这段代码要填充ip tcp头部已发送syn欺骗报文 ,但是就是发送不成功,wireshark检测不到发包USHORT checksum(USHORT *buffer,int size)
{unsigned long cksum=0;
while (size>1)
{cksum+=*buffer++;
size-=sizeof(USHORT);}
if(size) {
cksum += *(UCHAR*)buffer;
} cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
} void CtestView::SendSyn(USHORT i)
{
WSADATA WSAData; SOCKET sock;
SOCKADDR_IN addr_in,local;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader; char szSendBuf[65535]={0};
BOOL flag;
//int rect;
//int time=0;
//,nTimeOver; if (WSAStartup(MAKEWORD(2,1), &WSAData)!=0)
{
MessageBox(L"failed to load winsock 2");
}
// sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_IP,NULL,0,WSA_FLAG_OVERLAPPED);
// while (sock==INVALID_SOCKET)
//{sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_IP,NULL,0,WSA_FLAG_OVERLAPPED);time++;if(time>=10)return 0;}
//if((sock=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))==INVALID_SOCKET)
sock = socket(AF_INET , SOCK_RAW , IPPROTO_IP);
flag=true;
if (setsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag))==SOCKET_ERROR)
{
MessageBox(L"setsockopt IP_HDRINCL error! ");
} //int nTimeOver=1000;
//if (setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char*)&nTimeOver, sizeof(nTimeOver))==SOCKET_ERROR)
//{
//printf("setsockopt SO_SNDTIMEO error! ");
// return false;
// }
local.sin_family=AF_INET;
local.sin_port=htons(139);
local.sin_addr.S_un.S_addr=inet_addr("59.78.51.227");
addr_in.sin_family = AF_INET;
addr_in.sin_port = htons((USHORT)i); // 目标端口
addr_in.sin_addr.S_un.S_addr = inet_addr("59.78.51.137"); // 目标IP //
// 填充IP首部
//
ipHeader.h_verlen = (4<< 4 | sizeof (ipHeader) / sizeof (unsigned long ));
ipHeader.tos=(UCHAR)0;
ipHeader.total_len = htons( (USHORT)sizeof (ipHeader) + sizeof (tcpHeader));
ipHeader.ident = 0 ;
ipHeader.frag_and_flags = 0 ;
ipHeader.ttl = 128 ;
ipHeader.proto = IPPROTO_TCP;
ipHeader.checksum= 0 ;
ipHeader.sourceIP = local.sin_addr.s_addr;//src ip
ipHeader.destIP=addr_in.sin_addr.s_addr ;// dest ip
memset(szSendBuf,0,65535);
memcpy(szSendBuf,&ipHeader,sizeof(ipHeader));
ipHeader.checksum=checksum((USHORT*)szSendBuf,sizeof(ipHeader));
tcpHeader.th_dport = htons((USHORT)i); // 目标端口
tcpHeader.th_sport = htons(139); // 源端口号
tcpHeader.th_seq = 0;
tcpHeader.th_ack = 0 ;
tcpHeader.th_lenres = ( sizeof (tcpHeader) / 4 << 4 | 0 );
tcpHeader.th_flag =htons( 0x02); // 修改这里来实现不同的标志位探测,2是SYN,1是FIN,16是ACK探测 等等
tcpHeader.th_win = htons((unsigned short)16384);
tcpHeader.th_urp = 0 ;
tcpHeader.th_sum = 0 ; psdHeader.saddr = ipHeader.sourceIP;
psdHeader.daddr = ipHeader.destIP;
psdHeader.mbz = 0 ;
psdHeader.ptck = IPPROTO_TCP;
psdHeader.tcpl =htons(sizeof (tcpHeader));
// 计算校验和
//u_char tmpBuf[52];memset(szSendBuf,0,65535);
memcpy(szSendBuf,&psdHeader,sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader),&tcpHeader,sizeof(tcpHeader));
tcpHeader.th_sum=checksum((USHORT*)szSendBuf,sizeof(PSDHEADER)+sizeof(TCPHEADER));
memset(szSendBuf,0,65535);
memcpy(szSendBuf,&ipHeader,sizeof(IPHEADER));
memcpy(szSendBuf+sizeof(IPHEADER),&tcpHeader,sizeof(TCPHEADER));if(sendto(sock,szSendBuf,sizeof(IPHEADER)+sizeof(TCPHEADER),0,(struct sockaddr*) &addr_in,sizeof(addr_in))==SOCKET_ERROR)MessageBox(L"send error");closesocket(sock);
WSACleanup();
}void CtestView::finscan()
{CMainFrame *pwd=(CMainFrame*)AfxGetMainWnd();
CtestView *pView=(CtestView*)pwd->GetActiveView();
AfxBeginThread(ListenFunc,pView);
for(USHORT i=0;i<=200;i++)
SendSyn(i);
}
搞了很久 就是找不到问题所在 ,谢谢热心帮助的大家
{unsigned long cksum=0;
while (size>1)
{cksum+=*buffer++;
size-=sizeof(USHORT);}
if(size) {
cksum += *(UCHAR*)buffer;
} cksum = (cksum >> 16) + (cksum & 0xffff);
cksum += (cksum >>16);
return (USHORT)(~cksum);
} void CtestView::SendSyn(USHORT i)
{
WSADATA WSAData; SOCKET sock;
SOCKADDR_IN addr_in,local;
IPHEADER ipHeader;
TCPHEADER tcpHeader;
PSDHEADER psdHeader; char szSendBuf[65535]={0};
BOOL flag;
//int rect;
//int time=0;
//,nTimeOver; if (WSAStartup(MAKEWORD(2,1), &WSAData)!=0)
{
MessageBox(L"failed to load winsock 2");
}
// sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_IP,NULL,0,WSA_FLAG_OVERLAPPED);
// while (sock==INVALID_SOCKET)
//{sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_IP,NULL,0,WSA_FLAG_OVERLAPPED);time++;if(time>=10)return 0;}
//if((sock=socket(AF_INET,SOCK_RAW,IPPROTO_RAW))==INVALID_SOCKET)
sock = socket(AF_INET , SOCK_RAW , IPPROTO_IP);
flag=true;
if (setsockopt(sock,IPPROTO_IP, IP_HDRINCL,(char *)&flag,sizeof(flag))==SOCKET_ERROR)
{
MessageBox(L"setsockopt IP_HDRINCL error! ");
} //int nTimeOver=1000;
//if (setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char*)&nTimeOver, sizeof(nTimeOver))==SOCKET_ERROR)
//{
//printf("setsockopt SO_SNDTIMEO error! ");
// return false;
// }
local.sin_family=AF_INET;
local.sin_port=htons(139);
local.sin_addr.S_un.S_addr=inet_addr("59.78.51.227");
addr_in.sin_family = AF_INET;
addr_in.sin_port = htons((USHORT)i); // 目标端口
addr_in.sin_addr.S_un.S_addr = inet_addr("59.78.51.137"); // 目标IP //
// 填充IP首部
//
ipHeader.h_verlen = (4<< 4 | sizeof (ipHeader) / sizeof (unsigned long ));
ipHeader.tos=(UCHAR)0;
ipHeader.total_len = htons( (USHORT)sizeof (ipHeader) + sizeof (tcpHeader));
ipHeader.ident = 0 ;
ipHeader.frag_and_flags = 0 ;
ipHeader.ttl = 128 ;
ipHeader.proto = IPPROTO_TCP;
ipHeader.checksum= 0 ;
ipHeader.sourceIP = local.sin_addr.s_addr;//src ip
ipHeader.destIP=addr_in.sin_addr.s_addr ;// dest ip
memset(szSendBuf,0,65535);
memcpy(szSendBuf,&ipHeader,sizeof(ipHeader));
ipHeader.checksum=checksum((USHORT*)szSendBuf,sizeof(ipHeader));
tcpHeader.th_dport = htons((USHORT)i); // 目标端口
tcpHeader.th_sport = htons(139); // 源端口号
tcpHeader.th_seq = 0;
tcpHeader.th_ack = 0 ;
tcpHeader.th_lenres = ( sizeof (tcpHeader) / 4 << 4 | 0 );
tcpHeader.th_flag =htons( 0x02); // 修改这里来实现不同的标志位探测,2是SYN,1是FIN,16是ACK探测 等等
tcpHeader.th_win = htons((unsigned short)16384);
tcpHeader.th_urp = 0 ;
tcpHeader.th_sum = 0 ; psdHeader.saddr = ipHeader.sourceIP;
psdHeader.daddr = ipHeader.destIP;
psdHeader.mbz = 0 ;
psdHeader.ptck = IPPROTO_TCP;
psdHeader.tcpl =htons(sizeof (tcpHeader));
// 计算校验和
//u_char tmpBuf[52];memset(szSendBuf,0,65535);
memcpy(szSendBuf,&psdHeader,sizeof(psdHeader));
memcpy(szSendBuf+sizeof(psdHeader),&tcpHeader,sizeof(tcpHeader));
tcpHeader.th_sum=checksum((USHORT*)szSendBuf,sizeof(PSDHEADER)+sizeof(TCPHEADER));
memset(szSendBuf,0,65535);
memcpy(szSendBuf,&ipHeader,sizeof(IPHEADER));
memcpy(szSendBuf+sizeof(IPHEADER),&tcpHeader,sizeof(TCPHEADER));if(sendto(sock,szSendBuf,sizeof(IPHEADER)+sizeof(TCPHEADER),0,(struct sockaddr*) &addr_in,sizeof(addr_in))==SOCKET_ERROR)MessageBox(L"send error");closesocket(sock);
WSACleanup();
}void CtestView::finscan()
{CMainFrame *pwd=(CMainFrame*)AfxGetMainWnd();
CtestView *pView=(CtestView*)pwd->GetActiveView();
AfxBeginThread(ListenFunc,pView);
for(USHORT i=0;i<=200;i++)
SendSyn(i);
}
搞了很久 就是找不到问题所在 ,谢谢热心帮助的大家
解决方案 »
- 急急急!!!为什么调用函数前必须使用AfxMessageBox(),否则就在运行时死机?
- 请问:如何屏蔽IE控件鼠标右键事件?
- tree节点多,一次性加载慢,有什么办法
- 如何把打开文件对话框嵌入另一个对话框?
- 急!关于模板
- sqrt() 怎么说没有定义呢??
- 写一个组件要求返回一个客户Recordset 并且这个Recordset可以在ASP中得到!
- Windows2000系统编程 哪儿有呵
- 求MFC USB设备枚举过程
- 我的程序为什么跑久了界面会变花?
- 一个老话题里的新问题《transparent flash control in plain C++》
- 向数据库中varchar类型的字段插入一个CString类型的字符串,其中包含好多个“\R\N”,在插入的时候插不进去
---------------------------------
sendto失败?WSAGetLastError()函数的返回值是什么看看先?