Ask Your Question
0

"Time To Live" always 0 when creating custom pcap file programmatically

asked 2023-02-17 19:52:36 +0000

updated 2023-02-18 03:20:41 +0000

Guy Harris gravatar image

I'm building custom pcap files to meet business requirements for different pcap files using data streaming from a raw socket. These are UDP packets with a IPV 4 header. I'm creating a prototype of this custom pcap file manually to verify before automating it. When creating the IP header, an additional byte is inserted into the location of the TTL location resulting in the TTL value displaying the warning: ""Time To Live" only 0" rather than the value 128 that should be displayed. "128" is displayed at the protocol location. Using .Net binaryWriter and following the order of the IP header protocol, I'm writing the following values in this order:

ushort usTotalLength = (ushort)IPAddress.HostToNetworkOrder(68);
           //Sixteen bits for total length of the datagram (header + message)
ushort usIdentification = (ushort)IPAddress.HostToNetworkOrder(27715);
           //Sixteen bits for identification
ushort usFlagsAndOffset = (ushort)0;
           //Sixteen bits for flags and offset
byte byTTL = 128 
           //Eight bits for TTL (Time To Live)

I can't upload the pcap file (don't have enough points), but it is showing a "00" byte at the TTL location where byte "80" with value of 128 should be displayed. "80" is displayed at the next byte where protocol should be.

How is the additional byte getting added and how can I prevent it? I suspect it has something to do with the flags and offset this appear as 16 bits in wireshark.

edit retag flag offensive close merge delete

Comments

Decouple this from being a Wireshark issue. Have you looked at the contents of the file with a hex or binary editor?

Chuckc gravatar imageChuckc ( 2023-02-18 00:32:55 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-02-18 13:05:12 +0000

SYN-bit gravatar image

Sounds like your code does not exactly do what you tell it to do. I can think of a byte ordering issue or maybe the BinaryWriter is created with some form of 16 bit encoding. This is more a .Net question, so you might have better luck asking in a .Net Q&A site

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-02-17 19:52:36 +0000

Seen: 201 times

Last updated: Feb 18 '23