/* Poison one target list */
void repoison_victims(void *group_ptr, struct packet_object *po)
{
struct hosts_list *t;
LIST_HEAD(, hosts_list) *group_head = group_ptr;
LIST_FOREACH(t, group_head, next) {
ec_usleep(MILLI2MICRO(GBL_CONF->arp_storm_delay));
/* equal ip must be skipped, you cant poison itself */
if (!ip_addr_cmp(&t->ip, &po->L3.src))
continue;
if (!GBL_CONF->arp_poison_equal_mac)
/* skip even equal mac address... */
if (!memcmp(t->mac, po->L2.src, MEDIA_ADDR_LEN))
continue;
if (GBL_CONF->arp_poison_reply)
send_arp(ARPOP_REPLY, &po->L3.src, GBL_IFACE->mac, &t->ip, t->mac);
if (GBL_CONF->arp_poison_request)
send_arp(ARPOP_REQUEST, &po->L3.src, GBL_IFACE->mac, &t->ip, t->mac);
}
static void arp_reply(VCC *vcc,uint32_t src_ip,
struct sockaddr_atmsvc *src_addr,uint32_t tgt_ip,
struct sockaddr_atmsvc *tgt_addr)
{
diag(COMPONENT,DIAG_DEBUG,"sending ARP reply");
send_arp(vcc->fd,ARPOP_REPLY,src_ip,src_addr,tgt_ip,tgt_addr);
}
int
send_arp_request(unsigned char *src_pr_add, unsigned char *dst_pr_add)
{
int i;
struct rte_mbuf *new_mbuf = get_mbuf();
struct arp *arp_reply = (struct arp *)rte_pktmbuf_prepend (new_mbuf, sizeof(struct arp));
char mac[6];
// http://www.tcpipguide.com/free/t_ARPMessageFormat.htm
arp_reply->hw_type = htons(HW_TYPE_ETHERNET);
arp_reply->pr_type = htons(SW_TYPE_IPV4);
arp_reply->hw_len = HW_LEN_ETHER;
arp_reply->pr_len = PR_LEN_IPV4;
arp_reply->opcode = htons(1);
unsigned char dest_mac[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
uint32_t ip_add = GetIntAddFromChar(src_pr_add, 1);
struct Interface *temp = NULL;
temp = InterfaceList;
while(temp && ip_add != GetIntAddFromChar(temp->IP, 1)) {
temp = temp->Next;
}
if(temp == NULL) {
logger(ARP, NORMAL, "Arp request failed, address not hosted\n");
return 0;
}
logger(ARP, NORMAL, "IP found in interface list\n");
int status = GetInterfaceMac(temp->InterfaceNumber, mac);
memcpy(arp_reply->src_hw_add, mac, HW_LEN_ETHER);
memcpy(arp_reply->dst_hw_add, dest_mac, HW_LEN_ETHER);
memcpy(arp_reply->src_pr_add, src_pr_add, PR_LEN_IPV4);
memcpy(arp_reply->dst_pr_add, dst_pr_add, PR_LEN_IPV4);
send_arp(arp_reply);
}
int main(int argc, char *argv[])
{
int rslt = 0;
char x = 0x12;
fprintf(stdout, "net endian? %s\n", is_net_endian() ? "yes" : "no");
fprintf(stdout, "0x%08x : ", x);
hton(&x, sizeof(x));
fprintf(stdout, "0x%08x\n", x);
fprintf(stdout, "sizeof eth_head_st: %d\n", sizeof(eth_head_st));
fprintf(stdout, "sizeof arp_frame_st: %d\n", sizeof(arp_frame_st));
fprintf(stdout, "sizeof arp_packet_st: %d\n", sizeof(arp_packet_st));
do {
byte_t smac[MAC_ADDR_LEN] = {
//0x4E, 0x55, 0xBB, 0x27, 0x00, 0x08,
0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA,
};
byte_t sip[IP_ADDR_LEN] = {
//0x65, 0x38, 0xA8, 0xC0,
0x01, 0x38, 0xA8, 0xC0,
};
byte_t dmac[MAC_ADDR_LEN] = {
//0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0x4E, 0x55, 0xBB, 0x27, 0x00, 0x08,
};
byte_t dip[IP_ADDR_LEN] = {
0x65, 0x38, 0xA8, 0xC0,
};
send_arp(dmac, dip, smac, sip);
} while (0);
return rslt;
}
/* Build a gratuitous ARP message over a specific interface */
int send_gratuitous_arp(ip_address_t *ipaddress)
{
struct ether_header *eth = (struct ether_header *) garp_buffer;
arphdr_t *arph = (arphdr_t *) (garp_buffer + ETHER_HDR_LEN);
char *hwaddr = (char *) IF_HWADDR(ipaddress->ifp);
int len;
/* Ethernet header */
memset(eth->ether_dhost, 0xFF, ETH_ALEN);
memcpy(eth->ether_shost, hwaddr, ETH_ALEN);
eth->ether_type = htons(ETHERTYPE_ARP);
/* ARP payload */
arph->ar_hrd = htons(ARPHRD_ETHER);
arph->ar_pro = htons(ETHERTYPE_IP);
arph->ar_hln = ETHERNET_HW_LEN;
arph->ar_pln = IPPROTO_ADDR_LEN;
arph->ar_op = htons(ARPOP_REQUEST);
memcpy(arph->__ar_sha, hwaddr, ETH_ALEN);
memcpy(arph->__ar_sip, &ipaddress->u.sin.sin_addr.s_addr, sizeof(struct in_addr));
memset(arph->__ar_tha, 0xFF, ETH_ALEN);
memcpy(arph->__ar_tip, &ipaddress->u.sin.sin_addr.s_addr, sizeof(struct in_addr));
/* Send the ARP message */
len = send_arp(ipaddress);
/* Cleanup room for next round */
memset(garp_buffer, 0, sizeof(arphdr_t) + ETHER_HDR_LEN);
return len;
}
/* Reply to requests for our fake host */
static void parse_arp(struct packet_object *po)
{
struct ip_addr sa;
ip_addr_init(&sa, AF_INET, (char *)&(fake_ip.s_addr));
if (!ip_addr_cmp(&sa, &po->L3.dst))
send_arp(ARPOP_REPLY, &sa, GBL_IFACE->mac, &po->L3.src, po->L2.src);
}
static void inarp_for_itf(const VCC *vcc,const ITF *itf)
{
if (itf->local_ip) {
diag(COMPONENT,DIAG_DEBUG," for itf %d",itf->number);
assert(vcc->entry);
send_arp(vcc->fd,ARPOP_InREQUEST,itf->local_ip,NULL,0,
vcc->entry->svc ? vcc->entry->addr : NULL);
}
}
static void inarp_reply(VCC *vcc,uint32_t ip,struct sockaddr_atmsvc *addr)
{
ITF *itf;
diag(COMPONENT,DIAG_DEBUG,"sending InARP reply");
itf = lookup_itf_by_ip(ip);
if (!itf) {
diag(COMPONENT,DIAG_ERROR,"InARP request is unroutable");
return;
}
send_arp(vcc->fd,ARPOP_InREPLY,itf->local_ip,NULL,ip,addr);
}
int main(int argc, char *argv[])
{
char *device, *proto;
int opt=0;
while ((opt = getopt(argc, argv, "hp:i:")) != -1) {
switch (opt) {
case 'p':
proto = optarg;
break;
case 'h':
usage(argv[0]);
exit(EXIT_SUCCESS);
case 'i':
device = optarg;
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
printf("argc=%d | optind=%d\n", argc, optind);
if (optind != 5) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
/* decide which protocol to use */
if (strcmp(proto, "arp") == 0)
{
printf("Packet shaping using libnet 1.1: ARP [LINK IPv4]\n");
send_arp(device); /* Use ARP protocol */
}
else if (strcmp(proto, "icmp") == 0)
{
printf("Packet shaping using libnet 1.1: ICMPv4 [LINK IPv4]\n");
send_icmp(device); /* Use ICMPv4 protocol */
}
else
{
printf("Unknown protocol, please specify either arp, icmp.\n\n");
exit(EXIT_FAILURE);
}
return (EXIT_SUCCESS);
}
static void arp_request(ITF *itf,uint32_t ip)
{
VCC *vcc;
diag(COMPONENT,DIAG_DEBUG,"sending ARP request");
if (!itf->arp_srv) {
diag(COMPONENT,DIAG_ERROR,"no ARP server");
return;
}
for (vcc = itf->arp_srv->vccs; vcc; vcc = vcc->next)
if (!vcc->connecting) break;
if (!vcc) {
diag(COMPONENT,DIAG_ERROR,"ARP server has no usable VCC");
return;
}
send_arp(vcc->fd,ARPOP_REQUEST,itf->local_ip,NULL,ip,NULL);
}
int arp_attack(atklist_st *atklist){
int sockfd;
int index;
struct in_addr sender;
if (-1 == (sockfd = socket(AF_PACKET, SOCK_RAW, 0)))
error_exit("socket");
inet_aton(GATEWAY, &sender);
while (1) {
for (index = 0; index < atklist->atk_num; index ++) {
send_arp(sockfd, sender, atklist->atk_list[index]);
printf("%s\n", inet_ntoa(atklist->atk_list[index]));
usleep(50000);
}
// sleep(5);
}
close(sockfd);
return 0;
}
int
main(int argc, char *argv[])
{
int c;
char errbuf[256];
char *device = NULL;
struct libnet_link_int *l;
while ((c = getopt(argc, argv, "i:")) != EOF)
{
switch (c)
{
case 'i':
device = optarg;
break;
default:
exit(EXIT_FAILURE);
}
}
if (!device)
{
fprintf(stderr, "Specify a device\n");
exit(EXIT_FAILURE);
}
l = libnet_open_link_interface(device, errbuf);
if (!l)
{
fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf);
exit(EXIT_FAILURE);
}
c = send_arp(l, device);
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
/* Parse the arp packets and reply for the fake host */
static void parse_arp(struct packet_object *po)
{
if (!ip_addr_cmp(&fake_host, &po->L3.dst))
send_arp(ARPOP_REPLY, &po->L3.dst, GBL_IFACE->mac, &po->L3.src, po->L2.src);
}
int main(int argc, char** argv) {
unsigned long my_ip, my_netmask, my_prefix, network_len, cur_ip;
int my_index;
struct sockaddr sa;
int sock;
u_char hwaddr[MAC_ADDR_LEN];
char *ifname, *ifsend, *cindex;
char ch;
if (argc < 2) {
print_usage(usage);
}
while ((ch = getopt(argc, argv, "d")) != -1) {
switch(ch) {
case 'd':
opt_d = 1;
break;
case '?':
default:
goto args;
}
}
args: argc -= optind;
argv += optind;
if (opt_d && !argc) {
print_usage(usage);
}
// Sockets
sock = NEWSOCKET();
ioctl_sock = NEWSOCKET();
// Recv timeout
struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = 1;
setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&tv, sizeof(struct timeval));
if ((sock < 0) || (ioctl_sock < 0)) {
perror("Unable to create socket");
exit(1);
}
if (!(ifname = strdup(*argv)) || !(ifsend = strdup(*argv)))
die("Cannot duplicate interface name\n");
/*
* For an alias interface we use its data but we send
* the actual packet on corresponding real interface
*/
if ((cindex = strchr(ifsend, ':')))
*cindex = '\0';
if (opt_d) {
printf("Interface: %s\n", ifname);
}
sa.sa_family = AF_INET;
strcpy(sa.sa_data, ifsend);
get_hw_addr(hwaddr, ifname);
my_ip = get_ip_addr(ifname);
my_netmask = get_ip_mask(ifname);
my_index = get_interface_index(ifname);
my_prefix = my_ip & my_netmask;
network_len = my_netmask ^ 0xffffffff;
if (opt_d) {
printf("Prefix: %lu\n", my_prefix);
printf("Network length: %lu\n", network_len);
}
for (cur_ip = my_prefix + 1; cur_ip <= my_prefix + network_len; cur_ip++) {
if (cur_ip == my_ip) continue; // Skip gratuitous ARP
send_arp(sock, my_index, cur_ip, my_ip, hwaddr);
detect_sonos(sock);
}
exit(0);
}
int
main(int argc, char *argv[])
{
int c, amount;
char errbuf[256];
char *device = NULL;
struct link_int *l;
u_long ip;
amount = 20;
while ((c = getopt(argc, argv, "n:i:")) != EOF)
{
switch (c)
{
case 'i':
device = optarg;
break;
case 'n':
amount = atoi(optarg);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!device)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
if (argc <= optind)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
else if ((ip = libnet_name_resolve(argv[optind], 1)) == -1)
{
fprintf(stderr, "Cannot resolve IP address\n");
exit(EXIT_FAILURE);
}
l = libnet_open_link_interface(device, errbuf);
if (!l)
{
fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf);
exit(EXIT_FAILURE);
}
while (amount--)
{
c = send_arp(l, ip, device);
if (c == -1)
{
/* bail on the first error */
break;
}
}
printf("\n");
return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
int
main(int argc, char *argv[])
{
int c = -1;
char errbuf[LIBNET_ERRBUF_SIZE];
char* device;
char* ipaddr;
char* macaddr;
char* broadcast;
char* netmask;
u_int32_t ip;
u_char src_mac[6];
LTYPE* l;
int repeatcount = 1;
int j;
long msinterval = 1000;
int flag;
char pidfilenamebuf[64];
char *pidfilename = NULL;
CL_SIGNAL(SIGTERM, byebye);
CL_SIGINTERRUPT(SIGTERM, 1);
cl_log_set_entity(SENDARPNAME);
cl_log_enable_stderr(TRUE);
cl_log_set_facility(LOG_USER);
cl_inherit_logging_environment(0);
while ((flag = getopt(argc, argv, "i:r:p:")) != EOF) {
switch(flag) {
case 'i': msinterval= atol(optarg);
break;
case 'r': repeatcount= atoi(optarg);
break;
case 'p': pidfilename= optarg;
break;
default: fprintf(stderr, "%s\n\n", print_usage);
return 1;
break;
}
}
if (argc-optind != 5) {
fprintf(stderr, "%s\n\n", print_usage);
return 1;
}
/*
* argv[optind+1] DEVICE dc0,eth0:0,hme0:0,
* argv[optind+2] IP 192.168.195.186
* argv[optind+3] MAC ADDR 00a0cc34a878
* argv[optind+4] BROADCAST 192.168.195.186
* argv[optind+5] NETMASK ffffffffffff
*/
device = argv[optind];
ipaddr = argv[optind+1];
macaddr = argv[optind+2];
broadcast = argv[optind+3];
netmask = argv[optind+4];
if (!pidfilename) {
if (snprintf(pidfilenamebuf, sizeof(pidfilenamebuf), "%s%s",
PIDFILE_BASE, ipaddr) >=
(int)sizeof(pidfilenamebuf)) {
cl_log(LOG_INFO, "Pid file truncated");
return EXIT_FAILURE;
}
pidfilename = pidfilenamebuf;
}
if(write_pid_file(pidfilename) < 0) {
return EXIT_FAILURE;
}
#if defined(HAVE_LIBNET_1_0_API)
#ifdef ON_DARWIN
if ((ip = libnet_name_resolve((unsigned char*)ipaddr, 1)) == -1UL) {
#else
if ((ip = libnet_name_resolve(ipaddr, 1)) == -1UL) {
#endif
cl_log(LOG_ERR, "Cannot resolve IP address [%s]", ipaddr);
unlink(pidfilename);
return EXIT_FAILURE;
}
l = libnet_open_link_interface(device, errbuf);
if (!l) {
cl_log(LOG_ERR, "libnet_open_link_interface on %s: %s"
, device, errbuf);
unlink(pidfilename);
return EXIT_FAILURE;
}
#elif defined(HAVE_LIBNET_1_1_API)
if ((l=libnet_init(LIBNET_LINK, device, errbuf)) == NULL) {
cl_log(LOG_ERR, "libnet_init failure on %s: %s", device, errbuf);
unlink(pidfilename);
return EXIT_FAILURE;
}
if ((signed)(ip = libnet_name2addr4(l, ipaddr, 1)) == -1) {
cl_log(LOG_ERR, "Cannot resolve IP address [%s]", ipaddr);
unlink(pidfilename);
return EXIT_FAILURE;
}
#else
# error "Must have LIBNET API version defined."
#endif
if (!strcasecmp(macaddr, AUTO_MAC_ADDR)) {
if (get_hw_addr(device, src_mac) < 0) {
cl_log(LOG_ERR, "Cannot find mac address for %s",
device);
unlink(pidfilename);
return EXIT_FAILURE;
}
}
else {
convert_macaddr((unsigned char *)macaddr, src_mac);
}
/*
* We need to send both a broadcast ARP request as well as the ARP response we
* were already sending. All the interesting research work for this fix was
* done by Masaki Hasegawa <*****@*****.**> and his colleagues.
*/
for (j=0; j < repeatcount; ++j) {
c = send_arp(l, ip, (unsigned char*)device, src_mac
, (unsigned char*)broadcast, (unsigned char*)netmask
, ARPOP_REQUEST);
if (c < 0) {
break;
}
mssleep(msinterval / 2);
c = send_arp(l, ip, (unsigned char*)device, src_mac
, (unsigned char *)broadcast
, (unsigned char *)netmask, ARPOP_REPLY);
if (c < 0) {
break;
}
if (j != repeatcount-1) {
mssleep(msinterval / 2);
}
}
unlink(pidfilename);
return c < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
void
convert_macaddr (u_char *macaddr, u_char enet_src[6])
{
int i, pos;
u_char bits[3];
pos = 0;
for (i = 0; i < 6; i++) {
/* Inserted to allow old-style MAC addresses */
if (*macaddr == ':') {
pos++;
}
bits[0] = macaddr[pos++];
bits[1] = macaddr[pos++];
bits[2] = '\0';
enet_src[i] = strtol((const char *)bits, (char **)NULL, 16);
}
}
int tx_switch(struct cli_def *cli)
{
// These handles are only used when creating L3 and above packets.
libnet_t *l; // the context
libnet_ptag_t t2=0, t3=0, t4=0; // handles to layers
double cpu_time_used;
switch (mode)
{
case BYTE_STREAM:
send_eth();
break;
case ARP:
if (send_arp()==-1) return 0;
break;
case BPDU:
if (send_bpdu()==-1) return 0;
break;
case CDP:
if (send_cdp()==-1) return 0;
break;
case IP: // From now on a new much more modular method is used:
l = get_link_context();
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case ICMP:
tx.ip_proto = 1;
l = get_link_context();
t4 = create_icmp_packet(l); // t4 can be used for later header changes
if (t4==-1) return 0;
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case UDP:
tx.ip_proto = 17;
l = get_link_context();
t4 = create_udp_packet(l); // t4 can be used for later header changes
if (t4==-1) return 0;
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case TCP:
tx.ip_proto = 6;
l = get_link_context();
t4 = create_tcp_packet(l); // t4 can be used for later header changes
if (t4==-1) return 0;
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case DNS:
tx.ip_proto = 17;
l = get_link_context();
if (create_dns_packet()==-1) return 0;
t4 = create_udp_packet(l); // t4 can be used for later header changes
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case RTP:
tx.ip_proto = 17;
l = get_link_context();
if (create_rtp_packet()==-1) return 0;
cli_print(cli, "RTP mode! (count=%u, delay=%u usec)\n", tx.count, tx.delay);
t4 = create_udp_packet(l); // t4 can be used for later header changes
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case RX_RTP: // Receive RTP packets
rcv_rtp_init();
rcv_rtp();
break;
case SYSLOG:
tx.ip_proto = 17;
l = get_link_context();
if (create_syslog_packet()==-1) return 0;
t4 = create_udp_packet(l); // t4 can be used for later header changes
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case LLDP: // start with a new concept here
//l = get_link_context();
//(void) create_lldp_packet();
// // // printf("SIZE=%lu\n",sizeof(struct tx_struct));
break;
default:
cli_print(cli,"Unknown mode!\n");
return (1);
}
// ***** Re-init packet functions: *****
tx.ip_payload_s = 0;
tx.udp_len = 0;
tx.tcp_payload_s = 0;
tx.icmp_payload_s = 0;
tx.cdp_sum = 0;
mode = 0;
// **************************************
mz_stop = clock();
cpu_time_used = ((double) (mz_stop - mz_start)) / CLOCKS_PER_SEC;
if (cpu_time_used > 0)
{
total_d /= cpu_time_used;
cli_print(cli, "%.2f seconds (%.Lf packets per second)\n",cpu_time_used,total_d);
}
return 0;
}
int main()
{
pcap_t *adhandle;
pcap_if_t *alldevs; // 디바이스 목록 리스트
pcap_if_t *d; // 선택한 디바이스
hex_func(); // 대상의 아이피 구하기
char errbuf[PCAP_ERRBUF_SIZE];
int choice; // 디바이스 선택 번호
int i = 0;
// 디바이스 리스트 가져옴
if (pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
// 디바이스 리스트 출력
for (d = alldevs; d; d = d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n"); // 디바이스 출력 오류
}
// 디바이스 리스트 없을 시
if (i == 0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
// 디바이스 선택
printf("Enter the interface number (1-%d):", i);
scanf("%d", &choice);
// 이상한 값을 넣었나 안넣었나
if (choice < 1 || choice > i)
{
printf("\nInterface number out of range.\n");
// 반환
pcap_freealldevs(alldevs);
return -1;
}
// 선택한 장치로
for (d = alldevs, i = 0; i < choice - 1; d = d->next, i++);
Mac_Address(my.Mac, my.IP); // 내 주소들 구하기
// 네트워크 디바이스 오픈
if ((adhandle = pcap_open_live(d->name, 65536, 1, 1000, errbuf)) == NULL) // 패킷 받을 준비
{
fprintf(stderr, "\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
// 반환
pcap_freealldevs(alldevs);
return -1;
}
// 주소수집(호스트)
send_arp(adhandle);
// 주소수집(게이트)
adhandle = pcap_open_live(d->name, 65536, 1, 1000, errbuf);
send_arp(adhandle);
// 공격(호스트)
adhandle = pcap_open_live(d->name, 65536, 1, 1000, errbuf);
send_arp_attack(adhandle);
// 공격(게이트)
adhandle = pcap_open_live(d->name, 65536, 1, 1000, errbuf);
send_arp_attack(adhandle);
// 반환
pcap_freealldevs(alldevs);
pcap_close(adhandle);
return 0;
}
void process_packet(uint8_t *user, const struct pcap_pkthdr *phdr, const uint8_t *packet) {
const struct ether_header *ehdr_ptr=NULL;
const struct arp_packet *ap=NULL;
if (phdr->caplen != phdr->len || phdr->caplen < sizeof(struct ether_header)) {
return;
}
ehdr_ptr=(const struct ether_header *)packet;
if (ntohs(ehdr_ptr->ether_type) != ETHERTYPE_ARP) {
return;
}
ap=(const struct arp_packet *)(packet + sizeof(struct ether_header));
if (phdr->caplen < (sizeof(struct ether_header) + sizeof(struct arp_packet))) {
fprintf(stderr, "Short packet!!!!\n");
return;
}
/* ethernet -> ip -> hwsize = 6 and ip size = 4 */
if (ntohs(ap->hw_type) == 1 && ap->protocol == 8 && ap->hwsize == 6 && ap->protosize == 4) {
#ifdef VERBOSE
char src[17], dst[17];
#endif
switch (ntohs(ap->opcode)) {
case 1:
/* arp request */
#ifdef VERBOSE
printf("Arp Request: Source Mac: ");
decode_mac(ap->smac);
printf(" Dest Mac: ");
decode_mac(ap->dmac);
/* hide the children, they will cry if they see this */
snprintf(src, sizeof(src) -1, "%s", inet_ntoa(*((const struct in_addr *)&ap->sip)));
snprintf(dst, sizeof(dst) -1, "%s", inet_ntoa(*((const struct in_addr *)&ap->dip)));
printf(" [ %s -> %s ]\n", src, dst);
#endif
if (bob.addr_cleared) {
if (ap->dip == bob.saddr) {
struct myetheraddr sea;
memset(&sea, 0, sizeof(sea));
memcpy(&(sea.octet[0]), &ap->smac[0], 6);
send_arp((struct myetheraddr *)&sea);
}
else {
}
}
break;
case 2: /* reply */
#ifdef VERBOSE
printf("Arp Reply: Source Mac: ");
decode_mac(ap->smac);
printf(" Dest Mac: ");
decode_mac(ap->dmac);
/* hide the children, they will cry if they see this */
snprintf(src, sizeof(src) -1, "%s", inet_ntoa(*((const struct in_addr *)&ap->sip)));
snprintf(dst, sizeof(dst) -1, "%s", inet_ntoa(*((const struct in_addr *)&ap->dip)));
printf(" [ %s -> %s ]\n", src, dst);
#endif
if (bob.addr_cleared == 0 && ap->sip == bob.saddr) {
bob.addr_cleared=-1;
}
break;
default:
break;
}
}
return;
}
int arp_claim (interface_t *iface, struct in_addr address)
{
struct arphdr *reply = NULL;
long timeout = 0;
unsigned char *buffer;
int retval = -1;
int nprobes = 0;
int nclaims = 0;
struct in_addr null_address;
if (! iface->arpable) {
logger (LOG_DEBUG, "interface `%s' is not ARPable", iface->name);
return (0);
}
logger (LOG_INFO, "checking %s is available on attached networks",
inet_ntoa (address));
if (! open_socket (iface, true))
return (0);
memset (&null_address, 0, sizeof (null_address));
buffer = xmalloc (sizeof (char *) * iface->buffer_length);
/* Our ARP packets are always smaller - hopefully */
reply = xmalloc (IP_MIN_FRAME_LENGTH);
while (1) {
struct timeval tv;
int bufpos = -1;
int buflen = sizeof (char *) * iface->buffer_length;
fd_set rset;
int bytes;
int s;
tv.tv_sec = 0;
tv.tv_usec = timeout;
FD_ZERO (&rset);
FD_SET (iface->fd, &rset);
errno = 0;
if ((s = select (FD_SETSIZE, &rset, NULL, NULL, &tv)) == -1) {
if (errno != EINTR)
logger (LOG_ERR, "select: `%s'", strerror (errno));
break;
} else if (s == 0) {
/* Timed out */
if (nprobes < NPROBES) {
nprobes ++;
timeout = PROBE_INTERVAL;
logger (LOG_DEBUG, "sending ARP probe #%d", nprobes);
send_arp (iface, ARPOP_REQUEST, null_address, NULL, address);
} else if (nclaims < NCLAIMS) {
nclaims ++;
timeout = CLAIM_INTERVAL;
logger (LOG_DEBUG, "sending ARP claim #%d", nclaims);
send_arp (iface, ARPOP_REQUEST, address, iface->hwaddr, address);
} else {
/* No replies, so done */
retval = 0;
break;
}
}
if (! FD_ISSET (iface->fd, &rset))
continue;
memset (buffer, 0, buflen);
while (bufpos != 0) {
union {
unsigned char *c;
struct in_addr *a;
} rp;
union {
unsigned char *c;
struct ether_addr *a;
} rh;
memset (reply, 0, IP_MIN_FRAME_LENGTH);
if ((bytes = get_packet (iface, (unsigned char *) reply,
buffer,
&buflen, &bufpos)) == -1)
break;
/* Only these types are recognised */
if (reply->ar_op != htons (ARPOP_REPLY))
continue;
/* Protocol must be IP. */
if (reply->ar_pro != htons (ETHERTYPE_IP))
continue;
if (reply->ar_pln != sizeof (struct in_addr))
continue;
if ((unsigned) bytes < sizeof (reply) +
2 * (4 + reply->ar_hln))
continue;
rp.c = (unsigned char *) ar_spa (reply);
rh.c = (unsigned char *) ar_sha (reply);
/* Ensure the ARP reply is for the address we asked for */
if (rp.a->s_addr != address.s_addr)
continue;
/* Some systems send a reply back from our hwaddress - weird */
if (reply->ar_hln == iface->hwlen &&
memcmp (rh.c, iface->hwaddr, iface->hwlen) == 0)
continue;
logger (LOG_ERR, "ARPOP_REPLY received from %s (%s)",
inet_ntoa (*rp.a),
hwaddr_ntoa (rh.c, reply->ar_hln));
retval = -1;
goto eexit;
}
}
eexit:
close (iface->fd);
iface->fd = -1;
free (buffer);
free (reply);
return (retval);
}
static void arp_nak(VCC *vcc,uint32_t src_ip,uint32_t tgt_ip,
struct sockaddr_atmsvc *tgt_addr)
{
diag(COMPONENT,DIAG_DEBUG,"sending ARP NAK");
send_arp(vcc->fd,ARPOP_NAK,tgt_ip,tgt_addr,src_ip,NULL);
}
int main(int argc, char **argv){
int err = 0;
char c;
uint32_t start_ip = 0, end_ip = 0;
int delay = 100;
struct option opts[] = {
{"start", 1, NULL, 's'},
{"end", 1, NULL, 'e'},
{"delay", 1, NULL, 'd'},
};
/**
* Get the options for the program
*/
while(((c = getopt_long(argc, argv, "s:S:e:E:d:D", opts, NULL)) != (char)-1) ){
switch(c){
case 's':
start_ip = ntohl((uint32_t)inet_addr(optarg));
break;
case 'e':
end_ip = ntohl((uint32_t)inet_addr(optarg));
break;
case 'd':
delay = atoi(optarg);
break;
default:
fprintf(stderr, "Unkown option %c\n", c);
printusage(argc, argv);
exit(1);
}
}
// set the interface to the last value
if(optind > 0 && optind < argc ){
strncpy(interface, argv[optind],IFNAMSIZ);
}else{
printusage(argc, argv);
return 1;
}
/**
* Check to see if running as root
*/
if(geteuid()) { // non root user
fprintf(stderr, "You must run this program as root! This is needed to open" \
" raw sockets and capture raw packets.\n");
return 1;
}
/**
* Done checking the inputs! Start the program logic
*/
// set the ip utility
if(sysarp_set(iplink_path,interface,0) < 0){
fprintf(stderr, "Error pausing the system ARP replies.\n");
err = 1; goto cleanup;
}
//debugging: printf("doing send_arp on %s with %u, %u, and %u\n", interface, start_ip, end_ip, delay);
printf("starting... ");
if( send_arp(interface, start_ip, end_ip, delay) < 0 ){
fprintf(stderr, "Error sending ARPs on the interface.\n");
err = 1; goto cleanup;
}
printf("done!\n");
cleanup:
if(sysarp_set(iplink_path,interface,1) < 0){
fprintf(stderr, "Could not resume the system ARP replies\n");
}
return err;
}
int main(int argc, char **argv)
{
// These handles are only used when creating L3 and above packets.
libnet_t *l; // the context
libnet_ptag_t t2=0, t3=0, t4=0; // handles to layers
double cpu_time_used;
reset();
if ( getopts(argc, argv) )
{
(void) fprintf(stderr, " Invalid command line parameters!\n");
help();
}
// Check whether hires timers are supported or not:
(void) check_timer();
signal(SIGINT, signal_handler); // to close all file pointers etc upon SIGINT
switch (mode)
{
case BYTE_STREAM:
send_eth();
break;
case ARP:
(void) send_arp();
break;
case BPDU:
(void) send_bpdu();
break;
case CDP:
(void) send_cdp();
break;
case IP: // From now on a new much more modular method is used:
l = get_link_context();
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case ICMP:
tx.ip_proto = 1;
l = get_link_context();
t4 = create_icmp_packet(l); // t4 can be used for later header changes
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case ICMP6:
tx.ip_proto = 58;
l = get_link_context();
t4 = create_icmp6_packet(l); // t4 can be used for later header changes
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (ipv6_mode)
update_ISUM(l, t4);
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case UDP:
tx.ip_proto = 17;
l = get_link_context();
t4 = create_udp_packet(l); // t4 can be used for later header changes
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (ipv6_mode)
update_USUM(l, t4);
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case TCP:
tx.ip_proto = 6;
l = get_link_context();
t4 = create_tcp_packet(l); // t4 can be used for later header changes
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (ipv6_mode)
update_TSUM(l, t4);
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case DNS:
tx.ip_proto = 17;
l = get_link_context();
(void) create_dns_packet();
t4 = create_udp_packet(l); // t4 can be used for later header changes
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case RTP:
tx.ip_proto = 17;
l = get_link_context();
if (!quiet) fprintf(stderr, " mz: RTP mode! (count=%u, delay=%u usec)\n\n", tx.count, tx.delay);
(void) create_rtp_packet();
t4 = create_udp_packet(l); // t4 can be used for later header changes
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case RX_RTP: // Receive RTP packets
rcv_rtp_init();
rcv_rtp();
break;
case SYSLOG:
tx.ip_proto = 17;
l = get_link_context();
(void) create_syslog_packet();
t4 = create_udp_packet(l); // t4 can be used for later header changes
t3 = create_ip_packet(l); // t3 can be used for later header changes
if (!quiet) complexity();
if (tx.packet_mode==0) // Ethernet manipulation features does NOT use ARP to determine eth_dst
t2 = create_eth_frame(l, t3, t4); // t2 can be used for later header changes
else
send_frame (l, t3, t4); // NOTE: send_frame also destroys context finaly
break;
case LLDP: // start with a new concept here
//l = get_link_context();
//(void) create_lldp_packet();
// // // printf("SIZE=%lu\n",sizeof(struct tx_struct));
fprintf(stderr, "LLDP is currently only supported via the interactive mode\n");
exit(1);
break;
default:
(void) fprintf(stderr," mz/main: unknown mode! Stop.\n");
return (1);
}
if (!quiet)
{
mz_stop = clock();
cpu_time_used = ((double) (mz_stop - mz_start)) / CLOCKS_PER_SEC;
if (cpu_time_used > 0)
{
total_d /= cpu_time_used;
fprintf(stderr, "%.2f seconds (%.Lf packets per second)\n",cpu_time_used,total_d);
}
else
{
fprintf(stderr, "\n");
}
}
return(0);
}