Low level possible

[Robert Collins]

Does anyone know where I can get the information on writing low-level socket logic. I don't mean at a level lower than Assembly. I have a good understanding of socket programming in higher level languages (C, VB) but the usage at that level is still calling winsock functions. I am interested in knowing how do you send and receive data accross a network at the machine code level but even at the DOS level or BIOS level. I'm sure it will be quite a learning experience but I am patience and thorough.

[Ghirai]

You mean writing a LSP?

[drhowarddrfine]

Try here at the bottom are tutorials for C and ASM.

[Robert Collins]

Hi Ghirai.

I'm do not know the meaning of 'LSP'.

I guess what I am looking into is to see how much I can accomplish (how much fun it is or not fun it is) by writting the steps needed to create a simple network connection at the lowest level possible (I don't mean at the CPU chip level (you know microcode) but I do mean at the device level if it comes to that). For example:

In VB using the VB Winsock.OCX I would write.....

Code Select Expand


  '
  '
  Winsock1.Connect host, port
  ' 
  '


.....but this is high level and it doesn't tell me anything about what goes on at the underlying level.

or I might do this if I use the API of ws2_32.dll

Code Select Expand


  '
  '
ConnectWinsock iSocket, sock, Len(sock)
  '
  '


.....but again it is high level and still doesn't tell me anything about the underlying level.

In Assembly I would do something like this using the ws2_32.dll.....

Code Select Expand


  '
  '
invoke connect, sckClient, addr sin, sizeof sin
  '
  '


I want to go to the next step lower.

In other words, I would like to be able to accomplish the same thing without using any API calls of any DLL. Now I have been there before
when I was writting assembly code to program the Video chip. So, instead of using API calls of the GDI32.DLL I did it at the pure code level
using only assembly language instructions.

So, basically, I want to do this...........

Code Select Expand


  '
  '
  push this
  push that
  xor   something,something
  '
  '
  in    bla_bla_bla
  '
  '
  out bla_bla_bla
  '
  '
  '
  pop that
  pop this
  ret


....whereas in the above funny snippit is the assembly level opcodes to do a network connection.

[Ghirai]

Well, in that case you should read the tutorial drhowarddrfine suggested, it's very good.

Oh, and LSP stands for Layered Service Provider.

[Relvinian]

Robert,

If you don't want to use the winsock API calls, then you will need to write your own TCP/IP stack and network protocol driver (which is what the winsock layer is). This is a LOT of work and not something to be taken lightly. Some of the things you will need to research and code are ARP requests/responses, DNS resolves, IP, TCP, UDP header layers, MAC addressing, etc.

Unless you are trying to write OS level drivers, it is best to just use the winsock API calls and for now, not worry about what those calls do "behind the scenes".

Relvinian

[Robert Collins]

Robert,

If you don't want to use the winsock API calls, then you will need to write your own TCP/IP stack and network protocol driver (which is what the winsock layer is). This is a LOT of work and not something to be taken lightly. Some of the things you will need to research and code are ARP requests/responses, DNS resolves, IP, TCP, UDP header layers, MAC addressing, etc.

Unless you are trying to write OS level drivers, it is best to just use the winsock API calls and for now, not worry about what those calls do "behind the scenes".

Relvinian

Hi Relvinian

Yes, as far as those things you stated I am already aware of what is forthcoming. I have a few excellent books on networking (not programming oriented) that goes into all thoses things you mentioned. This is not something I want to accomplish overnight and already know its a long drawn out process but what the heck. I have a fairly decent understanding of the material that I read but I just don't have any code to get me going at the coding level. This is just a whim I have and maybe I will find out later that it is not really worth my time and effort but it does sound intriging and it wouldn't hurt to have some knowledge of what goes on 'under the hood' so to speak. 

[Robert Collins]

OK, maybe I should break it down to what my thought is. Perhaps I won't even have to resort down to
the pure assembly level to do this. I just kind of thought that was probably the only way to do
it.

I have two packet sniffer applications: 1) EtherDetect and 2) EtherReal.

Both are very good and I use one or the other to look at the stuff that is coming in and going out of
my PC. I am reasonably familar with the info that is being displayed of the in/out traffic flow. I like
these two applications but I would like to make my own. The two applications are lacking the interface
I need to tap into them and I would rather make my own (even if it is far below the functionality of the
two commerical apps). Just to get to a point where my program is actually capturing the network traffic
would be a big bonus on my part.

My first thought was that this would have to be done at the assembly level, using no API calls, because
I am unable to find anything in the APIs' functionalities that gives me a clue on how to 'listen' and
capture the network traffic flow. If I knew how to do this I would be on my way.

Code Select Expand


  '
  '
  GetNetworkTraffic      ; Actual data flow like I see in EtherDetect
  '
  '
  ProcessTraffic         ; Break down the packet(s) and format the traffic flow
  '
  '
  DisplayTraffic         ; Display the formatted info in the view window
  '
  .
       

Only the first command has anything to do with networking.   

[The Dude of Dudes]

Hi Robert.

Take a look at the Windows Packet Capture library (WinPcap). It's the custom API that EtherReal uses. Its Freeware and re-distributable with your app if you choose to use it. You already have it installed if you are using EtherReal.  Go  here -->http://winpcap.polito.it/<--- to get liscence info and SDK (Api's are well documented).  I'm attaching MASM compatible INC and LIB files. It lets you send and receive directly to your network card, byte by byte, bypassing all windows protocol stacks. It gives you the benefit of using the network cards device driver, which would ensure your code works on other hardware configurations.

[attachment deleted by admin]

[Robert Collins]

Hi Robert.

Take a look at the Windows Packet Capture library (WinPcap). It's the custom API that EtherReal uses. Its Freeware and re-distributable with your app if you choose to use it. You already have it installed if you are using EtherReal.  Go  here -->http://winpcap.polito.it/<--- to get liscence info and SDK (Api's are well documented).  I'm attaching MASM compatible INC and LIB files. It lets you send and receive directly to your network card, byte by byte, bypassing all windows protocol stacks. It gives you the benefit of using the network cards device driver, which would ensure your code works on other hardware configurations.

Hi Dude of Dudes,

Yes! Yes! Yes! That is exactly what I needed. It's all there, everything. I already built my first capture program. That link is great. Thanks alot.

Thanks to the others also because your responses also guided me in the right direction.

[BogdanOntanu]

If you ever want to go deeper that using a layer on top of the driver, just check SolarOS network code.
You will find there the network driver itself and a fast set of mimimal layers on top of that.

[Robert Collins]

That would be something I would probably be interested in later after I get a little more familar with what I am dealing with now which is quite involved but very interesting using the wpcap.dll to capture network traffic. 

[James Ladd]

You should google NDIS Drivers !

[Robert Collins]

I was just wondering about something. Since I am using wpcap.dll to make my own packet sniffer and so far it looks like it is working correctly (I compared my output with those of EtherReal and they are the same) I noticed that it didn't capture the data when I did a PING on my IP address. The feedback from PING said that it sent and recieved some bytes but I don't see them in the capture data. Is there something special about this?

[The Dude of Dudes]

When you ping your own IP it gets translated by WinSock to the Loopback address 127.0.0.1 and never reaches your network card.