First up is determining where all the interesting bits in each layer of the OSI stack are located within each packet. In logical order:
- DNS Records and DNS Headers (about half way down)
With all that reference material, you might think this is a lot of reading! Okay, fine how about a copy and paste job? Tcpdump is the perfect place to exercise your mouse wheel click skillz to get all the data structures and defines you'll need.
One last useful tool that should be in every network programmers tool belt is of course, Wiershark (aka ethereal). In this case, it comes in handy to double check your program is disassembling the packets the same as Wireshark.
A BPF is used to speed up the filtering of interesting packets from useless ones and is passed in to the program as follows:
dns_sniffer "udp port 53"
When writing any network aware application, the best place to start for documentation is always going to be the applicable RFC for whatever protocol you plan to speak.
When figuring out what bitmasks were needed to mask out specific bits (namely the first two bits for parsing DNS compression) Conversion Table came in handy. I also found this handy page if you need to brush up on bitwise operations (I sure did, since I hardly use them.) And don't forget your ASCII-Table!
Have you ever wondered how your lonely little-endian wintel laptop / desktop is able to communicate over the same IP network to a big-endian speaking SPARC system? It certainly kept me up at night! See for yourself how it is able to work.
More to follow... (you know, like source code)
No comments:
Post a Comment