使用winpcap定制TCP包发送
* I don’t know which version of winpcap needed by hping, so I wrote this code.
* Under winpcap 4.0.2, Dev-CPP 4.9.9.2, windows xp professional sp2
#include <string.h>
#include <winsock2.h>
#include <iphlpapi.h>
#include <unistd.h>
#include <pcap.h>
#include <remote-ext.h>
#define IP_PROTO 0×0800
char LocalIP[20] = { 0 };
char InterfaceName[256] = { 0 };
char GatewayIP[20] = { 0 };
BYTE GatewayMac[6];
typedef struct et_header
{
unsigned char eh_dst[6];
unsigned char eh_src[6];
unsigned short eh_type;
}ET_HEADER;
typedef struct ip_hdr
{
unsigned char h_verlen;
unsigned char tos;
unsigned short total_len;
unsigned short ident;
unsigned short frag_and_flags;
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP;
unsigned int destIP;
}IP_HEADER;
typedef struct tcp_hdr
{
unsigned short th_sport;
unsigned short th_dport;
unsigned int th_seq;
unsigned int th_ack;
unsigned char th_lenres;
unsigned char th_flag;
unsigned short th_win;
unsigned short th_sum;
unsigned short th_urp;
}TCP_HEADER;
typedef struct tsd_hdr
{
unsigned long saddr;
unsigned long daddr;
char mbz;
char ptcl;
unsigned short tcpl;
}PSD_HEADER;
unsigned short CheckSum(unsigned short * buffer, int size)
{
unsigned long cksum = 0;
while (size > 1)
{
cksum += *buffer++;
size -= sizeof(unsigned short);
}
if (size)
{
cksum += *(unsigned char *) buffer;
}
cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >> 16);
return (unsigned short) (~cksum);
}
/*
void GetLocalIP( )
{
WORD wVersionRequested;
WSADATA wsaData;
char name[255];
PHOSTENT hostinfo;
wVersionRequested = MAKEWORD( 2, 0 );
if( WSAStartup( wVersionRequested, &wsaData ) == 0 )
{
if( gethostname( name, sizeof(name) ) == 0 )
{
if( (hostinfo = gethostbyname(name) ) != NULL )
{
strcpy( LocalIP, inet_ntoa( *(struct in_addr*)*hostinfo->h_addr_list ) );
}
}
}
WSACleanup( );
}
*/
int GetDevices( )
{
pcap_if_t *alldevs;
pcap_if_t *d;
int i = 0;
char errbuf[PCAP_ERRBUF_SIZE];
/* 获取本地机器设备列表 */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL /* auth is not needed */, &alldevs, errbuf) == -1)
{
fprintf(stderr,”Error in pcap_findalldevs_ex: %s\n“, errbuf);
exit(1);
}
/* 打印列表 */
for( d = alldevs; d != NULL; d = d->next )
{
printf(”%d. %s“, ++i, d->name);
if (d->description)
{
printf( “ (%s)“, d->description );
}
if( d->addresses != NULL )
{
if( d->addresses->addr->sa_family == AF_INET )
{
printf( “: %s\n“, inet_ntoa( ((struct sockaddr_in *)d->addresses->addr)->sin_addr ) );
}
else
{
printf( “\n” );
}
}
else
{
printf(” (No description available)\n“);
}
}
if (i == 0)
{
printf(”\nNo interfaces found! Make sure WinPcap is installed.\n“);
return -1;
}
printf( “\nPlease choose the index of your NetAdapter:” );
int AdapterIndex = 1;
scanf( “%d“, &AdapterIndex );
if( AdapterIndex > i )
{
printf( “网卡选错啦\n” );
return -1;
}
d = alldevs;
for( int index = 1; index < AdapterIndex; index ++ )
{
d = d->next;
}
if( d->name == NULL || d->addresses == NULL )
{
printf( “网卡选错啦\n” );
return -1;
}
strcpy( InterfaceName, d->name );
strcpy( LocalIP, inet_ntoa( ((struct sockaddr_in *)d->addresses->addr)->sin_addr ) );
/* 不再需要设备列表了,释放它 */
pcap_freealldevs(alldevs);
return 1;
}
int GetGateWayMac( )
{
PIP_ADAPTER_INFO AdapterInfo;
ULONG OutBufLen = sizeof(IP_ADAPTER_INFO);
AdapterInfo = (IP_ADAPTER_INFO *)malloc(sizeof (IP_ADAPTER_INFO));
if( AdapterInfo == NULL )
{
printf(”Error allocating memory needed to call GetAdaptersinfo\n“);
return -1;
}
if( GetAdaptersInfo( AdapterInfo, &OutBufLen ) == ERROR_BUFFER_OVERFLOW )
{
free( AdapterInfo );
AdapterInfo = (IP_ADAPTER_INFO *)malloc( OutBufLen );
if( AdapterInfo == NULL )
{
printf(”Error allocating memory needed to call GetAdaptersinfo\n“);
return -1;
}
}
if( GetAdaptersInfo( AdapterInfo, &OutBufLen ) == NO_ERROR )
{
PIP_ADAPTER_INFO a = AdapterInfo;
BOOL Found = FALSE;
while( a )
{
if( strcmp(a->IpAddressList.IpAddress.String, LocalIP) == 0 )
{
strcpy( GatewayIP, a->GatewayList.IpAddress.String );
Found = TRUE;
break;
}
a = a->Next;
}
if( !Found )
{
printf( “Get gateway’s ip error.\n” );
free( AdapterInfo );
return -1;
}
else
{
free( AdapterInfo );
}
}
else
{
printf( “Get gateway’s ip error.\n” );
free( AdapterInfo );
return -1;
}
BYTE Mac[6];
ULONG MacLen = 6;
SendARP( inet_addr(GatewayIP), 0, (PULONG)&Mac, &MacLen );
memcpy( GatewayMac, Mac, MacLen );
/*
for( int index = 0; index < MacLen; index ++ )
{
printf( “%d: %02x\n”, index, Mac[index] );
}
printf( “\n%d\n”, MacLen );
*/
}
void Usage( char *me )
{
printf( “Make tcp package 0.1, code by yunshu\n” );
printf( “%s: targetip targetport [flag]\n“, me );
printf( “flag: \n” );
printf( “ u|U set urg flag.\n” );
printf( “ a|A set ack flag.\n” );
printf( “ p|P set push flag.\n” );
printf( “ r|R set rst flag.\n” );
printf( “ s|S set syn flag.\n” );
printf( “ f|F set fin flag.\n” );
printf( “ default is syn flag, and you can use sa to set syn+ack, and more…\n” );
}
int main( int argc, char *argv[] )
{
ET_HEADER EtHeader;
IP_HEADER IpHeader;
TCP_HEADER TcpHeader;
PSD_HEADER PsdHeader;
u_char Buffer[sizeof(ET_HEADER) + sizeof(IP_HEADER) + sizeof(TCP_HEADER)] = { 0 };
if( (argc != 3) && (argc != 4) )
{
Usage( argv[0] );
exit( -1 );
}
int Flag = 2;
if( argc == 4 )
{
Flag = 0;
if( strchr(argv[3], ‘U’) || strchr(argv[3], ‘u’) )
{
Flag = Flag | 32;
}
if( strchr(argv[3], ‘A’) || strchr(argv[3], ‘a’) )
{
Flag = Flag | 16;
}
if( strchr(argv[3], ‘P’) || strchr(argv[3], ‘p’) )
{
Flag = Flag | 8;
}
if( strchr(argv[3], ‘R’) || strchr(argv[3], ‘r’) )
{
Flag = Flag | 4;
}
if( strchr(argv[3], ‘S’) || strchr(argv[3], ’s’) )
{
Flag = Flag | 2;
}
if( strchr(argv[3], ‘F’) || strchr(argv[3], ‘f’) )
{
Flag = Flag | 1;
}
}
//GetLocalIP( );
if( -1 == GetDevices( ) )
{
exit( -1 );
}
//printf( “Adapter is %s, ip is %s\n”, InterfaceName, LocalIP );
if( -1 == GetGateWayMac( ) )
{
exit( -1 );
}
//printf( “Gateway IP is %s\n”, GatewayIP );
//printf( “Gateway Mac is %x\n”, *GatewayMac );
memcpy( EtHeader.eh_dst, GatewayMac, 6 );
memset( EtHeader.eh_src, 0xa, 6 );
EtHeader.eh_type = htons( IP_PROTO );
IpHeader.h_verlen = (4<<4 | sizeof(IpHeader)/sizeof(unsigned int));
IpHeader.tos = 0;
IpHeader.total_len = htons(sizeof(IpHeader)+sizeof(TcpHeader));
IpHeader.ident = 1;
IpHeader.frag_and_flags = 0×40;
IpHeader.ttl = 128;
IpHeader.proto = IPPROTO_TCP;
IpHeader.checksum = 0;
IpHeader.sourceIP = inet_addr( LocalIP );
IpHeader.destIP = inet_addr( argv[1] );
TcpHeader.th_sport = htons( rand()%60000 + 1024 );
TcpHeader.th_dport = htons( atoi(argv[2]) );
TcpHeader.th_seq = htonl( rand()%900000000 + 100000 );
TcpHeader.th_ack = 0;
TcpHeader.th_lenres = (sizeof(TcpHeader)/4<<4|0);
TcpHeader.th_flag = Flag;
TcpHeader.th_win = htons(512);
TcpHeader.th_sum = 0;
TcpHeader.th_urp = 0;
PsdHeader.saddr = inet_addr( LocalIP );
PsdHeader.daddr = IpHeader.destIP;
PsdHeader.mbz = 0;
PsdHeader.ptcl = IPPROTO_TCP;
PsdHeader.tcpl = htons(sizeof(TcpHeader));
memcpy( Buffer, &PsdHeader, sizeof(PsdHeader) );
memcpy( Buffer + sizeof(PsdHeader), &TcpHeader, sizeof(TcpHeader) );
TcpHeader.th_sum = CheckSum( (unsigned short *)Buffer, sizeof(PsdHeader) + sizeof(TcpHeader) );
memset( Buffer, 0, sizeof(Buffer) );
memcpy( Buffer, &IpHeader, sizeof(IpHeader) );
IpHeader.checksum = CheckSum( (unsigned short *)Buffer, sizeof(IpHeader) );
memset( Buffer, 0, sizeof(Buffer) );
memcpy( Buffer, (void *)&EtHeader, sizeof(ET_HEADER) );
memcpy( Buffer + sizeof(ET_HEADER), (void *)&IpHeader, sizeof(IP_HEADER) );
memcpy( Buffer + sizeof(ET_HEADER) + sizeof(IP_HEADER), (void *)&TcpHeader, sizeof(TCP_HEADER) );
char errbuf[PCAP_ERRBUF_SIZE] = { 0 };
pcap_t *fp;
if ( (fp= pcap_open( InterfaceName, 100, PCAP_OPENFLAG_PROMISCUOUS, 100, NULL, errbuf ) ) == NULL )
{
fprintf(stderr,”\nUnable to open the adapter. %s is not supported by WinPcap\n“, InterfaceName );
return -1;
}
if ( pcap_sendpacket( fp, Buffer, sizeof(Buffer) ) != 0 )
{
fprintf(stderr,”\nError sending the packet: \n“, pcap_geterr(fp));
return -1;
}
printf( “send ok!\nData is:\n” );
for( int i = 0; i < sizeof(Buffer); i ++ )
{
printf( “%02x “, Buffer );
}
return 0;
}
转载于:https://blog.51cto.com/foxhack/77007
使用winpcap定制TCP包发送相关推荐
- TCP,UDP发送数据包大小浅析
MTU最大传输单元,这个最大传输单元实际上和链路层协议有着密切的关系,EthernetII帧的结构DMAC+SMAC+Type+Data+CRC由于以太网传输电气方面的限制,每个以太网帧都有最小的大小 ...
- Winpcap进行抓包,分析数据包结构并统计IP流量
2020年华科计算机网络实验 文末有完整代码,仅限参考 一.实验目的 随着计算机网络技术的飞速发展,网络为社会经济做出越来越多的贡献,可以说计算机网络的发展已经成为现代社会进步的一个重要标志.但同时, ...
- Windows下底层数据包发送实战
为什么80%的码农都做不了架构师?>>> 1.简介 所谓"底层数据包"指的是在"运行"于数据链路层的数据包,简单的说就是"以太 ...
- scapy定制数据包详解
今天继续给大家介绍渗透测试相关知识,本文主要内容是scapy定制数据包详解. 免责声明: 本文所介绍的内容仅做学习交流使用,严禁利用文中技术进行非法行为,否则造成一切严重后果自负! 一.scapy介绍 ...
- 利用 socket 获取 tcp 包并解析的问题。
服务器端代码如下:(Java Servlet 实现) protected void doPost(HttpServletRequest request, HttpServletResponse res ...
- Linux内核网络数据包发送(四)——Linux netdevice 子系统
Linux内核网络数据包发送(四)--Linux netdevice 子系统 1. 前言 2. `dev_queue_xmit` and `__dev_queue_xmit` 2.1 `netdev_ ...
- Linux内核网络数据包发送(二)——UDP协议层分析
Linux内核网络数据包发送(二)--UDP协议层分析 1. 前言 2. `udp_sendmsg` 2.1 UDP corking 2.2 获取目的 IP 地址和端口 2.3 Socket 发送:b ...
- Linux内核网络数据包发送(一)
Linux内核网络数据包发送(一) 1. 前言 2. 数据包发送宏观视角 3. 协议层注册 4. 通过 socket 发送网络数据 4.1 `sock_sendmsg`, `__sock_sendms ...
- TCP报文格式和三次握手——三次握手三个tcp包(header+data),此外,TCP 报文段中的数据部分是可选的,在一个连接建立和一个连接终止时,双方交换的报文段仅有 TCP 首部。...
from:https://blog.csdn.net/mary19920410/article/details/58030147 TCP报文是TCP层传输的数据单元,也叫报文段. 1.端口号:用来标识 ...
最新文章
- 解决“错误 D8016 “/ZI”和“/Gy-”命令行选项不兼容 ”问题
- JavaScript面向对象中的严格模式
- swift如何打印对象的地址
- 通过FPGA将图片信息通过RS232串口发送到PC端,使用MATLAB进行图片显示
- 微服务架构之外的选择——基于服务架构
- NYOJ 269 VF
- mysql某一列之前加一个球_MySQL作业:三色球,概率题,子查询【诗书画唱】
- 【题解】 bzoj1503: [NOI2004]郁闷的出纳员 (Splay)
- c++ 协程_Python3 协程(coroutine)介绍
- MySQL group-by-modifiers
- 什么软件可以测试电脑硬件兼容性,Windows 7常用48款软件兼容性测试
- 拿什么来拯救你,电视!
- Mac SecureCRT 下载、安装详细步骤
- RM遥控器接收程序的分析
- Excel闪退问题解决
- html 项目考勤展示页面,打卡页面.html
- 国家开放大学计算机网络技术毕业设计,精编国家开放大学毕业论文:购物网站设计...
- AngularJS页面【uib-dropdown】控件在模态窗口(弹出窗)中无法使用问题
- windows 7 下让 Delphi 2010 开发的程序具备UAC管理员权限
- 王树森:学 DRL 走过的弯路太多,想让大家避开