18,363
社区成员
发帖
与我相关
我的任务
分享用winpcap实现syn扫描的时候,发送了syn包后收不到ack包
小弟在学习winpcap,准备实现一个syn 半开扫描,但是发现发送syn包后却收不到ack包(用wireshark看的),代码如下,求各位大神帮忙
#include <iostream>
using namespace std;
#include <pcap/pcap.h>
#pragma comment(lib,"wpcap.lib")
#include <winsock2.h>
#pragma comment(lib,"ws2_32.lib")
#include "raw.h"
#define MSG_MAXLEN 60
PIPV4_HDR pPIPV4_HDR;
PTCP_HDR ptcphdr;
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data);
char *srcip = "10.104.165.211";
char *destip = "10.104.165.90";
int main(int argc,char *args[])
{
// char *method = args[1];
// char *ip = args[2];
// char *port = args[3];
char *method = "syn";
int port = atoi("445");
int status = 0;
cout<<"Target IP:"<<destip<<"\t Target Port:"<<port<<endl;
if(strcmp(method,"tcp")==0)
{
cout<<"tcp connect scanning"<<endl;
status = tcp_scan(destip,port);
}
else if(strcmp(method,"syn")==0)
{
cout<<"syn connect scanning"<<endl;
status = syn_scan(destip,port);
//help();
}
else cout<<"not defined scan"<<endl;
switch(status)
{
case 0: cout<<"closed"<<endl;break;
case 1: cout<<destip<<":"<<port<<"\t open"<<endl;break;
case 2: cout<<destip<<":"<<port<<"\t closed"<<endl;break;
case 3: cout<<"connect error"<<endl;break;
}
system("pause");
return 0;
}
int syn_scan(const char * destIp,int destPort)
{
pcap_if_t *alldevs;
char errbuf[PCAP_ERRBUF_SIZE] = {};
if(-1 == pcap_findalldevs(&alldevs,errbuf))
{
cout<<"Get dev list error"<<endl;
return -1;
}
int devNum=0,inTerfaceNum=0,i=0;
for(pcap_if_t *d = alldevs;NULL != d;d = d->next)
{
cout<<d->description<<endl;
devNum++;
}
printf("Enter the interface number (1-%d):",devNum);
scanf("%d", &inTerfaceNum);
if(inTerfaceNum < 1 || inTerfaceNum > devNum)
{
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return -1;
}
pcap_if_t *d;
/* Jump to the selected adapter */
for(d=alldevs, i=0; i< inTerfaceNum-1; d=d->next, i++);
/**
*打开选择的interface
*/
pcap_t *pt = pcap_open_live(d->name,65536,false,20,errbuf);
if(NULL == pt)
{
cout<<"Open dev error"<<endl;
return -1;
}
UCHAR SendMsg[MSG_MAXLEN] = {0};
//for(int i=180;i<200;i++)
//{
/*设置数据帧结构*/
PETHER_HDR pethhdr = (PETHER_HDR)SendMsg;
pethhdr->dest[0] = 0x00;
pethhdr->dest[1] = 0x23;
pethhdr->dest[2] = 0x89;
pethhdr->dest[3] = 0x42;
pethhdr->dest[4] = 0x7F;
pethhdr->dest[5] = 0x00;
pethhdr->source[0] = 0x00;
pethhdr->source[1] = 0x26;
pethhdr->source[2] = 0x9E;
pethhdr->source[3] = 0x32;
pethhdr->source[4] = 0x4E;
pethhdr->source[5] = 0x4B;
pethhdr->type = htons(0x0800);
/*IP header*/
pPIPV4_HDR = (PIPV4_HDR)(SendMsg + sizeof(ETHER_HDR));
pPIPV4_HDR->ip_version = 4;
pPIPV4_HDR->ip_header_len = 5; //In double words thats 4 bytes
pPIPV4_HDR->ip_tos = 0;
pPIPV4_HDR->ip_total_length = htons (sizeof(SendMsg)-sizeof(ETHER_HDR));
//pPIPV4_HDR->ip_id = htons(2);
pPIPV4_HDR->ip_frag_offset = 0;
pPIPV4_HDR->ip_reserved_zero=0;
pPIPV4_HDR->ip_dont_fragment=1;
pPIPV4_HDR->ip_more_fragment=0;
pPIPV4_HDR->ip_frag_offset1 = 0;
pPIPV4_HDR->ip_ttl = 128;
pPIPV4_HDR->ip_protocol = IPPROTO_TCP;
pPIPV4_HDR->ip_srcaddr = inet_addr(srcip); //inet_addr("76.18.55.205");
pPIPV4_HDR->ip_destaddr = inet_addr(destIp);
pPIPV4_HDR->ip_checksum =0;
pPIPV4_HDR->ip_checksum = in_checksum((USHORT*)(SendMsg+sizeof(ETHER_HDR)),sizeof(IPV4_HDR));
/*TCP header*/
ptcphdr = (PTCP_HDR)(SendMsg + sizeof(ETHER_HDR) + sizeof(IPV4_HDR));
ptcphdr->source_port = htons(8000+i);
ptcphdr->dest_port = htons(destPort);
ptcphdr->sequence = htons(i++) ;
ptcphdr->acknowledge=0;
ptcphdr->reserved_part1=0;
ptcphdr->data_offset=3;
ptcphdr->fin=0;
ptcphdr->syn=1;
ptcphdr->rst=0;
ptcphdr->psh=0;
ptcphdr->ack=0;
ptcphdr->urg=0;
ptcphdr->ecn=0;
ptcphdr->cwr=0;
ptcphdr->window = htons(64240);
ptcphdr->checksum=0;
ptcphdr->urgent_pointer = 0;
UCHAR *tmpbuf = new UCHAR[sizeof(SendMsg) - sizeof(ETHER_HDR) - sizeof(IPV4_HDR) + sizeof(P_HDR)];
memset(tmpbuf,0,sizeof(TCP_HDR)+sizeof(P_HDR));
PPSEUDO_HDR ppsdhdr = (PPSEUDO_HDR)tmpbuf;
ppsdhdr->source_address = pPIPV4_HDR->ip_srcaddr;
ppsdhdr->dest_address = pPIPV4_HDR->ip_destaddr;
ppsdhdr->placeholder = 0;
ppsdhdr->protocol = IPPROTO_TCP;
ppsdhdr->tcp_length = htons(sizeof(SendMsg) - sizeof(ETHER_HDR) - sizeof(IPV4_HDR));
//将tcp拷贝进tempbuf
memcpy(tmpbuf+sizeof(P_HDR),SendMsg+sizeof(ETHER_HDR)+sizeof(IPV4_HDR),sizeof(SendMsg) - sizeof(ETHER_HDR) - sizeof(IPV4_HDR));
ptcphdr->checksum = in_checksum((USHORT*)tmpbuf,sizeof(tmpbuf));
cout<<"send"<<endl;
pcap_sendpacket(pt,SendMsg,sizeof(SendMsg));
//}
/* 释放设备列表 */
pcap_freealldevs(alldevs);
pcap_loop(pt, 0, packet_handler, NULL);
cout<<"senoff"<<endl;
system("pause");
return 0;
}
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct tm *ltime;
char timestr[16];
PIPV4_HDR tempIPHeader = (PIPV4_HDR)pkt_data;
if(tempIPHeader->ip_srcaddr == pPIPV4_HDR->ip_destaddr)
{
PTCP_HDR tempTCPHeader = (PTCP_HDR)(pkt_data+sizeof(IPV4_HDR));
if(tempTCPHeader->source_port == ptcphdr->dest_port)
{
time_t local_tv_sec;
/* 将时间戳转换成可识别的格式 */
local_tv_sec = header->ts.tv_sec;
ltime=localtime(&local_tv_sec);
strftime( timestr, sizeof timestr, "%H:%M:%S", ltime);
printf("%s,%.6d len:%d\n", timestr, header->ts.tv_usec, header->len);
}
}
}
unsigned short in_checksum(unsigned short *ptr,int nbytes)
{
register long sum;
unsigned short oddbyte;
register short answer;
sum=0;
while(nbytes>1) {
sum+=*ptr++;
nbytes-=2;
}
if(nbytes==1) {
oddbyte=0;
*((u_char*)&oddbyte)=*(u_char*)ptr;
sum+=oddbyte;
}
sum = (sum>>16)+(sum & 0xffff);
sum = sum + (sum>>16);
answer=(SHORT)~sum;
return(answer);
}
...全文
请发表友善的回复…
发表回复
Yofoo 2015-04-21
- 打赏
- 举报
用抓包工具检查一下包是否发送出去, 还有包的checksum是否正确
赵4老师 2015-04-21
- 打赏
- 举报
听说Win7不支持RAW了。
繁华落尽梦一场- 2015-04-21
- 打赏
- 举报
你目标主机的mac地址是怎么写的,要写成网关mac才可以
要追问请引用回复 2014-01-05
- 打赏
- 举报
我说几点,你可能能用到:
向ip:port发送syn请求时:
1 ip不存在,不会收到任何tcp层面的回复,即“连接超时”
2 ip存在,port不存在,会受到rst,即“远程机器积极拒绝”
3 ip存在,port也存在,收到syn+ack回复
以上是没有防火墙的情形。有了防火墙就随着防火墙软件的不同而有各种不同的表现
测试阶段最好朝必定开放的端口发包,如www.baidu.com:80
用好WireShark,不要仅关注有没有回包,还要看自己的发的syn包有没有截取到;截取到的话仔细看一下包的详情,关注每个字段,尤其是看有否错位和校验错误。错误的包鲨鱼中很容易看出来的。
vcorange 2014-01-03
- 打赏
- 举报
你直接 发送 对方 80 端口 比较好测试
vcorange 2014-01-03
- 打赏
- 举报
对方要开tcp端口 处于 listen 状态 当你发送syn ,他才会返回ack syn
对方没开端口或者开的是udp端口 返回rst 或者不返回(节省流量)
