承接上一博文而来,继续解析网络数据包,对于承载在以太网上的三种协议进行了解析,主要是分为根据RFC定义的标准先解析头部数据,然后得到有效载荷,即为协议包含的实体数据,更上层进行进一步处理。
该协议作为局域网IP地址和MAC地址映射的重要协议,与DNS将域名与IP地址进行映射有异曲同工之妙。当以太网的类型字段为 0x0806时即为ARP协议数据包。定义如下图:
硬件类型即为以太网的代码。ARP支持的协议类型为IP(0x0800),硬件地址长度即MAC地址长度为6,协议地址长度为IP地址长度为4,OP字段为当前数据报的类型,0x0001表示请求包,0x0002表示应答包。这些就构成了ARP数据报头,一共8个Byte。
随后的20个Byte分别如上图所示,用来进行MAC地址和IP地址映射。
解析如下:
/// <summary>
/// Define the ARP packet header by RFC826
/// </summary>
public class ARPPacketHeader : INetworkLayerHeader
{
public ushort HardwareType = 0; //2 Bytes 硬件类型
public ushort ProtocalType = 0; //2 Bytes 协议类型
public byte HardwareAddressLength = 6; //1 Byte 硬件地址长度(即MAC地址长度为6)
public byte ProtocolAddressLength = 4; //1 Byte 协议地址长度(即IP地址长度为4)
public ushort OP = 0; //2 Byte ARP包类型(0x0001:请求包 0x0002:应答包)
}
/// <summary>
/// Parse the ARP packet
/// </summary>
public class ARPPacket : INetworkLayerPacket
{
private byte[] RawPacket;
public ARPPacketHeader Header;
public string SenderMAC;
public string SenderIP;
public string ReceiverMAC;
public string ReceiverIP;
public ARPPacket(byte[] rawArpPacket)
{
SenderMAC = Util.JoinByteArr(Util.SubByteArr(rawArpPacket, 8, 6), "-");
SenderIP = Util.JoinByteArr(Util.SubByteArr(rawArpPacket, 14, 4), ".", "d");
ReceiverMAC = Util.JoinByteArr(Util.SubByteArr(rawArpPacket, 18, 6), "-");
ReceiverIP = Util.JoinByteArr(Util.SubByteArr(rawArpPacket, 24, 4), ".", "d");
RawPacket = rawArpPacket;
}
public INetworkLayerHeader getHeader()
{
Header = new ARPPacketHeader();
Header.HardwareType = (ushort)((ushort)(RawPacket[0] << 8) + (ushort)RawPacket[1]);
Header.ProtocalType = (ushort)((ushort)(RawPacket[2] << 8) + (ushort)RawPacket[3]);
Header.HardwareAddressLength = (byte)RawPacket[4];
Header.ProtocolAddressLength = (byte)RawPacket[5];
Header.OP = (ushort)((ushort)(RawPacket[6] << 8) + (ushort)RawPacket[7]);
return Header;
}
public byte[] getBody()
{
return Util.SubByteArr(RawPacket, 8);
}
}解析过程与上述类似,可以进行类比。作为最广泛的网络层协议,详细结构就不赘述。直接看结构图:
解析过程如下:
/// <summary>
/// Define the IPv4 packet header by RFC791
/// </summary>
public class IPv4PacketHeader : INetworkLayerHeader
{
public byte Version = 4; //3 bits 版本号
public byte Length = 0; //5 bits 头部长度
public byte Tos = 0; //1 Byte 服务类型
public ushort DatagramLength = 0; //2 Bytes 数据包长度
public ushort Identification = 0; //2 Bytes 标识
public byte Mark = 0; //3 bits 标志
public ushort Offset = 0; //13 bits 片偏移
public byte TTL = 0; //1 Byte 数据包寿命
public byte UpperProtocal = 0; //1 Byte 上层协议
public ushort HeaderChecksum = 0; //2 Byte 头部检查和
public string SrcIP = ""; //4 Bytes 源IP地址
public string DstIP = ""; //4 Bytes 目的IP地址
}
/// <summary>
/// Parse the IPv4 packet
/// </summary>
public class IPv4Packet : INetworkLayerPacket
{
private byte[] RawPacket;
public IPv4PacketHeader Header;
public byte[] Body;
public IPv4Packet(byte[] rawPacket)
{
RawPacket = rawPacket;
}
public INetworkLayerHeader getHeader()
{
Header = new IPv4PacketHeader();
Header.Length = (byte)(RawPacket[0] & 0x1f);
Header.Tos = RawPacket[1];
Header.DatagramLength = (ushort)((ushort)(RawPacket[2] << 8) + (ushort)RawPacket[3]);
Header.Identification = (ushort)((ushort)(RawPacket[4] << 8) + (ushort)RawPacket[5]);
Header.Mark = (byte)(RawPacket[6] >> 5);
Header.Offset = (ushort)((ushort)((RawPacket[6] & 0x1f) << 8) + (ushort)RawPacket[7]);
Header.TTL = RawPacket[8];
Header.UpperProtocal = RawPacket[9];
Header.HeaderChecksum = (ushort)((ushort)(RawPacket[10] << 8) + (ushort)RawPacket[11]);
Header.SrcIP = Util.JoinByteArr(Util.SubByteArr(RawPacket, 12, 4), ".", "d");
Header.DstIP = Util.JoinByteArr(Util.SubByteArr(RawPacket, 16, 4), ".", "d");
return Header;
}
public byte[] getBody()
{
Body = Util.SubByteArr(RawPacket, 20);
return Body;
}
}IPv6是用来替代IPv4以解决地址空间不足的问题而发展起来的,同时改协议在IPv4的基础上也做了很大其他方面的改动,如不允许在中间路由器上进行分片操作等。目前应用范围虽然难以达到取代IPv4的程度,但是提供了较大优势。下图为其数据报结构:
解析过程如下:
/// <summary>
/// Define the IPv6 packet header by RFC 2460
/// </summary>
public class IPv6PacketHeader : INetworkLayerHeader
{
public byte Version = 6; //3 bits 版本号
public byte Tos = 0; //1 Byte 流量(服务)类型
public uint FlowTag = 0; //21 bits 流标签
public ushort AvaiLoad = 0; //2 Bytes 有效载荷长度
public byte NextHeader = 0; //1 Byte 下个首部(与IPv4中的协议字段值相同)
public byte HopLimit = 0; //1 Byte 跳数限制
public string SrcIP = ""; //16 Bytes 源IPv6地址
public string DstIP = ""; //16 Bytes 目的IPv6地址
}
/// <summary>
/// Parse the IPv6 packet
/// </summary>
public class IPv6Packet : INetworkLayerPacket
{
private byte[] RawPacket;
public IPv6PacketHeader Header;
public byte[] Body;
public IPv6Packet(byte[] rawPacket)
{
RawPacket = rawPacket;
}
public INetworkLayerHeader getHeader()
{
Header = new IPv6PacketHeader();
Header.Tos = (byte)((RawPacket[0] & 0x1fu) << 3 + RawPacket[1] >> 5);
Header.FlowTag = (uint)((RawPacket[1] & 0x1fu) << 16 + RawPacket[2] << 8 + RawPacket[3]);
Header.AvaiLoad = (ushort)((ushort)(RawPacket[4] << 8) + (ushort)RawPacket[5]);
Header.NextHeader = RawPacket[6];
Header.HopLimit = RawPacket[7];
Header.SrcIP = Util.JoinByteArr(Util.SubByteArr(RawPacket, 8, 16), ":", "X2", 2);
Header.DstIP = Util.JoinByteArr(Util.SubByteArr(RawPacket, 24, 16), ":", "X2", 2);
return Header;
}
public Byte[] getBody()
{
Body = Util.SubByteArr(RawPacket, 40);
return Body;
}
}
承载于以太网帧之上的数据包的解析——ARP、IPv4、IPv6
原文地址:http://blog.csdn.net/u010487568/article/details/39361643
