// *************************** // ***** TCP header ******** // *************************** // Attention: you can use this header only if you build some complex headers, containing IP header // This header must be combined with some other headers (on the channel level at least) /* NOTE: if some word begings with symbole . then it's field's definition. If such field already exists then its parameters will be rewritten. The position of the newly defined field will be equal to the current position of byte pointer. The byte pointer is initially equal to 0. It changes while specifying field's value (ex: "srcport 80") or while field's definition (ex: ".srcport 80s2."). In any case it will be set after the just written value. If this header is included from some other header then byte pointer may not be equal to 0. Its current value will be used as the beginning of tcp header. The comments before field's definition will be displayed when using -k option. */ /* 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TCP Header Format */ // port of source .srcport 32776s2. /* While field's definition its value must be given. The type of value will be determined automaticly and will become the type of field. Decimal number are marked by symbole . at the end. Hexadecimal number - 0x at the beginning. By default numbers are decimal. For decimal numbers symbole 's' may be used to specify the size of field follows this symbole. After this definition byte pointer will be increased by 2. */ // port of destination .dstport 81s2. // number of sequence .num 1001s4. // number of acknowledgement .ack 200001s4. // next two commands will be applied to next defined field only mask 0xf0 // MASK command is used to limit the area of common field, the value will be written to only left four bits offset 4 // OFFSET command is used to shift the area of decimal field to the left, the value will be multiplied by 16 (2^4) // the length of TCP header (in fours of bytes, mask = 0xf0, offset 4) .tcp.hlen 5 // tcp flags .tcp.flags 0x02 BACK 1 // reduces byte pointer by 1 (back to position of tcp.flags field) // tcp flags alias .tf 0x02 // the size of receiver window .window 5840s2. // tcp crc .tcp.crc 0x0000 // the size of field will be determined by the size of hexadecimal number // urg pointer .urg 100s2. // application's data (for header without options) .tcp.data '' /* NOTE: symboles ' or " indicate the string type, fields with this type have no size, any string may be specified later */ // application's data .td '' // alias for tcp.data PASS 12 // increases the byte pointer by option's size // application's data (for header with 12 bytes of options) .tcpd '' // start position of data for header with some popular options (see tcpstdopt.fws) CLEARHISTORY // clearing the history of packets, otherwise the tcp packet will have size as though it has options tcp.crc TCPcrc /* sets auto calculated value, tcp crc will be automaticly calculated before generation or waiting, any concrete value may specified later if needed (ex: "tcp.crc 0x0000") */ tcp.data '' // tcp ports DEFINE http 80s2. // after s - size of number DEFINE ftp 21s2. DEFINE ftpd 20s2. DEFINE ssh 22s2. // standart tcp flags combinations DEFINE onesyn 0x02 DEFINE sa 0x12 DEFINE synack 0x12 DEFINE oneack 0x10 DEFINE onerst 0x04 DEFINE onefin 0x01 DEFINE fa 0x11 DEFINE finack 0x11 DEFINE ra 0x14 DEFINE rstack 0x14 // define Flags fields /* Control Bits: 6 bits (from left to right): URG: Urgent Pointer field significant ACK: Acknowledgment field significant PSH: Push Function RST: Reset the connection SYN: Synchronize sequence numbers FIN: No more data from sender */ tcp.flags 0x02 BACK 1 MASK 0x1 // fin flag .fin 0 BACK 1 OFFSET 1 MASK 0x2 // syn flag .syn 1 BACK 1 OFFSET 2 MASK 0x4 // rst flag .rst 0 BACK 1 OFFSET 3 MASK 0x08 // push flag .push 0 BACK 1 OFFSET 4 MASK 0x10 // ack flag .ak 0 BACK 1 offset 5 mask 0x20 // urg flag .ug 0 BACK 1 offset 6 mask 0x40 // ece flag .ece 0 BACK 1 offset 7 mask 0x80 // cwr flag .cwr 0 BACK 1 tcp.data ''