(which more than likely you will) you can still download version 2.0

for your version of windows from the microsoft website, windows 3.1

unfortunately does not have a 2.0 version microsoft has decided not

to release a 16 bit one. Of course if you have Windows 3.1 what the

fuck are you doing? suddenly springs to mind, oh well, go away. Now

Windows32 systems have Winsock however different versions have varying

amounts of support for raw sockets. All Version 2 stacks have support

for creating ICMP packets using Raw Sockets but Only Windows NT4, 2000

and XP have the capability for creating TCP and UDP packets. D'ont

worry there is still alot of things you can do with ICMP alone if you

use a Win 9x system. Before we go into the programming side of things

we must now cover the IP, ICMP, TCP and UDP protocols in more detail.

If you have read Part 1 of this tutorial you should have a pretty good

idea about how all the protocols work if not thats ok it shouldn't be

too bad and you should be able to understand things, so please read

on for explenations of the Protocols.





3.0 THE INTERNET HEADERS

=======================================



In part 1 we discussed the different Internet protocols and how they

fit together with packets so you should know pretty well how data is

transfered across the internet and understand many of the fields

within the different headers, if you aren't sure or cant quite

remember I suggest you read the first few sections of Part 1 of this

tutorial. Well now that you have a pretty good idea about the different

headers and understand the idea behind them we are going to have to go

into slightly more detail about the different headers and their

respective fields.







3.1 THE IP HEADER

=======================================



   +---------------------------------+--------------------------------+

   |Version |  IHL   |     TOS       |         Total Length           |

   | 4 bits | 4 bits |    8 bits     |            16 bits             |

   +--------+--------+---------------+------+-------------------------+

   |        Identification           |Flags |     Fragment Offset     |

   |            16 bits              |3 bits|         13 bits         |

   +-----------------+---------------+------+-------------------------+

   |  Time to Live   |   Protocol    |        Header Checksum         |

   |      8 bits     |    8 bits     |             16 bits            |

   +-----------------+---------------+--------------------------------+

   |                        Source Address                            |

   |                            32 bits                               |

   +------------------------------------------------------------------+

   |                      Destination Address                         |

   |                            32 bits                               |

   +------------------------------------------------+-----------------+

   |                     Options                    |     Padding     |

   +------------------------------------------------+-----------------+



   FIG 1.0  - Structure of an IP Header





As you can see above the IP header has a total of 14 Fields.



1.  Version

2.  IHL

3.  TOS

4.  Total Length

5.  Identification

6.  Flags

7.  Fragment Offset

8.  Time To Live

9.  Protocol

10. Header Checksum

11. Source Address

12. Destination Address

13. Options

14. Padding





1.  Version		- The version field describes what version of the IP Protocol

			  is being used, we will be using IPv4 because it is more

			  supported and IPv6 is not yet fully implemented.



2.  IHL			- The Internet Header Length (IHL) contains the length of the

			  Internet Header in 32 bit words. Minimum value for a header

			  is 5.



3.  TOS			- The Type Of Servive (TOS) field was designed to tell routers

			  how the packet is to be handled for example so that packets

			  that need to move quickly like streaming audio would have a

			  higher TOS value than other packets so that routers would

			  send them across the network faster. These days most routers

			  do not process the TOS field because it would waste too much

			  of the routers time so we usually just set the TOS field to

			  0.



4.  Total Length 		- This field contains the total size of the Internet Packet

			  including headers and data. Typical IP headers are 20 bytes

			  in size, same with TCP ones, so an Internet Packet with an

			  IP Header, a TCP Header and no data would be 20 + 20 = 40

			  bytes in length, Total Length = 40 Bytes.



5.  Identification		- This field is used to aid in tracking fragmented packets,

			  each fragment has the same ID as the first datagram, the

			  ID's of datagrams following each other is usually

			  incremented, because this value must be unique most

			  applications use there process id to fill in this field.



6.  Flags			- Flags are used with IP to control fragmentation, there are

			  4 flags.





			1-NO FLAGS		       [VALUE = 0x00]



			  Does not specify any fragmentation options



			  		     





			2-MORE FRAGMENT		       [VALUE - 0X01]



			  Means there is more fragments to be

			  recieved after this packet



			  		     





			3-DONT FRAGMENT		       [VALUE = 0X02]



			  Tells the stack not to fragment this packet



			

			4-MORE & DONT		       [VALUE = 0X03]



			  Tells the stack that there are more packets

			  to be recieved after this one and not to

			  fragment it



			  		     





		    NOTE: THE LAST FRAGMENT CANNOT HAVE A FLAG OF 0X01 (MORE FRAG)

			  AS THERE ARE NO OTHER PACKETS TO FOLLOW.







7.  Fragment Offset	- The fragment offset is used for placing different packets

			  in the correct order when reassembling Datagrams. The first

			  fragment must have a value of 0 and the last must be equal

			  to the value of Total Length. Value is measured in units of

			  64 bits (8 octets).



8.  Time To Live	- The Time To Live (TTL) field was created so that if a packet

			  cannot find its destination it will be destroyed rather than

			  travel across the internet indefinately, if packets kept

			  mounting in this fashion it would seriously degrade network

			  performance. Each router that a packet meets decrements the

			  value of the TTL field by one. If the value is decremented

			  to 0 before it reaches its destination the packet will be

			  destroyed and an error sent back to the computer that the

			  packet originated from. If the TTL is set to 0 on creation

			  it will immediately be destroyed.



9.  Protocol		- This field specifies what protocol is being carried in the

			  datagram eg; TCP.



			  The most common values are as follows:



			  IPPROTO_TCP	= TCP

			  IPPROTO_UDP	= UDP

			  IPPROTO_ICMP	= ICMP



			  Other protocols and there values will be specified later.



10. Header Checksum	- The checksum is the size of the Internet Header, it is used

			  to verify the integrity of a packet by comparing the headers

			  size with the value of the checksum. Certain fields in the

			  IP Header change troughout transport such as the TTL field

			  because of this the checksum is recalculated and verified

			  by each router or gateway it encounters.



11. Source Address		- The IP Address of the computer that the packet originated

			  from. In other words if you sent a packet this field would

			  contain your IP Address. This lets the computer being sent

			  the packet know where it came from and where to send a reply.



12. Destination Address 	- The IP Address of the computer that the packet is being sent.

			  Lets routers that the packet meets know where to send the

			  packet to.



13. Options		- Mostly the options aren't filled out and they are very rarely

			  used at all so we wont discuss them very much. There are

			  however 3 interesting options that we will discuss here,

			  they are:



			  1. Loose Source Routing

			  2. Strict Source Routing

			  3. Record Routing.



			  1. Loose Routing

			  

			  Loose Routing allows us to specify the source computer (us)

			  and the destination computer's IP Address's in the IP

			  header along with the address's of a couple of other routers

			  that the packet must travel across between, then we can

			  better control how the packet travels across the internet.



			  2. Strict Routing



			  Strict Routing allows us to specify the source computer (us)

			  and the destination computer's IP Address's in the IP

			  header along with the address's of other routers, the packet

			  then has to travel along this exact route to get to its

			  destination, using this we can route our packets around

			  routers or gateways that are down or not responding, this

			  also means that if you wanted to you could ensure that the

			  packet travels across certain networks and passes certain

			  routers, of course this isn't recommended as you could

			  'accidentaly' bypass security restrictions on some networks

			  by using this method, which is naughty.



			  3. Record Routing



			  Im sure we are all familiar with the traceroute program

			  which uses the ICMP protocol to tell us what routers our

			  packets are traveling trough to get to there destination,

			  record routing can be used ina  similiar way, by setting

			  this option every router that the packet meets places its

			  IP Address into the IP Header, we can then examine the packet

			  and see what IP Address's it contains.



		    NOTE: AN IP HEADER CAN ONLY BE A MAXIMUM OF 60 BYTES LONG AND THE

			  HEADER IS 20 BYTES IN LENGTH, EACH IP ADDRESS IS 4 BYTES IN

			  SIZE SO AN IP HEADER CAN ONLY CONTAIN A MAXIMUM OF 10 IP

			  ADDRESS'S EACH.





14. Padding		- Padding is there to respect the 32 bits boundary, its composed

			  of 0's.







3.2 THE TCP HEADER

=======================================



Well before we get into the TCP header we first have to explain how exactly a TCP connection

is formed between two hosts. The First host sends a TCP packet with one of the fields in the

header set with a value of SYN, this is known as a SYN (synchronise) packet. So what is this

packet synchronising? A potential problem with a TCP connection would be  if a connection was

established between some internet user at home and a shop on the internet, the user views his

details but in the mean time some-1 were to pretend they were that user and the webshop sent

that users details to that person instead of the real user (such as the real users credit

card numbers?). Because of this a thing called an acknowledgement number was created, the

number is defined by the server and the syn packet is used to transmit this number to the

host, both sides of the connection now have the same Acknowledgement number and they are

synchronised! The Acknowledgement number will be contained in all TCP packets troughout this

session and if any packets recieved at either side have a wrong Acknowledgement number then

the packet will be discarded.



The second host will now send another TCP packet this time with a field set to ACK

(Acknowledge) this is known as a SYN_ACK packet. Its purpose is to acknowledge the reception

of the SYN packet.



Once the first host has recieved the SYN_ACK packet it sends one last ACK packet, just to be

sure to be sure.



As you can see this process involves 3 steps.



1. Host sends SYN packet to target start a connection

2. Target sends host an ACK packet saying it recieved the SYN.

3. Host sends target an ACK packet to confirm and connection is established.



Because of these 3 steps the TCP connection is known as the Three-Way-Handshake.







   +---------------------------------+--------------------------------+

   |          Source Port            |       Destination Port         |

   |            16 bits              |           16 bits              |

   +---------------------------------+--------------------------------+

   |                          Sequence Number                         |

   |                              32 bits                             |

   +------------------------------------------------------------------+

   |                      Acknowledgment Number                       |

   |				  32 bits			      |

   +--------+------------+-----------+--------------------------------+

   |D-Offset|  Reserved  | Ctrl Bits |   	   Window               |

   | 4 bits |   6 bits   |   6 bits  |	   16 bits              |

   +--------+------------+-----------+--------------------------------+

   |            Checksum             |        Urgent Pointer          |

   |             16 bits             |            16 bits             |

   +---------------------------------+--------------+-----------------+

   |                     Options                    |     Padding     |

   +------------------------------------------------+-----------------+

   |				Data			      |

   +------------------------------------------------------------------+





   FIG 1.1  - Structure of a TCP Header





There are 12 fields in total in the TCP Header and your Datagram.



1.  Source Port

2.  Destination Port

3.  Sequence Number

4.  Acknowledgement Number

5.  Data Offset

6.  Reserved

7.  Control Bits

8.  Window

9.  Checksum

10. Urgent Pointer

11. Options

12. Padding







1.  Source Port		- The Source port number.



2.  Destination Port	- The Destination port number.



3.  Sequence No.		- The sequence number is used to ensure that segments

			  recieved by a host are from where they claim to be,

			  this prevents people from hijacking connections.



4.  Acknowledgement No. 	- The acknowledgement number to ensure both sides of

			  the connection are authentic, as explained above.



5.  Data Offset		- The Data Offset in the header is expressed in 32 bit

			  words. The default is 5 if you have no options set

			  in the TCP header.



6.  Reserved		- This field is reserved for future use, you must have

			  it set to 0.



7.  Control Bits		- This is the field that contains values such as SYN

			  and ACK. It has a total of 6 values.



    		    	  URG:  Send Urgent Data to destination.

    		    	  ACK:  Acknowledgment of Data.

    			  PSH:  Push Data to destination.

    			  RST:  Reset the connection.