Skip to content
/ c-networking-suite Public

A custom implementation of classic network utilities (inspired by net-tools) built from scratch in C using Raw Sockets.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

diegolonio/c-networking-suite

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
arp_scanner
arp_scanner
 
 
include
include
 
 
ping
ping
 
 
port_scanner
port_scanner
 
 
src
src
 
 
tracert_route
tracert_route
 
 
udp
udp
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 

Repository files navigation

C Networking Suite - net-tools like toolkit developed from scratch using C language

A specialized toolkit for low-level network operations and packet engineering. This suite bypasses high-level abstractions to interact directly with the Linux Kernel's Data Link Layer through Raw Sockets (AF_PACKET).

Designed for environments where precision, minimal overhead, and zero-dependency architectures are critical, it provides a granular framework for traffic injection, network mapping, and protocol analysis.

Core Engine Architecture: redes

The backbone of the suite is a modular internal library (redes.c / redes.h) that provides low-level primitives for protocol manipulation and hardware interaction.

Key Technical Capabilities:

  • Kernel Interface Abstraction: Uses ioctl and ifreq structures to achieve zero-dependency hardware discovery, retrieving interface indices, physical addresses (MAC), and subnet configurations directly from the kernel.
  • RFC-Compliant Integrity: A bit-accurate implementation of the Internet Checksum algorithm (RFC 1071) for IP and transport layers, handling 16-bit word grouping and carry-around additions.
  • Ethernet Frame Engineering: Direct management of MAC headers, enabling manual control over source/destination physical addresses and EtherType field injection.
  • Layer 2 Filtering: Implementation of callback-based filtering logic to perform real-time packet discrimination and validation within the socket buffer.

Modular Toolbox

The suite is organized into specialized modules, each targeting a specific layer of the network stack:

Network Mapping (arp_scanner)

  • Operation: Performs asynchronous ARP broadcasting for rapid local network discovery.
  • Persistence: Integrated with SQLite3 for high-performance logging and historical analysis of IP-to-MAC mapping.
  • Architecture: Implements automated subnet probing logic to systematically verify host activity across the entire local segment.

Diagnostic Suite (ping_tool & tracert_tool)

  • Ping Engine: A high-precision implementation of ICMP Echo Request/Reply logic. It features manual ARP resolution for local/gateway routing and sub-millisecond RTT (Round Trip Time) calculation using gettimeofday.
  • Traceroute: Advanced path discovery via TTL (Time-To-Live) manipulation. It analyzes ICMP Type 11 (Time Exceeded) messages to map intermediate router nodes, handling dual-mode response filtering.

Port Analysis (port_scanner)

  • SYN Stealth Scanning: Implements "Half-Open" scanning by manually constructing TCP frames with the SYN flag set.
  • State Analysis: Instead of completing the 3-way handshake, the tool analyzes incoming SYN+ACK or RST+ACK flags to determine port status without establishing a full session, minimizing the footprint on target logs.

Custom Transport & DNS (udp_tool)

  • Raw Datagram Construction: Provides a framework for building UDP packets byte-by-byte, including manual assignment of Source/Dest ports and payload injection.
  • DNS over Raw Sockets: Demonstrates Application Layer interaction by manually constructing a DNS Query (Port 53) payload. The tool encapsulates the query in a custom UDP/IP/Ethernet stack, sends it to a resolver, and parses the raw response to extract the IP address of a target domain (e.g., www.ipn.mx).
  • Pseudo-Header Validation: Handles the calculation of the UDP Pseudo-Header checksum, a critical step often offloaded to NICs, ensuring packet validity at the receiving kernel stack.

Build System & Usage

The project utilizes a recursive build system. A Master Makefile in the root directory manages the compilation of all modules and centralizes the final binaries.

Compilation

# Build the entire suite (binaries will be placed in the root directory)
make

# Clean all object files and binaries
make clean

Deployment Requirements

Due to the direct interaction with network interfaces via AF_PACKET and SOCK_RAW, the binaries must be executed with elevated privileges (CAP_NET_RAW or sudo).

Usage Examples

1. ARP Scanner (Network Discovery)

Scans the local subnet and logs active hosts to the SQLite database.

sudo ./arp_scanner

2. Ping Tool (Connectivity Check)

Sends ICMP Echo requests to a target IP.

# Syntax: ./ping_tool -i <interface> -a <target_ip>
sudo ./ping_tool -i eth0 -a 8.8.8.8

3. Traceroute (Path Analysis)

Traces the route to a host using TTL manipulation.

# Syntax: ./tracert_tool -i <interface> -a <target_ip>
sudo ./tracert_tool -i wlan0 -a 1.1.1.1

4. Port Scanner (Security Audit)

Performs a SYN scan on a specific IP.

# Syntax: ./port_scanner -i <interface> -a <target_ip>
sudo ./port_scanner -i eth0 -a 192.168.1.50

5. UDP Tool (DNS Query Demo)

Sends a raw DNS query to a server to resolve a domain name.

# Syntax: ./udp_tool -i <interface> -a <dns_server_ip>
sudo ./udp_tool -i eth0 -a 8.8.8.8

About

A custom implementation of classic network utilities (inspired by net-tools) built from scratch in C using Raw Sockets.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Languages