自定義發IP包例子(TCP/IP包發送)

/*
2000.11.13
自定義發IP包例子(TCP/IP包發送)
給目標主機的端口發送一個 syn請求,注意目標主機的信息會發給發送IP地址的主機
這說明TCP/IP協議本身有IP期騙的漏洞
這種方運可以自己寫成特殊的基於IP協議上層的自定義協議
[email protected]
ddxxkk.myrice.com/ddxxkk.hongnet.com
*/
//   目標IP               端口                 發送IP
char srcip[]="100.100.100.100",dstip[]="192.168.11.220";
//  目標IP端口  發送端IP端口
int srcport=25,dstport=99;
 #include <stdio.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
    #include <unistd.h>
    #include <netinet/ip.h>   //ip
    #include <netinet/tcp.h> //tcp
 #include <stdlib.h>
//以下是從ip.h和tcp.h取的,但BSD和LINUX用的名稱有些不一樣主要是TCP不一樣
/*
struct ip
  {
#if __BYTE_ORDER == __LITTLE_ENDIAN
    unsigned int ip_hl:4;                //little-endian IP頭長度(單位爲32位)4位
    unsigned int ip_v:4;                 //版本號4 IP4用4
#endif
#if __BYTE_ORDER == __BIG_ENDIAN
    unsigned int ip_v:4;                // version
    unsigned int ip_hl:4;               // header length
#endif
    u_int8_t ip_tos;                    //服務類型  一般爲0
    u_short ip_len;                     //數據總長度 (單位爲32位)
    u_short ip_id;                      //標識16
    u_short ip_off;                     //分段偏移
#define IP_RF 0x8000                    // reserved fragment flag  //標誌
#define IP_DF 0x4000                    // dont fragment flag
#define IP_MF 0x2000                    // more fragments flag
#define IP_OFFMASK 0x1fff               // mask for fragmenting bits
    u_int8_t ip_ttl;                     //生存時間
    u_int8_t ip_p;                      //傳輸協議 tcp是6
    u_short ip_sum;                     //頭校驗和
    struct in_addr ip_src, ip_dst;      // 源地址 目標地址
  };

struct tcphdr
  {
    u_int16_t source;               // 源端口
    u_int16_t dest;                // 目的端口
    tcp_seq seq;                  // 序號
    tcp_seq ack_seq;             // 確認號 收到的TCP信息的序號+1
#if __BYTE_ORDER == __LITTLE_ENDIAN
    u_int16_t res1:4;               //保留
    u_int16_t doff:4;               //保留
    u_int16_t fin:1;               //標誌 結束
    u_int16_t syn:1;               //標誌 同步
    u_int16_t rst:1;               //標誌 重置
    u_int16_t psh:1;               //標誌 入棧
    u_int16_t ack:1;               //標誌 確認
    u_int16_t urg:1;               //標誌 緊急
    u_int16_t res2:2;
#elif __BYTE_ORDER == __BIG_ENDIAN
    u_int16_t doff:4;
    u_int16_t res1:4;
    u_int16_t res2:2;
    u_int16_t urg:1;
    u_int16_t ack:1;
    u_int16_t psh:1;
    u_int16_t rst:1;
    u_int16_t syn:1;
    u_int16_t fin:1;
#else
#error  "Adjust your <bits/endian.h> defines"
#endif
    u_int16_t window;           //窗口
    u_int16_t check;            //校驗和
    u_int16_t urg_ptr;          //緊急指針
};
*/

//校驗和涵數 ip頭
unsigned short csum (unsigned short *packet, int packlen) {
 register unsigned long sum = 0;
 while (packlen > 1) {
  sum+= *(packet++);
  packlen-=2;
 }
 if (packlen > 0)
  sum += *(unsigned char *)packet;
 while (sum >> 16)
  sum = (sum & 0xffff) + (sum >> 16);

 return (unsigned short) ~sum;
}
//校驗和涵數 tcp頭
unsigned short tcpcsum (unsigned char *iphdr, unsigned short *packet,int packlen) {
 unsigned short *buf;
 unsigned short res;
 buf = malloc(packlen+12);
 if(buf == NULL) return 0;
 memcpy(buf,iphdr+12,8); //源IP地址和目標IP地址
 *(buf+4)=htons((unsigned short)(*(iphdr+9)));
 *(buf+5)=htons((unsigned short)packlen);
 memcpy(buf+6,packet,packlen);
 res = csum(buf,packlen+12);
 free(buf);
 return res;
}

int main()
 {

     int sock, bytes_send, fromlen,n,id,s;
     unsigned char buffer[65535];
     struct sockaddr_in toaddr;
     struct ip  *ip;
     struct tcphdr *tcp;
  for (n=0;n<60000;n++ )
  {
  buffer[n]=0;
  }
//發送地址
        toaddr.sin_family =AF_INET;
//        inet_aton("192.168.11.38",&toaddr.sin_addr);   //字符串轉入地址
        inet_aton(dstip,&toaddr.sin_addr);   //字符串轉入地址
  //建立原始TCP包方式IP+TCP信息包
sock = socket(AF_INET, SOCK_RAW,IPPROTO_RAW);   //IP方式
//     sock = socket(AF_INET, SOCK_RAW, IPPROTO_TCP);
        if (sock>0) {printf("socket ok\n");}
     else {printf ("socket error \n");}
       n=1;
       if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, &n, sizeof(n)) < 0) {
           printf("2");
           perror("IP_HDRINCL");
           exit(1);
          }
  ip=(struct ip *)buffer;
        ip->ip_id=0x9911;               
  ip->ip_v=4;
  ip->ip_hl=5;                           
  ip->ip_ttl=36;                         
  ip->ip_p=6;     //tcp 爲6
  ip->ip_len=htons(60);
        inet_aton(dstip,&ip->ip_dst);
//        inet_aton("192.168.11.38",&ip->ip_dst);
  tcp = (struct tcphdr *)(buffer + (4*ip->ip_hl));
        tcp->source=htons(srcport);                            //源端口
        tcp->dest=htons(dstport);  
        tcp->seq=htons(0x9990);
  tcp->doff=0x15;
tcp->ack_seq=0;
  tcp->syn=1;
  tcp->window=htons(0x20);
  inet_aton(srcip,&ip->ip_src);

 

//        ip->ip_src.s_addr=htonl(0x09010101+n);
  tcp->check=0x0;       
        tcp->check=tcpcsum((unsigned char *)buffer, (unsigned short *)tcp,40);
        ip->ip_sum=0;
  ip->ip_sum=csum((unsigned short *)buffer,20);
  bytes_send=sendto(sock,buffer,60,0,(struct sockaddr *)&toaddr,sizeof(toaddr));    

  if (bytes_send>0)
  {
  printf("OK bytes_send %d \n",bytes_send);
     printf("IP_source address ::: %s \n",inet_ntoa(ip->ip_src));
     printf("IP_dest address ::: %s \n",inet_ntoa(ip->ip_dst));
  }
 }