Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include "pcap.h"
- #include <stdio.h>
- #include <winsock2.h>
- #include <string.h>
- #pragma comment (lib, "wpcap.lib")
- #pragma comment (lib, "ws2_32.lib" )
- int pkt_length; //패킷 총길이
- unsigned short in_checksum(unsigned short *ptr,int nbytes);
- void tcp_ip_parser(unsigned char *sample_packet);
- void capture_syn_packet(unsigned char *syn_packet, const unsigned char *src);
- struct ether_addr
- {
- unsigned char ether_addr_octet[6];
- };
- struct ether_header
- {
- struct ether_addr ether_dhost;
- struct ether_addr ether_shost;
- unsigned short ether_type;
- };
- struct pseudo_header{
- unsigned int source_address;
- unsigned int dest_address;
- unsigned char placeholder;
- unsigned char protocol;
- unsigned short tcp_length;
- };
- struct ip_header
- {
- unsigned char ip_header_len:4;
- unsigned char ip_version:4;
- unsigned char ip_tos;
- unsigned short ip_total_length;
- unsigned short ip_id;
- unsigned char ip_frag_offset:5;
- unsigned char ip_more_fragment:1;
- unsigned char ip_dont_fragment:1;
- unsigned char ip_reserved_zero:1;
- unsigned char ip_frag_offset1;
- unsigned char ip_ttl;
- unsigned char ip_protocol;
- unsigned short ip_checksum;
- // unsigned int ip_srcaddr;
- // unsigned int ip_destaddr;
- struct in_addr ip_srcaddr;
- struct in_addr ip_destaddr;
- };
- struct tcp_header
- {
- unsigned short source_port;
- unsigned short dest_port;
- unsigned int sequence;
- unsigned int acknowledge;
- unsigned char ns:1;
- unsigned char reserved_part1:3;
- unsigned char data_offset:4;
- unsigned char fin:1;
- unsigned char syn:1;
- unsigned char rst:1;
- unsigned char psh:1;
- unsigned char ack:1;
- unsigned char urg:1;
- unsigned char ecn:1;
- unsigned char cwr:1;
- unsigned short window;
- unsigned short checksum;
- unsigned short urgent_pointer;
- };
- void build_packet(unsigned char* packet);
- int packet_length;
- int packet_size;
- //packet data
- unsigned char packet[65536] = {0x0,};
- unsigned char syn_packet[65536] = {0x0,};
- // ethernet header
- unsigned char dst_mac[]= "\x00\x09\x97\xc7\x26\x07";
- unsigned char src_mac[]= "\x00\x24\xbe\x66\xef\xb8";
- char dest_ip[] = "165.246.12.215";
- char src_ip[] = "165.246.67.135";
- unsigned char syn_packet1[] = //62byte
- "\x00\x50\x56\xe6\xb2\x42\x00\x0c\x29\xd8\x80\x4a\x08\x00\x45\x00"
- "\x00\x30\xc1\x57\x40\x00\x80\x06\xbe\xaf\xc0\xa8\xed\x84\xa5\xf6"
- "\x26\x9d\x0a\x8e\x1e\x62\x11\x73\xbd\x8e\x00\x00\x00\x00\x70\x02"
- "\xfa\xf0\x15\x7c\x00\x00\x02\x04\x05\xb4\x01\x01\x04\x02";
- int main(){
- pcap_if_t *alldevs=NULL;
- char errbuf[PCAP_ERRBUF_SIZE];
- // find all network adapters
- if (pcap_findalldevs(&alldevs, errbuf)==-1){
- printf("dev find failed\n");
- return -1;
- }
- if (alldevs==NULL){
- printf("no devs found\n");
- return -1;
- }
- // print them
- pcap_if_t *d; int i;
- for(d=alldevs,i=0; d!=NULL; d=d->next){
- printf("%d-th dev: %s ", ++i, d->name);
- if (d->description)
- printf(" (%s)\n", d->description);
- else
- printf(" (No description available)\n");
- }
- int inum;
- printf("enter the interface number: ");
- scanf("%d", &inum);
- for(d=alldevs, i=0; i<inum-1; d=d->next, i++); // jump to the i-th dev
- // open
- pcap_t *fp;
- if ((fp = pcap_open_live(d->name, // name of the device
- 65536, // capture size
- 1, // promiscuous mode
- 20, // read timeout
- errbuf
- ))==NULL){
- printf("pcap open failed\n");
- pcap_freealldevs(alldevs);
- return -1;
- }
- printf("pcap open successful\n");
- struct bpf_program fcode;
- if (pcap_compile(fp, // pcap handle
- &fcode, // compiled rule
- "host 192.168.237.132 and port 7778", // filter rule
- 1, // optimize
- NULL) < 0){
- printf("pcap compile failed\n");
- pcap_freealldevs(alldevs);
- return -1;
- }
- if (pcap_setfilter(fp, &fcode) <0 ){
- printf("pcap compile failed\n");
- pcap_freealldevs(alldevs);
- return -1;
- }
- pcap_freealldevs(alldevs); // we don't need this anymore
- int res;
- struct pcap_pkthdr *header;
- const unsigned char *pkt_data;
- int cnt=0;
- // build_packet(packet);
- /*
- while((res=pcap_next_ex(fp, &header,&pkt_data))>=0){
- if (res==0) continue;
- tcp_ip_parser((unsigned char*)pkt_data);
- if ( cnt == 0 )
- {
- capture_syn_packet(syn_packet,pkt_data);
- }
- cnt++;
- break;
- }
- */
- system("pause");
- //tcp_ip_parser(pkt_data);
- if (pcap_sendpacket(fp, syn_packet1, 62 )!=0){ //packet send!
- printf("err in packet send:%s\n",pcap_geterr(fp));
- }
- while((res=pcap_next_ex(fp, &header,&pkt_data))>=0){
- if (res==0) continue;
- tcp_ip_parser((unsigned char*)pkt_data);
- }
- return 0;
- }
- void build_packet(unsigned char* packet){
- struct ether_header *myeh;
- struct ip_header *myih;
- struct tcp_header *myth;
- myeh = (struct ether_header *)packet;
- myih = (struct ip_header *)(packet + 14);
- myth = (struct tcp_header*) (packet + 14 + 20);
- //build ethernet header start;
- myeh->ether_dhost.ether_addr_octet[0] = dst_mac[0];
- myeh->ether_dhost.ether_addr_octet[1] = dst_mac[1];
- myeh->ether_dhost.ether_addr_octet[2] = dst_mac[2];
- myeh->ether_dhost.ether_addr_octet[3] = dst_mac[3];
- myeh->ether_dhost.ether_addr_octet[4] = dst_mac[4];
- myeh->ether_dhost.ether_addr_octet[5] = dst_mac[5];
- myeh->ether_shost.ether_addr_octet[0] = src_mac[0];
- myeh->ether_shost.ether_addr_octet[1] = src_mac[1];
- myeh->ether_shost.ether_addr_octet[2] = src_mac[2];
- myeh->ether_shost.ether_addr_octet[3] = src_mac[3];
- myeh->ether_shost.ether_addr_octet[4] = src_mac[4];
- myeh->ether_shost.ether_addr_octet[5] = src_mac[5];
- myeh->ether_type = htons(0x0800);
- //build ethernet header end;
- //build ip header start
- myih->ip_header_len=0x5;
- myih->ip_version = 0x4;
- myih->ip_tos = 0x0;
- myih->ip_total_length = ntohs(0x34);
- myih->ip_id = htons(0x6e2c);
- myih->ip_frag_offset = 0;
- myih->ip_more_fragment = 0;
- myih->ip_dont_fragment = 1;
- myih->ip_reserved_zero =0;
- myih->ip_frag_offset1 =0;
- myih->ip_ttl = 0x80;
- myih->ip_protocol = 0x06;
- // myih->ip_checksum = 0;
- myih->ip_checksum = in_checksum((unsigned short *)myih, 20);
- myih->ip_srcaddr.S_un.S_addr = inet_addr(src_ip);
- myih->ip_destaddr.S_un.S_addr = inet_addr(dest_ip);
- // build ip header end
- myth->source_port = htons(0x1c63);
- myth->dest_port = htons(0x1e62);
- myth->sequence = htons(0x57e);
- myth->acknowledge = htons(0x0);
- myth->ns = 0;
- myth->reserved_part1 = 0;
- myth->data_offset = 0x08;
- myth->fin = 0;
- myth->syn = 1;
- myth->rst = 0;
- myth->psh = 0;
- myth->ack = 0;
- myth->urg = 0;
- myth->ecn = 0;
- myth->cwr = 0;
- myth->window = htons(0x2000);
- myth->checksum = 0;
- myth->urgent_pointer = 0x0;
- // myth->checksum= in_checksum((unsigned short *)seudo, sizeof(struct pseudo_header)+20);
- struct pseudo_header psh;
- psh.source_address=inet_addr("165.246.67.216"); // ip of your PC
- psh.dest_address=inet_addr("165.246.12.215");
- psh.placeholder=0; // reserved
- psh.protocol=6; // protocol number for tcp
- psh.tcp_length=htons(20); // tcp header size. data size is 0: no data for now
- unsigned char *seudo;
- seudo = (unsigned char *)malloc(sizeof(struct pseudo_header)+20);
- memcpy(seudo, &psh, sizeof(struct pseudo_header));
- memcpy(seudo+sizeof(struct pseudo_header), myth, sizeof(struct tcp_header));
- myth->checksum= in_checksum((unsigned short *)seudo, sizeof(struct pseudo_header)+20);
- // printf("\n%x\n",packet[17]);
- int i;
- for ( i =1;i <= pkt_length ;i++)
- {
- printf("%02x ",packet[i-1]);
- if ( i % 16 == 0)
- printf("\n");
- }
- printf("\n");
- }
- unsigned short in_checksum(unsigned short *ptr,int nbytes) {
- register long sum;
- unsigned short oddbyte;
- register short answer;
- sum=0;
- while(nbytes>1) {
- sum+=*ptr++;
- nbytes-=2;
- }
- if(nbytes==1) {
- oddbyte=0;
- *((u_char*)&oddbyte)=*(u_char*)ptr;
- sum+=oddbyte;
- }
- sum = (sum>>16)+(sum & 0xffff);
- sum = sum + (sum>>16);
- answer=(SHORT)~sum;
- return(answer);
- }
- void tcp_ip_parser(unsigned char *sample_packet)
- {
- struct ether_header *myeh;
- struct ip_header *myih;
- struct tcp_header *myth;
- myeh = (struct ether_header*) sample_packet;
- myih = (struct ip_header*)(sample_packet+14);
- myth = (struct tcp_header *)(sample_packet + 14 + 20);
- ///////// ethernet parsing //////////
- printf("dst mac_address = ");
- printf("%02x ",myeh->ether_dhost.ether_addr_octet[0]);
- printf("%02x ",myeh->ether_dhost.ether_addr_octet[1]);
- printf("%02x ",myeh->ether_dhost.ether_addr_octet[2]);
- printf("%02x ",myeh->ether_dhost.ether_addr_octet[3]);
- printf("%02x ",myeh->ether_dhost.ether_addr_octet[4]);
- printf("%02x ",myeh->ether_dhost.ether_addr_octet[5]);
- printf("\n");
- printf("src mac_address = ");
- printf("%02x ",myeh->ether_shost.ether_addr_octet[0]);
- printf("%02x ",myeh->ether_shost.ether_addr_octet[1]);
- printf("%02x ",myeh->ether_shost.ether_addr_octet[2]);
- printf("%02x ",myeh->ether_shost.ether_addr_octet[3]);
- printf("%02x ",myeh->ether_shost.ether_addr_octet[4]);
- printf("%02x ",myeh->ether_shost.ether_addr_octet[5]);
- printf("\n");
- printf("ehter_type = %02x\n",myeh->ether_type);
- ///////// ethernet parsing //////////
- ///////// ip parsing //////////
- // printf("%x\n",(unsigned char*)myih+1);
- printf("ip_header_len = %02x\n",(myih->ip_header_len));
- printf("ip_version = %02x\n",myih->ip_version);
- printf("ip_tos = %02x\n",myih->ip_tos);
- printf("ip_total_length = %02x\n",ntohs(myih->ip_total_length));
- pkt_length = ntohs(myih->ip_total_length) + 14;
- printf("ip_ident = %02x\n",ntohs(myih->ip_id));
- printf("ip_frag_offset = %02x\n",myih->ip_frag_offset);
- printf("ip_more_fragment = %02x\n",myih->ip_more_fragment);
- printf("ip_dont_fragment = %02x\n",myih->ip_dont_fragment);
- printf("ip_reserved_zero = %02x\n",myih->ip_reserved_zero);
- printf("ip_frag_offset1 = %02x\n",myih->ip_frag_offset1);
- printf("ip_ttl = %02x\n",myih->ip_ttl);
- printf("ip_protocol = %02x\n",myih->ip_protocol);
- printf("ip_checksum = %02x\n",ntohs(myih->ip_checksum));
- printf("src ip addr = %s\n",inet_ntoa(myih->ip_srcaddr));
- printf("dst ip addr = %s\n",inet_ntoa(myih->ip_destaddr));
- ///////// ip parsing //////////
- ////////// tcp parsing ////////////
- printf("tcp sorce_port = %02x\n",ntohs(myth->source_port));
- printf("tcp dest_port = %02x\n",ntohs(myth->dest_port));
- printf("tcp sequence = %02x\n",ntohs(myth->sequence));
- printf("tcp acknowledge = %02x\n",ntohs(myth->acknowledge));
- printf("tcp ns bit = %02x\n",myth->ns);
- printf("tcp reserved_part1 = %02x\n",myth->reserved_part1);
- printf("tcp data_offset = %02x\n",myth->data_offset);
- printf("tcp fin = %02x\n",myth->fin);
- printf("tcp syn = %02x\n",myth->syn);
- printf("tcp rst = %02x\n",myth->rst);
- printf("tcp psh = %02x\n",myth->psh);
- printf("tcp ack = %02x\n",myth->ack);
- printf("tcp urg = %02x\n",myth->urg);
- printf("tcp ecn = %02x\n",myth->ecn);
- printf("tcp cwr = %02x\n",myth->cwr);
- printf("tcp window = %02x\n",ntohs(myth->window));
- printf("tcp checksum = %02x\n",ntohs(myth->checksum));
- printf("tcp urgent_pointer = %02x\n",ntohs(myth->urgent_pointer));
- printf("==============================================\n");
- printf("pkt total length = %d\n",pkt_length);
- printf("==============================================\n");
- ////////// tcp parsing ////////////
- }
- void capture_syn_packet(unsigned char *syn_packet, const unsigned char *src)
- {
- FILE *fp;
- fp = fopen("syn_packet.txt","w");
- if ( fp == NULL )
- return;
- int i;
- for ( i =0;i < pkt_length; i++)
- {
- syn_packet[i] = src[i];
- }
- printf("=========captured first syn packet! st ============\n");
- for ( i =1;i <= pkt_length; i++)
- {
- printf("%02x ",syn_packet[i-1]);
- fprintf(fp, "\\x%02x",syn_packet[i-1]);
- if ( i % 16 == 0){
- printf("\n");
- fprintf(fp,"\n");
- }
- }
- printf("\n=========captured first syn packet! ed ============\n");
- fclose (fp);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement