API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 27th, 2021
346
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 5.03 KB | None | 0 0
raw download clone embed print report
  1. #include <netinet/tcp.h>
  2. #include <netinet/ip.h>
  3. #include <libnet.h>
  4. #include <pcap.h>
  5. #include <time.h>
  6.  
  7. int answer = 0;     /* flag for scan timeout */
  8.  
  9.  
  10. void packet_handler(u_char * user, const struct pcap_pkthdr *header, const u_char * packet)
  11. {
  12.     struct tcphdr *tcp = (struct tcphdr *) (packet + LIBNET_IPV4_H + LIBNET_ETH_H);
  13.  
  14.     /* fallthrough intended */
  15.     switch (tcp->th_flags) {
  16.         case 0x12:
  17.                 printf("%d/tcp open\n", ntohs(tcp->th_sport));
  18.         case 0x14:
  19.                 answer = 0;
  20.         }
  21. }
  22.  
  23. void scan(char *ip, int sp, int lp)
  24. {
  25.     const char *device = NULL;      /* device for sniffing/sending */
  26.     in_addr_t destipaddr;           /* ip addr to scan */
  27.     u_int32_t myipaddr;         /* ip addr of this host */
  28.     libnet_ptag_t tcp = 0, ipv4 = 0;    /* libnet protocol block */
  29.     char libnet_errbuf[LIBNET_ERRBUF_SIZE]; /* libnet error messages */
  30.     char libpcap_errbuf[PCAP_ERRBUF_SIZE];  /* pcap error messages */
  31.     pcap_t *handle;             /* libpcap handle */
  32.     bpf_u_int32 netp, maskp;        /* netmask and ip */
  33.     /* if (SYN and RST) or (SYN and ACK) flags are set */
  34.     char *filter = "(tcp[13] == 0x14) || (tcp[13] == 0x12)";
  35.     struct bpf_program fp;          /* compiled filter */
  36.     time_t tv;
  37.  
  38.  
  39.     /* open context */
  40.     libnet_t *ctx = libnet_init(LIBNET_RAW4, device, libnet_errbuf);
  41.     if (ctx == NULL) {
  42.         fprintf(stderr,
  43.             "Error opening context: %s\n",
  44.             libnet_errbuf);
  45.         exit(1);
  46.     }
  47.  
  48.     if ((destipaddr = libnet_name2addr4(ctx, ip, LIBNET_RESOLVE)) == -1) {
  49.         fprintf(stderr, "Invalid address: %s\n", libnet_geterror(ctx));
  50.         exit(1);
  51.     }
  52.  
  53.  
  54.     /* get ip address of the device */
  55.     if ((myipaddr = libnet_get_ipaddr4(ctx)) == -1) {
  56.         fprintf(stderr, "Error getting IP: %s\n", libnet_geterror(ctx));
  57.         exit(1);
  58.     }
  59.  
  60.     //printf("IP: %s\n", libnet_addr2name4 (destipaddr, LIBNET_DONT_RESOLVE));
  61.  
  62.     /* get device we are using for libpcap */
  63.     if ((device = libnet_getdevice(ctx)) == NULL) {
  64.         fprintf(stderr, "Device is NULL. Packet capture may be broken\n");
  65.     }
  66.  
  67.     /* open the device with pcap */
  68.     handle = pcap_open_live(device,     /* device to sniff on*/
  69.                 1500,       /* max number of bytes to capture per packet */
  70.                 0,      /* 1 to set card to promisculous mode, 0 to not */
  71.                 200,        /* time to perform packet capture in milliseconds */
  72.                 libpcap_errbuf);/* error message buffer */
  73.  
  74.     if (handle == NULL) {
  75.         fprintf(stderr, "Error opening pcap: %s\n", libpcap_errbuf);
  76.         exit(1);
  77.     }
  78.  
  79.     if ((pcap_setnonblock(handle, 1, libnet_errbuf)) == -1) {
  80.         fprintf(stderr, "Error setting nonblocking: %s\n", libpcap_errbuf);
  81.         exit(1);
  82.     }
  83.  
  84.     /* set the capture filter */
  85.     if (pcap_lookupnet(device, &netp, &maskp, libpcap_errbuf) == -1) {
  86.         fprintf(stderr, "Net lookup error: %s\n", libpcap_errbuf);
  87.         exit(1);
  88.     }
  89.  
  90.     if (pcap_compile(handle, &fp, filter, 0, maskp) == -1) {
  91.         fprintf(stderr, "BPF error: %s\n", pcap_geterr(handle));
  92.         exit(1);
  93.     }
  94.  
  95.  
  96.     if (pcap_setfilter(handle, &fp) == -1) {
  97.         fprintf(stderr, "Error setting BPF: %s\n", pcap_geterr(handle));
  98.         exit(1);
  99.     }
  100.  
  101.     /* free memory used for the filter */
  102.     pcap_freecode(&fp);
  103.  
  104.  
  105.     /* seed pseudo random number generator */
  106.     libnet_seed_prand(ctx);
  107.  
  108.  
  109.     for (int i = sp; i <= lp; i++) {
  110.         /* build TCP header */
  111.         tcp = libnet_build_tcp(libnet_get_prand(LIBNET_PRu16),  /* src port */
  112.                        i,               /* dest port */
  113.                        libnet_get_prand(LIBNET_PRu16),  /* sequence number */
  114.                        0,               /* acknowledgement */
  115.                        TH_SYN,              /* control flags, SYN set */
  116.                        7,               /* window */
  117.                        0,               /* checksum, 0 = autofill */
  118.                        0,               /* urgent */
  119.                        LIBNET_TCP_H,            /* header length */
  120.                        NULL,                /* payload */
  121.                        0,               /* payload length */
  122.                        ctx,             /* libnet context */
  123.                        tcp);                /* protocol tag */
  124.  
  125.         if (tcp == -1) {
  126.             fprintf(stderr,
  127.                 "Unable to build TCP header: %s\n",
  128.                 libnet_geterror(ctx));
  129.             exit(1);
  130.         }
  131.  
  132.         /* build IP header */
  133.         ipv4 = libnet_build_ipv4(LIBNET_TCP_H + LIBNET_IPV4_H,  /* length */
  134.                          0,             /* TOS */
  135.                      libnet_get_prand(LIBNET_PRu16),/* IP ID */
  136.                      0,             /* frag offset */
  137.                      127,               /* TTL */
  138.                      IPPROTO_TCP,           /* upper layer protocol */
  139.                      0,             /* checksum, 0 = autofill */
  140.                      myipaddr,          /* src IP */
  141.                      destipaddr,            /* dest IP */
  142.                      NULL,              /* payload */
  143.                      0,             /* payload length */
  144.                      ctx,               /* libnet context */
  145.                      ipv4);             /* protocol tag */
  146.  
  147.         if (ipv4 == -1) {
  148.             fprintf(stderr,
  149.                 "Unable to build IPv4 header: %s\n",
  150.                 libnet_geterror(ctx));
  151.             exit(1);
  152.         }
  153.  
  154.  
  155.         /* write the packet */
  156.         if (libnet_write(ctx) == -1) {
  157.             fprintf(stderr,
  158.                 "Unable to send packet: %s\n",
  159.                 libnet_geterror(ctx));
  160.             exit(1);
  161.         }
  162.  
  163.         /* set variables for flag/counter */
  164.         answer = 1;
  165.         tv = time(NULL);
  166.  
  167.         /* capture the reply */
  168.         while (answer) {
  169.             pcap_dispatch(handle, -1, packet_handler, NULL);
  170.  
  171.             if ((time(NULL) - tv) > 0.2) {
  172.                 answer = 0; /* timed out */
  173.                 //printf("%d/tcp filtered\n", ports[i]);
  174.             }
  175.         }
  176.     }
  177.  
  178.     /* exit cleanly */
  179.     libnet_destroy(ctx);
  180.     //pcap_close(handle);
  181. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!