hping3/docs/APD.txt

ARS Packet Description system

  This document describes the APD format. APD is a way to describe TCP/IP
  packets, and it is used in high level functions of the ARS library.
  The general format is the following:

	layer_type{field_1=value_1,field_2=value_2,...,field_n=value_n}

  more layers can be combined using the "+" simbol. Example:

	ip{dst=192.168.1.2}+udp{sport=53,dport=53}+data{file=./dns.packet}

  You don't need to specify fields that ARS can guess. For example
  if you don't specify checksums they will be correctly generated
  in the process of packet compilation.

  AVAILABLE LAYERS
  ~~~~~~~~~~~~~~~~

  A layer type is one of the following:

	ip			IP header
	ipopt.eol		IP option EOL
	ipopt.nop		IP option NOP
	ipopt.sec		IP option Security
	ipopt.sid		IP option Stream ID
	ipopt.lsrr		IP option Loose Source Routing
	ipopt.ssrr		IP option Strict Source Routing
	ipopt.rr		IP option Record Route
	ipopt.ts		IP option Timestamp
	udp			UDP header
	tcp			TCP header
	tcpopt.end		TCP option END
	tcpopt.nop		TCP option NOP
	tcpopt.mss		TCP option Max Segment Size
	tcpopt.wscale		TCP option Window Scale
	tcpopt.sackperm		TCP option Selective ACK permitted
	tcpopt.sack		TCP option Selevtive ACK
	tcpopt.echo		TCP option Echo Request
	tcpopt.echoreply	TCP option Echo Reply
	tcpopt.ts		TCP option Timestamp
	icmp			ICMP header
	data			Generic Data

  Different fields are defined for different layer types:

  IP FIELDS:	DESCRIPTION:		POSSIBLE VALUE:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  saddr		Source address		192.168.1.2, or www.yahoo.com
  daddr		Destination address	192.168.1.2, or www.yahoo.com
  ihl		IP header len		numerical value
  ver		IP version		numerical value
  tos		Type of Service		numerical value
  totlen	IP tot len		numerical value
  id		IP packet ID		numerical value
  fragoff	IP fragment offset	numerical vaule
  mf		More Fragment		0 or 1
  df		Dont Fragment		0 or 1
  rf		Reserved Frag. bit	0 or 1
  ttl		Time to Live		numerical value
  proto		ip protocol field	numerical value
  cksum		ip checksum		numerical value

  UDP FIELDS:	DESCRIPTION:		POSSIBLE VALUE:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  sport		Source port		numerical value
  dport		Destination port	numerical value
  len		UDP len field		numerical value
  cksum		UDP checksum		numerical value

  TCP FIELDS:	DESCRIPTION:		POSSIBLE VALUE:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  sport		Source port		numerical value
  dport		Destination port	numerical value
  seq		TCP sequence number	numerical value
  ack		TCP acknowledge number	numerical value
  x2		TCP reserved bits	numerical value
  off		TCP header size		numerical value
  flags		TCP flags		FSRPAUXY (see the example)
  win		TCP window		numerical value
  cksum		TCP checksum		numerical value
  urp		TCP urgent pointer	numerical value

  ICMP FIELDS:	DESCRIPTION:		POSSIBLE VALUE:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  type		ICMP type		numerical value
  code		ICMP code		numerical value
  cksum		ICMP cksum		numerical value
  id		ICMP echo ID		numerical value
  seq		ICMP echo sequence nr   numerical value
  gw		ICMP gateway		192.168.1.2 or www.yahoo.com

  DATA FIELDS:	DESCRIPTION:		POSSIBLE VALUE:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  file		Data file		/etc/passwd
  str		A string		hello world! (no escaping available)


  Other layer types fields aren't still implemented, anyway
  most of this contains sane defaults, (like IP record route option
  and so on).

  You can specify numerical values as hex, octal and decimal numbers.

  Decimail:	10
  Hex:		0xA
  Octal:	012

  Examples
  ~~~~~~~~

  /* Just an ICMP echo request */
  ip{saddr=1.2.3.4,daddr=www.yahoo.com}+icmp{type=8,code=0}\
  +data{str=hello world}

  /* An ICMP destination unreachable with the quoted UDP packet */
  ip{saddr=1.2.3.4,daddr=5.6.7.8}+icmp{type=3,code=3}\
  +ip{saddr=www.yahoo.com,daddr=1.2.3.4}+udp{sport=53,dport=53}\

  /* A TCP packet with the SYN flag set */
  ip{saddr=1.2.3.4,daddr=5.6.7.8}+tcp{flags=S,dport=80,sport=10}