Is there a way to change the TCP header length to 4 bytes. Actually even just modify it.... Thanks

Here''s a question. If you change the TCP header, are you really still using TCP?

Would other TCP implementations recieve it?

Would TCP routers choke on it?

Am comunicating to some institution and they request that the tcp header be 4 bytes in length or if we wish to change it to 2 bytes in length.

Here is what they have requested from me. Tell me if it makes sense....


This is an example of a TCPIP message that I am using for some tests:

The TCPIP header is configured to be 4 bytes and is sent in HEX.

You may set the header to be sent to xxxxxxxx as 2 bytes, (and it may be sent as ASCII or BCD if required)


102.03.05 13:49:13 [ tcpip:15449]Message len: h0: 0 h1: 9e 158
102.03.05 13:49:13 [ tcpip:15449]TCPIP-tcp_dumpmsg-STATUS: Message Header
102.03.05 13:49:13 [ tcpip:15449]HEADER 0000 - 0003: 00 9e 00 00
102.03.05 13:49:13 [ tcpip:15449]TCPIP-tcp_dumpmsg-STATUS: Message Data
102.03.05 13:49:13 [ tcpip:15449]DATA 0000 - 0019: <0x16><0x01><0x01><0x00><0x
9e><0x00><0x00><0x00>4a<0x02><0x00><0x00><0x00><0x00><0x00><0x00><0x00><0x00><0x
00>
102.03.05 13:49:13 [ tcpip:15449]DATA 0020 - 0039: <0x00><0x00><0x01><0x00>r$d
<0x81><0x88><0xe0><0x80><0x10><0x10>Ef<0x16><0x00>P<0x00><0x01>
102.03.05 13:49:13 [ tcpip:15449]DATA 0040 - 0059: E<0x00><0x00><0x00><0x00><0
x00><0x00><0x01>5<0x00><0x03><0x05><0x13>R&<0x02>t<0x97><0x02><0x03>
102.03.05 13:49:13 [ tcpip:15449]DATA 0060 - 0079: X<0x12><0x00>`<0x00><0x10>Y
<0x06>D<0x15><0x18><0x06>D<0x17><0x99><0xf2><0xf0><0xf6><0xf3><0xf1>
102.03.05 13:49:13 [ tcpip:15449]DATA 0080 - 0099: <0xf3><0xf0><0xf2><0xf7><0x
f4><0xf9><0xf7><0xf2><0xf3><0xf7><0xf7>@@@@<0xf1><0xf2><0xf3><0xf9><0xf9>
102.03.05 13:49:13 [ tcpip:15449]DATA 0100 - 0119: <0xf9><0xf8><0xf8><0xf5><0x
f5>@@@@@<0xc2><0x81><0x95><0x83><0x96>@<0xd5><0x81><0x83><0x89>
102.03.05 13:49:13 [ tcpip:15449]DATA 0120 - 0139: <0x96><0x95><0x81><0x93>@<0
xd6><0x95><0xa3>K@@@@@<0xe3><0x96><0x99><0x96><0x95><0xa3>
102.03.05 13:49:13 [ tcpip:15449]DATA 0140 - 0157: <0x96>@@@@@@@<0xc2><0xd4><0
x09>x<0x05>q<0x00><0x00><0x00><0x07>



THIS IS WHAT WE ARE CURRENTLY RECEIVING FROM YOU (Only the first few bytes of the header are here as the comms driver fails to parse the full message.

102.03.01 15:38:53 [ tcpip:21431]tcp_get() header_value [0]
102.03.01 15:38:53 [ tcpip:21431]tcp_get() header_length [4]
102.03.01 15:38:53 [ tcpip:21431]@@@2 msg length without header length: [2672
]
102.03.01 15:38:53 [ tcpip:21431]TCPIP-tcp_get-STATUS: data length 26725 byte
is longer than the data buffer size: 2044 bytes. ACTION: set to zero.
102.03.01 15:38:53 [ tcpip:21431]TCPIP-tcp_dumpmsg-STATUS: Message Header
102.03.01 15:38:53 [ tcpip:21431]HEADER 0000 - 0003: 68 65 6c 6c
102.03.01 15:38:53 [ tcpip:21431]TCPIP-tcp_dumpmsg-STATUS: Message Data
102.03.01 15:38:53 [ tcpip:21431]@@@ tcp_get_hd msg length [2048]
102.03.01 15:38:53 [ tcpip:21431]TCPIP-tcp_read-STATUS: waiting to read data
rom connection...
102.03.01 15:38:58 [ tcpip:21431]Message len: h0: 6f h1: d 28429
102.03.01 15:38:58 [ tcpip:21431]@@@1 msg length including header length: [28


Edited by - ANSI2000 on March 5, 2002 5:01:15 PM

Edited by - ANSI2000 on March 5, 2002 5:01:51 PM

Edited by - ANSI2000 on March 5, 2002 5:03:21 PM

Are they using UDP and padding it?

If they aren''t using a standard TCP/IP protocol, then you''ll probably have to use Raw Sockets to form the packet you need.

Is this a routed environment or some PointToPoint?

I dont like what I hear

Am like 99% sure that it is not UDP... It is TCP/IP...
I figured I would have to go with RAW Sockets. But I want to avoid it at all costs If not have any good tuts on raw sockets and tcp/ip?

They are running on unix, so they probably wrote their own network drivers...
They say they can flip a switch or something and acomodate. What ever that means...

It's over the internet through a VPN, so routed I guess... They are fooking weird, because they want to use a VPN with publicly known I.Ps. Our netwrok admin kicked, bitched and screamed, but banks get the final word

Another thing like AP said... If it is a custom TCP/IP protocol, and it is a routed enviroment isn't there a risk of routers, hubs etc... miss enterpreting the packets?

Edited by - ANSI2000 on March 6, 2002 11:47:20 AM

if the tcp packet goes through the internet (and presumably a router), it MUST be a standard tcp packet. furthermore a vpn only encrypts and wrasp the packets, so technically your fake tcp packets dont have to follow normal protocal since they are wrapped by the vpn packets.

see the rfcs on tcp/ip and be elightened. sounds to me they are trying security through obscurity. if a standard tcp/ip implemnetation cant communicate, then something is wrong with THEIR driver.

I think they cleared up the situation a bit...

They have most probably written there own network drivers for Unix... They are telling me that there driver is expecting to see message length header before the actuall message. The message length header must be 4 bytes and low byte order (LSB)...

So if my message is 161 bytes long at the begining I must append the following...
0x00 0xA1 0x00 0x00

Though am still not getting back a response, I will make a test session with them and see what there tracer dumps...

Just remember, windows 95/98/ME doesn''t have raw sockets, and the NT family requires administrator privleges to use them in an app. If they really want nonstandard TCP, you''ll have to toss out 9X and write an NT service to get around the permissions problem.

If they''re habitual UNIX folks, they may not even be aware of this problem.

And to address your routing concern, a VPN is typically an IP tunneling protocol. So you''ve really got Their fake protocol sitting on IP sitting on PPP sitting on TCP sitting on IP. The VPN is wrapping up the packets, so the internet routers don''t see them, basically.

So this will probably work, but it''s really an ass backwards way to do things. They''re programmers probably have little or no grasp of why the TCP protocol is what it is.

This is work related stuff not game related... We run on 2000 developpers are all on Professional Edition and Servers well are Advanced Server...

The guys we are connecting to are a financial institution, running on UNIX and they do seem to "know" there stuff...

What made the case confusing is that the bank mentioned there communications driver is expecting to see a tcp header message length. It made it confusing since the name tcp header was used and I was expecting to have to modify the actual TCP/IP headers. What happens on the communications driver level above the TCP/IP level, the drivers they have expects to see that message length as 4 bytes low byte order before the actual data. Now the engineer of the bank also mentioned that most cards require this message length. Apparently our network card and drivers do not seem to be sending this message length... Either that or they wrote there own custome drivers, knowing they are UNIX people

The solution is to tack on the 4 extra bytes at the begining of the message and dump it through the socket...

?

Most card''s don''t require anything but the basic Ethernet specification, which most definately has nothing to do with network layer or higher stuff. (Like TCP.)