使用winpcap定制TCP包发送

by: 云舒
2008-05-08
http://www.ph4nt0m.org
前些时候做DOS方面的测试，由于协议学得不够好，有些回应不记得，所以就首先想到用hping来定制一些包，看看远程主机的回应。结果下载 的hping死活都不发包，换了多个不同版本的winpcap都不行。一怒之下，决定自己写个简单的。首先想到的是perl来做，最后觉得一样要安装 winpcap还有很多别的模块，不如直接c来实现一下，来得更痛快。
需要说明一下的是，在以太网头那里我故意偷懒了，没有获取本机的MAC地址而是写了个错误的。所以给内网用户发包的话，能发出去，只是你收不到回应了，发给外网就没这个问题，这是因为同交换机下面靠MAC地址来定位的。
最后一点，这里所有的包，目的MAC地址都是写的MAC，通过网关把数据转发出去的。虽然同交换机下面可以直接通过MAC定位，但是我懒得判断，直接发送给网关再转发会比较简单。
/* Code By yunshu, 2008-05-08, Make tcp packet to send to remote server
* I don’t know which version of winpcap needed by hping, so I wrote this code.
* Under winpcap 4.0.2, Dev-CPP 4.9.9.2, windows xp professional sp2
*/
#include <stdio.h>
#include <string.h>
#include <winsock2.h>
#include <iphlpapi.h>
#include <unistd.h>
#include <pcap.h>
#include <remote-ext.h>
#define IP_PROTO    0×0800
char    LocalIP[20] = { 0 };
char    Inte易做图ceName[256] = { 0 };
char    GatewayIP[20] = { 0 };
BYTE    GatewayMac[6];
typedef struct et_header
{
    unsigned char   eh_dst[6];
    unsigned char   eh_src[6];
    unsigned short  eh_type;
}ET_HEADER;
typedef struct ip_hdr
{
    unsigned char       h_verlen;
    unsigned char       tos;
    unsigned short      total_len;
    unsigned short      ident;
    unsigned short      frag_and_flags;
    unsigned char       ttl;
    unsigned char       proto;
    unsigned short      checksum;
    unsigned int        sourceIP;
    unsigned int        destIP;
}IP_HEADER;
typedef struct tcp_hdr
{
    unsigned short    th_sport;
    unsigned short    th_dport;
    unsigned int    th_seq;
    unsigned int    th_ack;
    unsigned char    th_lenres;
    unsigned char    th_flag;
    unsigned short    th_win;
    unsigned short    th_sum;
    unsigned short    th_urp;
}TCP_HEADER;
typedef struct tsd_hdr
{
    unsigned long    saddr;
    unsigned long    daddr;
    char            mbz;
    char            ptcl;
    unsigned short    tcpl;
}PSD_HEADER;
unsigned short CheckSum(unsigned short * buffer, int size)
{
    unsigned long   cksum = 0;
    while (size > 1)
    {
        cksum += *buffer++;
        size -= sizeof(unsigned short);
    }
    if (size)
    {
        cksum += *(unsigned char *) buffer;
    }
    cksum = (cksum >> 16) + (cksum & 0xffff);
    cksum += (cksum >> 16);
    return (unsigned short) (~cksum);
}
/*
void GetLocalIP( )
{
    WORD        wVersionRequested;
    WSADATA        wsaData;
    char        name[255];
    PHOSTENT    hostinfo;  
    wVersionRequested = MAKEWORD( 2, 0 );
    if( WSAStartup( wVersionRequested, &wsaData ) == 0 )
    {
        if( gethostname( name, sizeof(name) ) == 0 )
        {
            if( (hostinfo = gethostbyname(name) ) != NULL )
            {
                strcpy( LocalIP, inet_ntoa( *(struct in_addr*)*hostinfo->h_addr_list ) );
            }
        }
    }
    WSACleanup(   );
}
*/
int GetDevices( )
{
    pcap_if_t    *alldevs;
    pcap_if_t    *d;
    int i = 0;
    char errbuf[PCAP_ERRBUF_SIZE];
    /* 获取本地机器设备列表 */
    if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL /* auth is not needed */, &alldevs, errbuf) == -1)
    {
        fprintf(stderr,”Error in pcap_findalldevs_ex: %s
“, errbuf);
        exit(1);
    }
    /* 打印列表 */
    for( d = alldevs; d != NULL; d = d->next )
    {
        printf(”%d. %s“, ++i, d->name);
        if (d->description)
        {
            printf( “ (%s)“, d->description );
        }
        if( d->addresses != NULL )
        {
            if( d->addresses->addr->sa_family == AF_INET )
            {
                printf( “: %s
“, inet_ntoa( ((struct sockaddr_in *)d->addresses->addr)->sin_addr ) );
            }
            else
            {
                printf( “
” );
            }
        }
        else
        {
            printf(” (No description available)
“);
        }
    }
    if (i == 0)
 

补充：综合编程 , 安全编程 ,

上一个：简单的加密方法:XOR
下一个：织梦密码的加密与解密程序