IP packet parsing and flood attack based on IP packet

Source: Internet
Author: User

Version (4bit) Header Length (4bit) Priority and service type (8bit) Total Length (16bit)
Logo (16bit) Logo (3bit) Segmented offset (13bit)
Survival Period (8bit) Protocol (8bit) Header Checksum (16bit)
Source IP address (32bit)
Destination IP address (32bit)
Option (0 or 32bit, if any)
Data (variable)

version The IP version number.
Header length 32-bit Word header length (hlen).
The priority and service type service types describe how datagrams will be processed. The first 3 bits represent the priority level.
The total length includes the header and the packet length of the data.
identifies a unique IP packet value.
flags Indicate if there is data being segmented.
Segment Offset If the packet is too large for a human frame, fragmentation and reassembly are required. The segmentation feature allows for the presence of different size maximum transmission units (MUT) on the Internet.
The Survival Time (TTL) Lifetime is a setting that is built within a packet when it is generated. If the packet does not reach its destination at the time the TTL expires, it will be discarded. This setting prevents IP packets from continually looping through the network when they are looking for a destination.
Port of Protocol upper layer Protocol (TCP is Port 6; UDP is Port 17 (hex)). Network layer protocols such as ARP and ICMP are also supported. In some parsers, the Type field is called. A more detailed description of this field is given below.
The header checksum is only for the Loop redundancy Check (CRC) of the header.
The 32-bit IP address of the sending station for the source IP address .
Destination IP Address The 32-bit IP address of the destination side site of the packet.
options are used for network detection, debugging, security, and more.
The data behind the IP option field is the upper-level data.

Corresponds to the Ippacket class in the Jpcap package: Take a look at the specific document and get the corresponding relationship:

Methods for constructing IPV4 packages

 void
Method Summary
setipv4parameter (Int priority, Boolean  d_flag, Boolean t_flag, Boolean r_flag, Int rsv_tos, Boolean rsv_frag, Boolean dont_ Frag, Boolean more_frag, Int offset, Int ident, Int ttl, Int protocol, java.net.InetAddress  SRC, JAVA.NET.INETADDRESS DST)
           sets the IPv4 parameters

Example: IPP. Setipv4par Ameter (0, False, False, false,0, tr UE, TR UE, FALSE, 4, 1, 255, 230,//230 undefined protocol
New ipaddr ESS (110. 110.17. 101),
New ipaddr ess ("210. 40.7. 149 "));

Version:v4/v6

Priority: Precedence/** (Class) (V4/V6) */
public byte priority;

Service Type settings: D_FLAG-IP flag bit: [D]elay indicates a lower latency requirement

T_FLAG-IP flag bit: [T]hrough indicates higher throughput required

R_FLAG-IP flag bit: [R] eliability indicates higher reliability required

Rsv_tos-type of Service (TOS) type

Data offset settings: Rsv_frag-fragmentation reservation flag with no fragmentation markings

Dont_frag-don ' t fragment flag end fragment identification

More_frag-more fragment flag still has fragments indicating

Offset–offset Data Block offset

IP datagram Identification flag: Ident–identifier upper layer protocol call

Offset: Segment offset

TTL: Live Time to live

Protocol: Protocol (int type) This is the Protocol class model given in the source code

/** Protocol number for ICMP */
public static final Short ipproto_icmp = 1;

/** Protocol number for IGMP */
public static final Short IPPROTO_IGMP = 2;

/** Protocol number for IP in IP */
public static final Short ipproto_ip = 4;

/** Protocol number for TCP */
public static final Short ipproto_tcp = 6;

/** Protocol number for UDP */
public static final Short ipproto_udp = 17;

/** Protocol number for IPV6 */
public static final Short Ipproto_ipv6 = 41;

/** Protocol number for IPv6 hop-by-hop option * *
public static final Short ipproto_hopopt = 0;

/** Protocol number for routing headers for IPV6 */
public static final Short ipproto_ipv6_route = 43;

/** Protocol number for fragment headers for IPV6 */
public static final Short Ipproto_ipv6_frag = 44;

/** Protocol number for IPv6 ICMP */
public static final Short ipproto_ipv6_icmp = 58;

/** Protocol number for no next header headers for IPV6 */
public static final Short ipproto_ipv6_nonxt = 59;

/** Protocol number for destination option for IPV6 */
public static final Short ipproto_ipv6_opts = 60;

SRC: Source IP

DST: Destination IP

The following is the principle of flood attacks based on IP packets:

Constructing IP packets with undefined protocol fields for flood attacks constructs an IP packet that represents this field in the upper layer protocol with a protocol type that does not belong to any of the assigned definitions. Destination IP point to attack the host, the source IP using pseudo-
The Service Type field is selected by default, the data block offset is set to no fragmentation and no offsets, the T TL is set to the maximum value of 255, the Protocol field is filled with any unassigned protocol type, and finally the checksum is filled with the correct check code to send. Note at this point
Only the first checksum of IP datagram is computed, and the data segment of IP datagram can be arbitrarily constructed.

Because the IP checksum is correct, the IP packet is reasonable and will not be discarded during transmission due to changes in the Protocol field. However, because the upper layer protocol is unknown, no further data processing can be done after the destination host is reached.
There is no test of TCP datagram checksums like SYN flood attacks. At this point, the system considers that the protocol of this packet is not sent with data packets or the system does not support this protocol, so the source IP that sends this packet directly
Location receipts an ICMP packet to notify the other IP datagram that the protocol could not be delivered at the same time.

In this case, although the attacked host does not establish a connection, there will be no waiting delay, but a large number of such packets sent out to attack, especially when the formation of a DDoS attack, the system resources will be exhausted, resulting in a very
Great harm.

echo Type for ICMP:

3 2 Protocol unreachable--protocol not reached    X

IP packet parsing and flood attack based on IP packet

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.