netsniff-ng icon indicating copy to clipboard operation
netsniff-ng copied to clipboard

Published 20 hours ago verified publisher icon netsniff-ng

Reversed endianness after using VLAN builder with mausezahn

Open vladimiroltean opened this issue 5 years ago • 0 comments

Hi,

I am trying to craft a VLAN-tagged packet. First without VLAN:

tcpdump -i ETH11 -e -n -Q out -XX &

mausezahn ETH11 -c 1 -p 64 -a de:ad:be:ef:00:03 -b de:ad:be:ef:00:02 -t ip -A rand
Mausezahn will send 1 frames...
00:47:00.740754 de:ad:be:ef:00:03 > de:ad:be:ef:00:02, ethertype IPv4 (0x0800), length 98: 0.214.82.136 > 255.255.255.255:  ip-proto-0 64
        0x0000:  dead beef 0002 dead beef 0003 0800 4500  ..............E.
        0x0010:  0054 0000 0000 ff00 684c 00d6 5288 ffff  .T......hL..R...
        0x0020:  ffff 4242 4242 4242 4242 4242 4242 4242  ..BBBBBBBBBBBBBB
        0x0030:  4242 4242 4242 4242 4242 4242 4242 4242  BBBBBBBBBBBBBBBB
        0x0040:  4242 4242 4242 4242 4242 4242 4242 4242  BBBBBBBBBBBBBBBB
        0x0050:  4242 4242 4242 4242 4242 4242 4242 4242  BBBBBBBBBBBBBBBB
        0x0060:  4242

Now with VLAN 1:

mausezahn ETH11 -c 1 -p 64 -a de:ad:be:ef:00:03 -b de:ad:be:ef:00:02 -Q 1 -t ip -A rand
Mausezahn will send 1 frames...
00:48:34.120904 de:ad:be:ef:00:03 > de:ad:be:ef:00:02, ethertype 802.1Q (0x8100), length 102: vlan 256, p 0, LLC, dsap Unknown (0x44) Group, ssap Null (0x00) Command, ctrl 0x5400: Information, send seq 0, rcv seq 42, Flags [Command], length 84
        0x0000:  dead beef 0002 dead beef 0003 8100 0100  ................
        0x0010:  0008 4500 0054 0000 0000 ff00 7719 004e  ..E..T......w..N
        0x0020:  4443 ffff ffff 4242 4242 4242 4242 4242  DC....BBBBBBBBBB
        0x0030:  4242 4242 4242 4242 4242 4242 4242 4242  BBBBBBBBBBBBBBBB
        0x0040:  4242 4242 4242 4242 4242 4242 4242 4242  BBBBBBBBBBBBBBBB
        0x0050:  4242 4242 4242 4242 4242 4242 4242 4242  BBBBBBBBBBBBBBBB
        0x0060:  4242 4242 4242                           BBBBBB

Notice how "8100 0100" should have been "8100 0001". Also, the IPv4 EtherType should have been 0800 but is now "0008".

Same thing happens with any other VLAN.

mausezahn ETH11 -c 1 -p 64 -a de:ad:be:ef:00:03 -b de:ad:be:ef:00:02 -Q 1024 -t ip -A rand
Mausezahn will send 1 frames...
00:50:15.080962 de:ad:be:ef:00:03 > de:ad:be:ef:00:02, ethertype 802.1Q (0x8100), length 102: vlan 4, p 0, LLC, dsap Unknown (0x44) Group, ssap Null (0x00) Command, ctrl 0x5400: Information, send seq 0, rcv seq 42, Flags [Command], length 84
        0x0000:  dead beef 0002 dead beef 0003 8100 0004  ................
        0x0010:  0008 4500 0054 0000 0000 ff00 21c6 99e4  ..E..T......!...
        0x0020:  0000 ffff ffff 4242 4242 4242 4242 4242  ......BBBBBBBBBB
        0x0030:  4242 4242 4242 4242 4242 4242 4242 4242  BBBBBBBBBBBBBBBB
        0x0040:  4242 4242 4242 4242 4242 4242 4242 4242  BBBBBBBBBBBBBBBB
        0x0050:  4242 4242 4242 4242 4242 4242 4242 4242  BBBBBBBBBBBBBBBB
        0x0060:  4242 4242 4242                           BBBBBB

I am using 0.6.7+ built with Buildroot.

Thanks, -Vladimir

vladimiroltean avatar Oct 02 '20 10:10 vladimiroltean