/************************************
*自定义发IP包例子(TCP/IP包发送)
*给目标主机的端口发送一个 syn请求,
*注意目标主机的信息会发给发送IP地址的主机
*这说明TCP/IP协议本身有IP期骗的漏洞
*这种方运可以自己写成特殊的基于IP协议上层的自定义协议
************************************/
#include <stdio.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <netinet/ip.h> //ip
#include <netinet/tcp.h> //tcp
#include <stdlib.h>
//发送端IP
char
srcip[]=
"100.100.100.100"
;
//目标端IP
char
dstip[]=
"192.168.11.220"
;
//发送端IP端口
int
srcport=25;
//目标IP端口
int
dstport=99;
//以下是从ip.h和tcp.h取的,但BSD和LINUX用的名称有些不一样主要是TCP不一样
typedef
struct
_IP
{
#if __BYTE_ORDER == __LITTLE_ENDIAN
unsigned
int
ip_hl:4;
//little-endian IP头长度(单位为32位)4位
unsigned
int
ip_v:4;
//版本号4 IP4用4
#endif
#if __BYTE_ORDER == __BIG_ENDIAN
unsigned
int
ip_v:4;
// version
unsigned
int
ip_hl:4;
// header length
#endif
u_int8_t ip_tos;
//服务类型 一般为0
u_short ip_len;
//数据总长度 (单位为32位)
u_short ip_id;
//标识16
u_short ip_off;
//分段偏移
#define IP_RF 0x8000 // reserved fragment flag //标志
#define IP_DF 0x4000 // dont fragment flag
#define IP_MF 0x2000 // more fragments flag
#define IP_OFFMASK 0x1fff // mask for fragmenting bits
u_int8_t ip_ttl;
//生存时间
u_int8_t ip_p;
//传输协议 tcp是6
u_short ip_sum;
//头校验和
struct
in_addr ip_src, ip_dst;
// 源地址 目标地址
}IP;
typedef
struct
_TCPHeader
{
u_int16_t source;
// 源端口
u_int16_t dest;
// 目的端口
tcp_seq seq;
// 序号
tcp_seq ack_seq;
// 确认号 收到的TCP信息的序号+1
#if __BYTE_ORDER == __LITTLE_ENDIAN
u_int16_t res1:4;
//保留
u_int16_t doff:4;
//保留
u_int16_t fin:1;
//标志 结束
u_int16_t syn:1;
//标志 同步
u_int16_t rst:1;
//标志 重置
u_int16_t psh:1;
//标志 入栈
u_int16_t ack:1;
//标志 确认
u_int16_t urg:1;
//标志 紧急
u_int16_t res2:2;
#elif __BYTE_ORDER == __BIG_ENDIAN
u_int16_t doff:4;
u_int16_t res1:4;
u_int16_t res2:2;
u_int16_t urg:1;
u_int16_t ack:1;
u_int16_t psh:1;
u_int16_t rst:1;
u_int16_t syn:1;
u_int16_t fin:1;
#else
#error "Adjust your <bits/endian.h> defines"
#endif
u_int16_t window;
//窗口
u_int16_t check;
//校验和
u_int16_t urg_ptr;
//紧急指针
}TCPHeader;
//校验和函数 ip头
unsigned
short
IPCheakSum (unsigned
short
*packet,
int
packlen)
{
register
unsigned
long
sum = 0;
while
(packlen > 1) {
sum+= *(packet++);
packlen-=2;
}
if
(packlen > 0)
sum += *(unsigned
char
*)packet;
while
(sum >> 16)
sum = (sum & 0xffff) + (sum >> 16);
return
(unsigned
short
) ~sum;
}
//校验和函数 tcp头
unsigned
short
TCPCheckSum (unsigned
char
*iphdr, unsigned
short
*packet,
int
packlen)
{
unsigned
short
*buf;
unsigned
short
res;
buf =
malloc
(packlen+12);
if
(buf == NULL)
return
0;
memcpy
(buf,iphdr+12,8);
//源IP地址和目标IP地址
*(buf+4)=htons((unsigned
short
)(*(iphdr+9)));
*(buf+5)=htons((unsigned
short
)packlen);
memcpy
(buf+6,packet,packlen);
res = IPCheakSum(buf,packlen+12);
free
(buf);
return
res;
}
int
main()
{
int
sock, bytes_send, fromlen,n,id,s;
unsigned
char
buffer[65535];
sockaddr_in toaddr;
IP *ip;
TCPHeader *tcp;
for
(n=0;n<60000;n++ )
{
buffer[n]=0;
}
//发送地址
toaddr.sin_family =AF_INET;
// inet_aton("192.168.11.38",&toaddr.sin_addr); //字符串转入地址
inet_aton(dstip,&toaddr.sin_addr);
//字符串转入地址
//建立原始TCP包方式IP+TCP信息包
sock = socket(AF_INET, SOCK_RAW,IPPROTO_RAW);
//IP方式
// sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if
(sock>0) {
printf
(
"socket ok\n"
);}
else
{
printf
(
"socket error \n"
);}
n=1;
if
(setsockopt(sock, IPPROTO_IP, IP_HDRINCL, &n,
sizeof
(n)) < 0) {
printf
(
"2"
);
perror
(
"IP_HDRINCL"
);
exit
(1);
}
ip=(
struct
ip *)buffer;
ip->ip_id=0x9911;
ip->ip_v=4;
ip->ip_hl=5;
ip->ip_ttl=36;
ip->ip_p=6;
//tcp 为6
ip->ip_len=htons(60);
inet_aton(dstip,&ip->ip_dst);
// inet_aton("192.168.11.38",&ip->ip_dst);
tcp = (
struct
tcphdr *)(buffer + (4*ip->ip_hl));
tcp->source=htons(srcport);
//源端口
tcp->dest=htons(dstport);
tcp->seq=htons(0x9990);
tcp->doff=0x15;
tcp->ack_seq=0;
tcp->syn=1;
tcp->window=htons(0x20);
inet_aton(srcip,&ip->ip_src);
// ip->ip_src.s_addr=htonl(0x09010101+n);
tcp->check=0x0;
tcp->check=TCPCheckSum((unsigned
char
*)buffer, (unsigned
short
*)tcp,40);
ip->ip_sum=0;
ip->ip_sum=IPCheakSum((unsigned
short
*)buffer,20);
bytes_send=sendto(sock,buffer,60,0,(
struct
sockaddr *)&toaddr,
sizeof
(toaddr));
if
(bytes_send>0)
{
printf
(
"OK bytes_send %d \n"
,bytes_send);
printf
(
"IP_source address ::: %s \n"
,inet_ntoa(ip->ip_src));
printf
(
"IP_dest address ::: %s \n"
,inet_ntoa(ip->ip_dst));
}
}
|
本文转自静默虚空博客园博客,原文链接:http://www.cnblogs.com/jingmoxukong/articles/2119536.html,如需转载请自行联系原作者
