If altering the ip-number in the header ( with raw-sockets, I saw many people asking how to do this in forums )
there can surely be no possibility to receive something,
since the 'return-ip' is not the real sender!!!
So what's the point in doing it? - I can't figure a single use!!!
A program that can only send and not receive seems very very useless to me. :confused:

( also: Is raw-sockets requiered for coding a trace-route, which is something I would like to learn? )
Posted on 2002-11-01 16:58:59 by david
There are situations where you might wish to falsify your point of presence and do not need to see reply packets... however I can't think of many "legitimate" uses !!! However, altering the IP header is more than just altering the IP address !!! It gives you access to alter things like the session flags if you wanted to for example create a packet generator, it allows you to modify your MAC address supposing you wish to use more than one network address...
modifying the IP header is not standard programming behaviour, but there's a time and a place for everything.
Posted on 2002-11-01 19:07:37 by Homer
This is my study-notes on the header, ( I think the struct is correct, but I don't know if my comments are :grin: )


h_verlen db ? ; high 4 bytes:Ip Version number (version4?)
; low 4 bytes:Length of the header in dwords=5
tos db ? ; IP Type of service ( valid to write 0? )
total_len dw ? ; Length of the packet in dwords ?
ident dw ? ; unique identifier - no idea!!
flags dw ? ; bit 15 unused 14:dont fragment
12-0 offset to submessage
in message (this value*8=bytes length offset from start of submessage?)
ttl db ? ; Time to live ( how many seconds the datagram will live in cyber-space )
proto db ? ; Protocol number (TCP, UDP etc)
checksum dw ? ; IP checksum - no idea how it's calculated
source_ip dd ?
dest_ip dd ?


Evil: Did you mean the 'dont fragment' and 'fragment'-flags, when mentioning session flags?

If so, why would one want a package not be fragmented?
And why would one want to have several network-addresses?

Posted on 2002-11-01 19:34:00 by david
( Sorry for the formatting of the code LOL, I edited 3 times, without getting the tabs right, and the I of IPHEADER
got lost....crap!...strange how this site doesnt accept tabs)
Posted on 2002-11-01 19:57:58 by david
You have to paste tabs in. Usually it's easier to format with a text editor set to a monospace font, then copy+paste.
Posted on 2002-11-02 02:14:08 by eet_1024
Without getting myself a lynching from the moderators,

you might wish to create specifically-malformed packets and send them to a specific target machine. Certain networking security issues exist surrounding them.
I won't give examples in this thread but if you PM me I might elaborate a little more on what's possible through carefully constructed packets.
Posted on 2002-11-02 02:48:17 by Homer
Is your business and no one elses.

But when you take your uniquely formed packets to the internet, it becomes someones else's business too.

These kinds of packets are generated to create problems. And there should be a law prohibiting packets that don't match their true registered source IP from going out to the Internet.

Regards, P1
Posted on 2002-11-04 08:25:49 by Pone