我有几个Checksum
错误的PCAP
文件,为了修复这些文件,我使用了以下方法:
private Packet FixBadChecksum(Packet packet)
{
try
{
EthernetLayer ethernet = (EthernetLayer)packet.Ethernet.ExtractLayer();
IpV4Layer ipV4Layer = (IpV4Layer)packet.Ethernet.IpV4.ExtractLayer();
DateTime packetTimestamp = packet.Timestamp;
TransportLayer transportlayer = (TransportLayer)packet.Ethernet.IpV4.Transport.ExtractLayer();
ILayer datagramLayer = (PayloadLayer)packet.Ethernet.IpV4.Payload.ExtractLayer();
ipV4Layer.HeaderChecksum = null;
if (transportlayer == null)
return PacketBuilder.Build(packetTimestamp, ethernet, ipV4Layer, datagramLayer);
else
{
transportlayer.Checksum = null;
ILayer payload = packet.Ethernet.IpV4.Transport.Payload.ExtractLayer();
return PacketBuilder.Build(packetTimestamp, ethernet, ipV4Layer, transportlayer, payload);
}
}
catch (Exception)
{
return packet;
}
}
现在举个例子,如果我的包在这个包(有错误的校验和)完成我的函数后是ICMP
的,那么它仍然有坏的Checksum
,所以我的问题是:我需要检查每个包协议,或者有一个通用的方法来做到这一点?(目前,我的函数在TCP
和UDP
上工作得很好,但是其他协议呢?)
发布于 2015-02-06 20:50:06
引用a similar discussion in Pcap.Net site
您看到的错误校验和是IPv4报头或ICMP内的IPv4报头的校验和。这些校验和很可能是错误的,因为ICMP上的数据只是发送到ICMP返回的数据包的部分副本。
https://stackoverflow.com/questions/28252156
复制相似问题