs+=4)) ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws/=16)) ((ws*=4)) echo "Header Length: $ws" byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts`
  • 5. ((offs+=1)) ((bitws=byteval&0x80)) echo -n "Flags: " if (( bitws )) then echo -n "CWR " fi ((bitws=byteval&0x80)) if (( bitws )) then echo -n "CWR " fi ((bitws=byteval&0x40)) if (( bitws )) then echo -n "ECN " fi ((bitws=byteval&0x20)) if (( bitws )) then echo -n "URG " fi ((bitws=byteval&0x10)) if (( bitws )) then echo -n "ACK " fi ((bitws=byteval&0x08)) if (( bitws )) then echo -n "PSH " fi ((bitws=byteval&0x04)) if (( bitws )) then echo -n "RES "
  • 6. fi ((bitws=byteval&0x02)) if (( bitws )) then echo -n "SYN " fi ((bitws=byteval&0x01)) if (( bitws )) then echo -n "FIN " fi echo NetworkOrder16Bit echo "Window Size: $ws" hexdump -s $offs -n 2 -e '"Checksum: " 2/1 "%02x" " "' test2.pkts ((offs+=1)) # Some more of the packet echo echo hexdump -s $offs -n 128 -C test2.pkts echo echo Solution #!/bin/bash # Decode a UDP packet raw binary dataDone let offs=40 declare -i ws declare -i end declare -i rmndr declare -i byteval declare -i bitws NetworkOrder16Bit() { ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1))
  • 7. ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) } NetworkOrder32Bit() { ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws+=byteval)) } echo echo end=$offs+74 #Start with the destination MAC address hexdump -s $offs -n 6 -e '"Ether Dest: " 5/1 "%02x:" 1/1 "%02x "' test2.pkts ((offs+=6)) # Then the source hexdump -s $offs -n 6 -e '"Ether Src: " 5/1 "%02x:" 1/1 "%02x "' test2.pkts ((offs+=6)) # Next is the packet type, but its in network byte order so we can't # use '1/2 "%04x"' - we may be run on a system with another byte order and you'll # get different output hexdump -s $offs -n 2 -e '"Ether Type: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) # IP header
  • 8. # Get the version/len value into a variable we can do arithmetic with byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # The most significant 4 bits are the IP version ((bitws=byteval&0xF0)) ((bitws/=16)) echo "IP Version: $bitws" # Least significant 4 bits are the header length ((bitws=byteval&0x0F)) ((bitws*=4)) echo "Header Length: $bitws" # Type of service byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # Precedence ((bitws=byteval&0xE0)) ((bitws/=32)) echo "Precedence: $bitws" # Delay ((bitws=byteval&0x10)) if (( bitws )) then echo "Minimize delay" fi # Throughput ((bitws=byteval&0x08)) if (( bitws )) then echo "High throughput" fi # Reliability ((bitws=byteval&0x08)) if (( bitws )) then echo "High reliability" fi
  • 9. # Cost ((bitws=byteval&0x08)) if (( bitws )) then echo "Minimize cost" fi # Message length - in network byte order NetworkOrder16Bit echo "Message Length: $ws" # ID hexdump -s $offs -n 2 -e '"ID: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) # Flags byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) # DF ((bitws=byteval&0x40)) if (( bitws != 0)) then echo "Don't fragment" else # More fragments ((bitws=byteval&0x20)) if (( bitws )) then echo "More fragments" fi # Fragment number ((ws=bitws&0x1F)) ((ws*=256)) byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((ws+=byteval)) echo "Fragment number: $ws" fi ((offs+=1)) hexdump -s $offs -n 1 -e '"TTL: " 1/1 "%u "' test2.pkts
  • 10. ((offs+=1)) hexdump -s $offs -n 1 -e '"Protocol: " 1/1 "%u "' test2.pkts ((offs+=1)) hexdump -s $offs -n 2 -e '"Header checksum: " 2/1 "%02x" " "' test2.pkts ((offs+=2)) hexdump -s $offs -n 4 -e '"Source IP Addr: " 3/1 "%02u." 1/1 "%02u "' test2.pkts ((offs+=4)) hexdump -s $offs -n 4 -e '"Dest IP Addr: " 3/1 "%02u." 1/1 "%02u "' test2.pkts ((offs+=4)) # TCP header NetworkOrder16Bit echo "Source Port: $ws" NetworkOrder16Bit echo "Dest Port: $ws" hexdump -s $offs -n 4 -e '"Sequence Number: " 4/1 "%02x" " "' test2.pkts ((offs+=4)) hexdump -s $offs -n 4 -e '"ACK Number: " 4/1 "%02x" " "' test2.pkts ((offs+=4)) ws=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((ws/=16)) ((ws*=4)) echo "Header Length: $ws" byteval=`hexdump -s $offs -n 1 -e '1/1 "%u"' test2.pkts` ((offs+=1)) ((bitws=byteval&0x80)) echo -n "Flags: " if (( bitws )) then echo -n "CWR " fi ((bitws=byteval&0x80)) if (( bitws )) then echo -n "CWR " fi
  • 11. ((bitws=byteval&0x40)) if (( bitws )) then echo -n "ECN " fi ((bitws=byteval&0x20)) if (( bitws )) then echo -n "URG " fi ((bitws=byteval&0x10)) if (( bitws )) then echo -n "ACK " fi ((bitws=byteval&0x08)) if (( bitws )) then echo -n "PSH " fi ((bitws=byteval&0x04)) if (( bitws )) then echo -n "RES " fi ((bitws=byteval&0x02)) if (( bitws )) then echo -n "SYN " fi ((bitws=byteval&0x01)) if (( bitws )) then echo -n "FIN " fi echo
  • 12. NetworkOrder16Bit echo "Window Size: $ws" hexdump -s $offs -n 2 -e '"Checksum: " 2/1 "%02x" " "' test2.pkts ((offs+=1)) # Some more of the packet echo echo hexdump -s $offs -n 128 -C test2.pkts echo echo