If you are developing an application that works over a network, or are debugging the operation of such an application, a thorough knowledge of how network protocols work will greatly facilitate your task. The primary source of such knowledge is RFCs and, fortunately, they have been in the public domain for a long time. Moreover, you can read them even with the console browser links, since they contain nothing besides the text.
Nevertheless, most likely most of Habr's readers have never read the entire text of at least one RFC, even RFC-2616... In addition to the furious style of bureaucratic documents, the language barrier can be a hindrance. In addition, most often you need to understand some specific aspect of the protocol architecture: the length and type of fields, return code, location within the header. You don't have to read everything from cover to cover to do this.
Just for this case, Protocol was written , a fairly simple console application written in Python. It has a twofold purpose.
- Provide developers and engineers with the ability to easily and easily see the header diagram of the most common network protocols directly from the command line.
- Provide researchers and engineers with the ability to quickly create ASCII header diagrams for their own custom protocols.
Installation and configuration
The source code is on GitHub , you can download it in a standard way.
git clone https://github.com/luismartingarcia/protocol.git
Configuration is performed by a command with root user rights.
setup.py install
Since the program currently does not have a standard installation mechanism for Linux or Python distributions, it is better to remember where the files are copied.
running install running build running build_scripts creating build creating build/scripts-3.9 copying and adjusting protocol -> build/scripts-3.9 copying constants.py -> build/scripts-3.9 copying specs.py -> build/scripts-3.9 changing mode of build/scripts-3.9/protocol from 644 to 755 changing mode of build/scripts-3.9/constants.py from 644 to 755 changing mode of build/scripts-3.9/specs.py from 644 to 755 running install_scripts copying build/scripts-3.9/protocol -> /usr/bin copying build/scripts-3.9/constants.py -> /usr/bin copying build/scripts-3.9/specs.py -> /usr/bin changing mode of /usr/bin/protocol to 755 changing mode of /usr/bin/constants.py to 755 changing mode of /usr/bin/specs.py to 755 running install_egg_info Writing /usr/lib/python3.9/site-packages/protocol-0.1-py3.9.egg-info
Run protocol
The program has two main modes of operation:
- protocol <name of the existing protocol>;
- protocol <native protocol specifications>.
The following standard protocols are available
ethernet : Ethernet
8021q : IEEE 802.1q
dot1q : IEEE 802.1q
tcp : Transmission Control Protocol (TCP)
udp : User Datagram Protocol (TCP)
ip : Internet Protocol (IP), version 4.
ipv6 : Internet Protocol (IP), version 6.
icmp : Internet Control Message Protocol (ICMP)
icmp-destination: : ICMP Destination Unreachable
icmp-time : ICMP Time Exceeded
icmp-parameter : ICMP Parameter Problem
icmp-source : ICMP Source Quench
icmp-redirect : ICMP Redirect
icmp-echo : ICMP Echo Request/Reply
icmp-timestamp : ICMP Timestamp Request/Reply
icmp-information : ICMP Information Request/Reply
icmpv6 : ICMP for IPv6 (ICMPv6)
icmpv6-destination : ICMPv6 Destination Unreachable
icmpv6-big : ICMPv6 Packet Too Big
icmpv6-time : ICMPv6 Time Exceeded
icmpv6-parameter : ICMPv6 Parameter Problem
icmpv6-echo : ICMPv6 Echo Request/Reply
icmpv6-rsol : ICMPv6 Router Solicitation
icmpv6-radv : ICMPv6 Router Advertisement
icmpv6-nsol : ICMPv6 Neighbor Solicitation
icmpv6-nadv : ICMPv6 Neighbor Advertisement
icmpv6-redirect : ICMPv6 Redirect
Here are examples of using the utility.
|12:09:41|admin@redeye:[~]> protocol ip 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |12:09:45|admin@redeye:[~]> protocol ipv6 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| Traffic Class | Flow Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Payload Length | Next Header | Hop Limit | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Source Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Destination Address + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
In one command, you can specify several protocols at once, separating them with a space.
|12:34:16|admin@redeye:[~]> protocol icmp-time icmp-timestamp 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Unused | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + Internet Header + 64 bits of Original Data Datagram + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identifier | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Originate Timestamp | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Receive Timestamp | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Transmit Timestamp | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Protocol is quick-witted, it is not necessary to type the name of the protocol in full, if you are really lazy you can, for example, type dot instead of dot1q. However, as in the case of autocompletion, in case of an ambiguous choice, it is proposed to choose one of the alternatives.
|12:43:25|admin@redeye:[~]> protocol icmpv6-r
Ambiguous protocol specifier 'icmpv6-r'. Did you mean any of these?
icmpv6-radv
icmpv6-redirect
icmpv6-rsol
Own developments
The most important feature of the protocol specification is the field lists. You can specify them for your own protocol as follows.
|12:55:16|mikayel@redeye:[~]> protocol «Source:16,Reserved:40,RTT:8» 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+ | Reserved | RTT | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Additional options expand the formatting capabilities of ASCII charts. You can specify the number of bits per line, set the characters for the separator and pseudo graphics. The previous command with pseudo-graphics options will give the following.
|16:02:05|mikayel@redeye:[~]> protocol «Source:16,Reserved:40,RTT:8?\ numbers=y,startchar=*,endchar=*,evenchar=-,oddchar=-,sepchar=|» 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 *---------------------------------------------------------------* | Source | | *-------------------------------* *---------------* | Reserved | RTT | *---------------------------------------------------------------*
Protocol + tshark
More complete information on the structure of network protocols can be obtained by opening the saved pcap / pcapng file of network traffic in tshark . If you look only in tshark, you can not see the forest for the trees, and together with the Protocol - what you need.
|16:08:05|admin@redeye:[~]> sudo tshark -r /tmp/exmp.pcap -V
Transmission Control Protocol, Src Port: 48378, Dst Port: 443, Seq: 1, Ack: 1, Len: 0
Source Port: 48378
Destination Port: 443
[Stream index: 0]
[TCP Segment Len: 0]
Sequence Number: 1 (relative sequence number)
Sequence Number (raw): 1120003294
[Next Sequence Number: 1 (relative sequence number)]
Acknowledgment Number: 1 (relative ack number)
Acknowledgment number (raw): 4090007166
1000 .... = Header Length: 32 bytes (8)
Flags: 0x010 (ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..0. = Syn: Not set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A····]
Window: 501
[Calculated window size: 501]
[Window size scaling factor: -1 (unknown)]
Checksum: 0xfbe8 [unverified]
[Checksum Status: Unverified]
Urgent Pointer: 0
Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
TCP Option — No-Operation (NOP)
Kind: No-Operation (1)
TCP Option — No-Operation (NOP)
Kind: No-Operation (1)
TCP Option — Timestamps: TSval 2014817649, TSecr 2606727549
Kind: Time Stamp Option (8)
Length: 10
Timestamp value: 2014817649
Timestamp echo reply: 2606727549
|16:28:51|admin@redeye:[~]> protocol tcp
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Offset| Res. | Flags | Window |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Of course, programs like Protocol and tshark cannot and should not replace reading primary sources, because ․ e ․ RFCs, however, they can save a lot of time for programmers and system administrators.
Cloud servers from Macleod are fast and secure.
Register using the link above or by clicking on the banner and get a 10% discount for the first month of renting a server of any configuration!
