一、原理
众所周知,当调用close()时要经历四次挥手的过程FIN-ACK-FIN-ACK.当我们发送FIN帧给一个非监听的端口时,会有RST应答,反之,发给一个正在监听的端口时,不会有任何回应。这种扫描方式速度快、隐蔽性好,但是不能用在windows系统中。
二、实现方法及遇到的问题
跟SYN扫描方式差不多,直接上代码吧。
三、实现代码
头文件
#ifndef TCPFINSCAN_H_H
#define TCPFINSCAN_H_H
#include "mysock.h"
int finCnt;
static pthread_mutex_t fin_printf_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t fin_num_mutex = PTHREAD_MUTEX_INITIALIZER;
//extern pthread_mutex_t fin_printf_mutex;
//extern pthread_mutex_t fin_num_mutex;
void* tcpFinScanPort(void *arg);
void* tcpFinScanEach(void *arg);
void* tcpFinScanRecv(void *arg);
#endif
c文件
#include "tcpFinScan.h"
//u8 flag_port[65535];
//u8 flag_err;
void* tcpFinScanEach(void *arg)
{
int finfd;
uint ip_len, tcp_len, pseu_len, len;
struct ScanParam *ss = (struct ScanParam*)arg;
u8 sendBuf[200];
struct sockaddr_in destAddr;
struct PseudoHdr *pPseuH;
struct tcphdr *pTcp;
pPseuH = (struct PseudoHdr*)sendBuf;
pTcp = (struct tcphdr*)(sendBuf + sizeof(struct PseudoHdr));
// memset(&destAddr, 0, sizeof(destAddr));
destAddr.sin_family = AF_INET;
inet_pton(AF_INET, ss->destIP, &destAddr.sin_addr);
destAddr.sin_port = htons(ss->destPort);
finfd = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
if(finfd < 0)
{
pthread_mutex_lock(&fin_printf_mutex);
perror("fin socket");
pthread_mutex_unlock(&fin_printf_mutex);
}
/* pthread_mutex_lock(&fin_printf_mutex);
printf("each3:%d\n",