uint16_t buildICMP_h(libnet_t *l, uint32_t dip, uint8_t *PAYLOAD)
{
uint16_t seqn, id, bytes_w;
libnet_seed_prand(l);
id= (uint16_t)libnet_get_prand(LIBNET_PR16);
seqn =1;
icmp_t = libnet_build_icmpv4_echo(ICMP_ECHO,
0, 0, id, seqn, PAYLOAD, PAYLOAD_L, l, icmp_t);
if(icmp_t == -1)
{
fprintf(stderr,"libnet_build_ethernet() failed: %s\n",errbuf);
goto bad;
}
ip_t = libnet_autobuild_ipv4(
LIBNET_IPV4_H+LIBNET_ICMPV4_ECHO_H+PAYLOAD_L,
IPPROTO_ICMP, dip,l);
if(ip_t == -1)
{
fprintf(stderr,"libnet_autobuild_ipv4() failed: %s\n",errbuf);
goto bad;
}
bytes_w = libnet_write(l);
if(bytes_w == -1)
{
fprintf(stderr,"libnet_write() failed: %s\n",errbuf);
goto bad;
}
return 1;
bad:
return -1;
}
void sendsyns ()
{
libnet_t *l;
char errbuf[LIBNET_ERRBUF_SIZE];
u_long ip;
libnet_ptag_t tcp_pkt = LIBNET_PTAG_INITIALIZER;
libnet_ptag_t ip_pkt;
u_long dst_ip;
int count = 0;
char *payload = ""; // put your love note here.
u_short payload_s = strlen (payload);
int currentport = opts.low_port;
int build_header = 1;
/*
* pcap may be slow to initialize, so let's wait a second.
*/
sleep (1);
/*
* initialize libnet for raw IP packets. libnet will
* find an appropriate interface.
*/
l = libnet_init (LIBNET_RAW4, NULL, errbuf);
if (l == NULL) {
fprintf (stderr, "libnet_init failed: %s", errbuf);
exit (1);
}
/*
* get the IP address of the source interface
*/
ip = libnet_get_ipaddr4 (l);
if (-1 == ip) {
fprintf (stderr, "libnet_get_ipaddr4(l) failed: ");
fprintf (stderr, "%s\n", libnet_geterror (l));
exit (1);
}
dst_ip = libnet_name2addr4 (l, (u_char *) opts.target, LIBNET_RESOLVE);
if (-1 == dst_ip) {
fprintf (stderr, "libnet_name2addr4() failed: ");
fprintf (stderr, "%s\n", libnet_geterror (l));
exit (1);
}
/*
* Build and send a SYN packet, one for each port. The first time
* this loop is executed an IP packet will be constructed.
*/
printf ("scanning port %d through %d on %s\n",
opts.low_port,
opts.high_port, libnet_addr2name4 (dst_ip, LIBNET_DONT_RESOLVE));
while (currentport <= opts.high_port) {
/*
* Sleep a little... if we send packets too fast, some will get
* dropped.
*/
usleep (50);
/*
* Build the TCP packet with the SYN flag set. A payload is
* optional; for automated scans it is nice to include some text
* explaining why you are scanning (or ask first!). Fields with
* 0 will be calculated by libnet.
*/
tcp_pkt = libnet_build_tcp (opts.src_port, // source port
currentport++, // dest port
libnet_get_prand (LIBNET_PRu32), // seq
libnet_get_prand (LIBNET_PRu32), // ack
TH_SYN, // flags
libnet_get_prand (LIBNET_PRu16), // window size
0, // checksum
0, // urgent ptr
LIBNET_TCP_H + payload_s, // packet size
(u_char *) payload, // contents of packet
payload_s, // size of payload
l, // libnet handle
tcp_pkt); // libnet id
if (-1 == tcp_pkt) {
fprintf (stderr, "libnet_build_tcp() failed: ");
fprintf (stderr, "%s\n", libnet_geterror (l));
exit (1);
}
if (build_header) {
build_header = 0;
ip_pkt = libnet_autobuild_ipv4 (LIBNET_IPV4_H + LIBNET_TCP_H,
IPPROTO_TCP, dst_ip, l);
if (-1 == ip_pkt) {
fprintf (stderr, "libnet_autobuild_ipv4() failed: ");
fprintf (stderr, "%s\n", libnet_geterror (l));
}
}
/*
* Send it!
*/
count = libnet_write (l);
if (-1 == count) {
fprintf (stderr, "libnet_write() failed: ");
fprintf (stderr, "%s\n", libnet_geterror (l));
}
}
printf ("\n");
}
int main() {
libnet_t *l; /* libnet context */
char errbuf[LIBNET_ERRBUF_SIZE], ip_addr_str[16];
u_int32_t ip_addr;
u_int16_t id, seq;
int i;
l = libnet_init(LIBNET_RAW4, NULL, errbuf);
if ( l == NULL ) {
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
/* Generating a random id */
libnet_seed_prand(l);
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
/* Getting destination IP address */
printf("Destination IP address: ");
scanf("%15s",ip_addr_str);
ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);
if ( ip_addr == -1 ) {
fprintf(stderr, "Error converting IP address.\n");
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing 4 packets */
seq = 1;
for ( i = 0; i < 4; i++ ) {
/* Building the ICMP header */
if ( libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id,\
(seq + i), NULL, 0, l, 0) == -1 ) {
fprintf(stderr, "Error building ICMP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building the IP header */
if ( libnet_autobuild_ipv4(LIBNET_IPV4_H + \
LIBNET_ICMPV4_ECHO_H, IPPROTO_ICMP,\
ip_addr, l) == -1 ) {
fprintf(stderr, "Error building IP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
if ( libnet_write(l) == -1 )
fprintf(stderr, "Error writing packet: %s\n",\
libnet_geterror(l));
/* Clearing the packet */
/* Comment this to see what happens when you rebuild headers
* without calling libnet_clear_packet() */
libnet_clear_packet(l);
/* Waiting 1 second between each packet */
sleep(1);
}
libnet_destroy(l);
return 0;
}
int main()
{
libnet_t *handle;
char errbuf[LIBNET_ERRBUF_SIZE],ip_addr_str[16];
u_int32_t ip_addr;
u_int16_t id,seq;
char payload[] = "libnet :D";
int bytes_written;
handle = libnet_init(LIBNET_RAW4,NULL,errbuf);
if(handle == NULL)
{
fprintf(stderr,"libnet_init() failed: %s\n",errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(handle);
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
printf("Destination IP address: ");
scanf("%15s",ip_addr_str);
ip_addr = libnet_name2addr4(handle,ip_addr_str,LIBNET_DONT_RESOLVE);
if(ip_addr == -1)
{
fprintf(stderr,"Error converting IP address.\n");
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
seq = 1;
if(libnet_build_icmpv4_echo(ICMP_ECHO,0,0,id,seq,\
(u_int8_t *)payload,sizeof(payload),handle,0)==-1)
{
fprintf(stderr,"Error building ICMP header: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
if(libnet_autobuild_ipv4(LIBNET_IPV4_H + \
LIBNET_ICMPV4_ECHO_H + sizeof(payload),\
IPPROTO_ICMP,ip_addr,handle) == -1)
{
fprintf(stderr,"Error building IP header: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
bytes_written = libnet_write(handle);
if(bytes_written != -1)
printf("%d bytes written.\n",bytes_written);
else
fprintf(stderr,"Error writing packet: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
return 0;
}
u_int16_t get_sum(u_int8_t *payload, u_int32_t total_pload_size, u_int16_t id,
u_int16_t seq) {
/* Builds the ICMP header with the whole payload, gets
* the checksum from it and returns it (in host order). */
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t icmp_tag;
u_int8_t *packet;
u_int32_t packet_size;
u_int16_t *sum_p, sum;
u_int8_t dummy_dst[6] = {0, 0, 0, 0, 0, 0};
icmp_tag = LIBNET_PTAG_INITIALIZER;
/* Switching to advanced link mode */
/* Nothing should be built yet and all random numbers
* * should be already generated. */
libnet_destroy(l);
l = libnet_init(LIBNET_LINK_ADV, "eth0", errbuf);
if (l == NULL) {
fprintf(stderr, "libnet_init() failed (link_adv): %s\n", errbuf);
exit(EXIT_FAILURE);
}
/* Building the header */
icmp_tag = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id, seq, payload,
total_pload_size, l, icmp_tag);
if (icmp_tag == -1) {
fprintf(stderr, "Error building ICMP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building dummy IP header */
if (libnet_autobuild_ipv4(
(LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + total_pload_size),
IPPROTO_ICMP, 0, l) == -1) {
fprintf(stderr, "Error building dummy IP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building dummy Ethernet header */
if (libnet_autobuild_ethernet(dummy_dst, ETHERTYPE_IP, l) == -1) {
fprintf(stderr, "Error building dummy Ethernet header: %s\n",
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Pulling the packet */
if (libnet_adv_cull_packet(l, &packet, &packet_size) == -1) {
fprintf(stderr, "Error pulling the packet: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Grabbing the checksum */
/* We want the 37th and 38th bytes: eth header (14) + ip
* * header (20) + icmp type and code (2) = 36 */
sum_p = (u_int16_t *)(packet + 36);
sum = ntohs(*sum_p);
/* Freeing memory */
libnet_adv_free_packet(l, packet);
/* Clearing the header */
libnet_clear_packet(l);
/* Switching back to IPv4 raw socket mode */
libnet_destroy(l);
l = libnet_init(LIBNET_RAW4, "eth0", errbuf);
if (l == NULL) {
fprintf(stderr, "libnet_init() failed (raw4, 2nd call): %s\n", errbuf);
exit(EXIT_FAILURE);
}
return sum;
}
int
main(int argc, char **argv)
{
int c;
libnet_t *l;
u_long dst_ip;
libnet_ptag_t t;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 NTP packet shaping[raw -- autobuilding IP]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
dst_ip = 0;
while((c = getopt(argc, argv, "d:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(1);
}
break;
}
}
if (!dst_ip)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
/*
* Build the packet, remmebering that order IS important. We must
* build the packet from lowest protocol type on up as it would
* appear on the wire. So for our NTP packet:
*
* --------------------------------------------------------------------
* | IP | UDP | NTP |
* --------------------------------------------------------------------
* ^ ^ ^
* |-------------- | |
* libnet_build_ipv4()--| | |
* | |
* libnet_build_udp()-------| |
* |
* libnet_build_ntp()------------------------------|
*/
t = libnet_build_ntp(
LIBNET_NTP_LI_AC, /* leap indicator */
LIBNET_NTP_VN_4, /* version */
LIBNET_NTP_MODE_S, /* mode */
LIBNET_NTP_STRATUM_PRIMARY, /* stratum */
4, /* poll interval */
1, /* precision */
0xffff, /* delay interval */
0xffff, /* delay fraction */
0xffff, /* dispersion interval */
0xffff, /* dispersion fraction */
LIBNET_NTP_REF_PPS, /* reference id */
0x11, /* reference ts int */
0x22, /* reference ts frac */
0x33, /* originate ts int */
0x44, /* originate ts frac */
0x55, /* receive ts int */
0x66, /* receive ts frac */
0x77, /* transmit ts interval */
0x88, /* transmit ts fraction */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build NTP header: %s\n", libnet_geterror(l));
goto bad;
}
libnet_seed_prand(l);
t = libnet_build_udp(
libnet_get_prand(LIBNET_PRu16), /* source port */
123, /* NTP port */
LIBNET_UDP_H + LIBNET_NTP_H, /* UDP packet length */
0, /* checksum */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_autobuild_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_NTP_H,/* packet length */
IPPROTO_UDP,
dst_ip,
l);
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
fprintf(stderr, "l contains a %d byte packet\n", libnet_getpacket_size(l));
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte NTP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main() {
libnet_t *l; /* libnet context */
char errbuf[LIBNET_ERRBUF_SIZE], ip_addr_str[16];
u_int32_t ip_addr;
libnet_ptag_t icmp_tag, ip_tag;
u_int16_t id, seq;
int i;
l = libnet_init(LIBNET_RAW4, NULL, errbuf);
if ( l == NULL ) {
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
icmp_tag = ip_tag = LIBNET_PTAG_INITIALIZER;
/* Generating a random id */
libnet_seed_prand(l);
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
/* Getting destination IP address */
printf("Destination IP address: ");
scanf("%15s",ip_addr_str);
ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);
if ( ip_addr == -1 ) {
fprintf(stderr, "Error converting IP address.\n");
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building ICMP header */
seq = 1;
icmp_tag = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id, seq, NULL,\
0, l, 0);
if (icmp_tag == -1) {
fprintf(stderr, "Error building ICMP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building IP header */
ip_tag = libnet_autobuild_ipv4(LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H,\
IPPROTO_ICMP, ip_addr, l);
if (ip_tag == -1) {
fprintf(stderr, "Error building IP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing 4 packets */
for ( i = 0; i < 4; i++ ) {
/* Updating the ICMP header */
icmp_tag = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id,\
(seq + i), NULL, 0, l, icmp_tag);
if (icmp_tag == -1) {
fprintf(stderr, "Error building ICMP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
if ( libnet_write(l) == -1 )
fprintf(stderr, "Error writing packet: %s\n",\
libnet_geterror(l));
/* Waiting 1 second between each packet */
sleep(1);
}
libnet_destroy(l);
return 0;
}