Angry Kitchen Appliances

Site Map
You are here:  Home > Software > Unix > README for ip_decoder

 README


ip_decoder

Reads a, possibly truncated, IP packet from standard input (as blank or
newline separated hex format bytes) and outputs a decoded description
of the IP packet.

The intended use is to decode the first 48 bytes of the IP packet that
that triggered the last connection as displayed by the D-Link DI-106
ISDN router in Menu 24.1.

2000-01-30, Göran Larsson, http://www.mitt-eget.com

Version: 0.4 alpha.

Compile using an ISO/ANSI compiler.
  gcc -Wall -pedantic -ansi -o ip_decoder ip_decoder.c
  acc -Xa -o ip_decoder ip_decoder.c

NOTE: All paths through the program has not been tested.
      Bugs may still live here.

Example of DNS lookup:

---------------
|$ ip_decoder
|Enter IP packet as hex bytes separated by blanks or newlines.
|End with ^d after last line.
|45 00 00 46 C3 6E 00 00 3B 11 5A A1 C0 A8 0A 01 82 EB 14 03 00 35 00 35
|00 32 00 00 4C 0A 00 00 00 01 00 00 00 00 00 00 03 77 77 77 06 61 76 61
|^D
|Decoded IP packet:
| IP header
|  Protocol              = 17 UDP
|  Source address        = 192.168.10.1
|  Destination address   = 130.235.20.3
| UDP
|  Source port           = 53 DOMAIN (dns)
|  Destination port      = 53 DOMAIN (dns)
|  Data:
|   4C 0A 00 00 00 01 00 00 00 00 00 00 03 77 77 77   |L            www|
|   06 61 76 61                                       | ava|
|$ ip_decoder -v
|Enter IP packet as hex bytes separated by blanks or newlines.
|End with ^d after last line.
|45 00 00 46 C3 6E 00 00 3B 11 5A A1 C0 A8 0A 01 82 EB 14 03 00 35 00 35
|00 32 00 00 4C 0A 00 00 00 01 00 00 00 00 00 00 03 77 77 77 06 61 76 61
|^D
|IP packet:
| 45 00 00 46 C3 6E 00 00 3B 11 5A A1 C0 A8 0A 01   |E  F n  ; Z     |
| 82 EB 14 03 00 35 00 35 00 32 00 00 4C 0A 00 00   |     5 5 2  L   |
| 00 01 00 00 00 00 00 00 03 77 77 77 06 61 76 61   |         www ava|
|
|Decoded IP packet:
| IP header
|  Version               = 4
|  Header length         = 5 (20 bytes)
|  Type of service       = 0x0
|  Total length          = 70
|  Identification        = 50030
|  Fragment offset flags = 0
|  Fragment offset       = 0
|  Time to live          = 59
|  Protocol              = 17 UDP
|  Checksum              = 23201
|  Source address        = 192.168.10.1
|  Destination address   = 130.235.20.3
| UDP
|  Source port           = 53 DOMAIN
|  Destination port      = 53 DOMAIN
|  Length                = 50
|  Checksum              = 0
|  Data:
|   4C 0A 00 00 00 01 00 00 00 00 00 00 03 77 77 77   |L            www|
|   06 61 76 61                                       | ava|
|$
---------------

Example of NNTP:

---------------
|$ ip_decoder -v
|Enter IP packet as hex bytes separated by blanks or newlines.
|End with ^d after last line.
|45 00 00 35 1E 55 00 00 3B 06 22 19 C0 A8 0A 01 C0 47 B4 64 0A 3F 00 77
|34 EF 36 91 C8 8A 77 E9 50 18 10 00 54 8F 00 00 48 45 41 44 20 37 36 31
|^D
|IP packet:
| 45 00 00 35 1E 55 00 00 3B 06 22 19 C0 A8 0A 01   |E  5 U  ; "     |
| C0 47 B4 64 0A 3F 00 77 34 EF 36 91 C8 8A 77 E9   | G d ? w4 6   w |
| 50 18 10 00 54 8F 00 00 48 45 41 44 20 37 36 31   |P   T   HEAD 761|
|
|Decoded IP packet:
| IP header
|  Version               = 4
|  Header length         = 5 (20 bytes)
|  Type of service       = 0x0
|  Total length          = 53
|  Identification        = 7765
|  Fragment offset flags = 0
|  Fragment offset       = 0
|  Time to live          = 59
|  Protocol              = 6 TCP
|  Checksum              = 8729
|  Source address        = 192.168.10.1
|  Destination address   = 192.71.180.100
| TCP
|  Source port           = 2623 ?
|  Destination port      = 119 NNTP/USENET
|  Sequence number       = 888092305
|  Acknowledgement nmbr  = 888092305
|  Data offset           = 5
|  Flags                 = 0x18
|  Window                = 4096
|  Checksum              = 21647
|  Urgent pointer        = 0
|  Data:
|   48 45 41 44 20 37 36 31                           |HEAD 761|
|$
---------------

Example of PING:

---------------
|$ ip_decoder
|Enter IP packet as hex bytes separated by blanks or newlines.
|End with ^d after last line.
|45 00 00 54 F2 88 00 00 FE 01 8A CA C0 A8 0A 01 C0 47 B4 64 08 00 0B 72
|46 CA 00 00 38 95 80 AD 00 04 01 7A 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13
|^D
|Decoded IP packet:
| IP header
|  Protocol              = 1 ICMP
|  Source address        = 192.168.10.1
|  Destination address   = 192.71.180.100
| ICMP
|  Type of message       = 8 Echo request
|  Type sub code         = 0 N/A
|$ ip_decoder -v
|Enter IP packet as hex bytes separated by blanks or newlines.
|End with ^d after last line.
|45 00 00 54 F2 88 00 00 FE 01 8A CA C0 A8 0A 01 C0 47 B4 64 08 00 0B 72
|46 CA 00 00 38 95 80 AD 00 04 01 7A 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13
|^D
|IP packet:
| 45 00 00 54 F2 88 00 00 FE 01 8A CA C0 A8 0A 01   |E  T            |
| C0 47 B4 64 08 00 0B 72 46 CA 00 00 38 95 80 AD   | G d   rF   8   |
| 00 04 01 7A 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13   |   z            |
|
|Decoded IP packet:
| IP header
|  Version               = 4
|  Header length         = 5 (20 bytes)
|  Type of service       = 0x0
|  Total length          = 84
|  Identification        = 62088
|  Fragment offset flags = 0
|  Fragment offset       = 0
|  Time to live          = 254
|  Protocol              = 1 ICMP
|  Checksum              = 35530
|  Source address        = 192.168.10.1
|  Destination address   = 192.71.180.100
| ICMP
|  Type of message       = 8 Echo request
|  Type sub code         = 0 N/A
|  Checksum              = 2930
|$ 
---------------

 Links

Home | Software Repository | Software Repository with Unix programs | Contact me

 

The page has been visited 888888 times since 2002-10-30.
Last modified 2003-09-14 18:22:19 (built 2008-02-04 23:18:27).
Copyright © 2002-2006 Göran Larsson. All rights reserved.

Powered by Apache Powered by Sun Valid HTML 4.01 Valid CSS