网上找的代码tcp_syn扫描,为什么调试时分析对方回复的包,协议却是udp?

ma747959177 2011-05-27 11:20:40
//--------------------------------------------------------------------//
// 作者:刘文涛 //
// 书籍:《网络安全编程技术与实例》 //
//--------------------------------------------------------------------//
#include "stdio.h"
#include "string.h"
#include "Winsock2.h"
#include <ws2tcpip.h>
#include "mstcpip.h"
#pragma comment(lib,"WS2_32.lib")
char *DestIpAddr = "60.176.45.56";//目的ip地址,可以自己设定
typedef struct IpHeader
{
unsigned char Version_HLen;
unsigned char TOS;
unsigned short Length;
unsigned short Ident;
unsigned short Flags_Offset;
unsigned char TTL;
unsigned char Protocol;
unsigned short Checksum;
unsigned int SourceAddr;
unsigned int DestinationAddr;
} Ip_Header;
#define URG 0x20
#define ACK 0x10
#define PSH 0x08
#define RST 0x04
#define SYN 0x02
#define FIN 0x01
typedef struct TcpHeader
{
USHORT SrcPort;
USHORT DstPort;
unsigned int SequenceNum;
unsigned int Acknowledgment;
unsigned char HdrLen;
unsigned char Flags;
USHORT AdvertisedWindow;
USHORT Checksum;
USHORT UrgPtr;
} Tcp_Header;
int PacketAnalyzer(char*);
int SendTCPSYNPacket(int);
int main(int argc, char **argv)
{
int PortStart = 81;
int PortEnd = 100;
SOCKET RecSocket;
int Result;
char RecvBuf[65535] =
{
0
};
LARGE_INTEGER nFreq;
char Name[255];
LARGE_INTEGER StartTime;
LARGE_INTEGER EndTime;
HANDLE hCon;
WSADATA wsaData;
DWORD dwBufferLen[10];
DWORD dwBufferInLen = 1;
DWORD dwBytesReturned = 0;
struct hostent *pHostent;
Result = WSAStartup(MAKEWORD(2, 1), &wsaData);
if (Result == SOCKET_ERROR)
{
printf("WSAStartup failed with error %d\n", Result);
return 0;
} RecSocket = socket(AF_INET, SOCK_RAW, IPPROTO_IP);
if (Result == SOCKET_ERROR)
{
printf("socket failed with error %d\n", WSAGetLastError());
closesocket(RecSocket);
return 0;
}
Result = gethostname(Name, 255);
if (Result == SOCKET_ERROR)
{
printf("gethostname failed with error %d\n", WSAGetLastError());
closesocket(RecSocket);
return 0;
}
pHostent = (struct hostent*)malloc(sizeof(struct hostent));
pHostent = gethostbyname(Name);
SOCKADDR_IN sock;
sock.sin_family = AF_INET;
sock.sin_port = htons(5555);
memcpy(&sock.sin_addr.S_un.S_addr, pHostent->h_addr_list[1], pHostent->h_length);
Result = bind(RecSocket, (PSOCKADDR) &sock, sizeof(sock));
if (Result == SOCKET_ERROR)
{
printf("bind failed with error %d\n", WSAGetLastError());
closesocket(RecSocket);
return 0;
} Result = WSAIoctl(RecSocket, SIO_RCVALL, &dwBufferInLen, sizeof(dwBufferInLen), &dwBufferLen, sizeof(dwBufferLen), &dwBytesReturned, NULL, NULL);
if (Result == SOCKET_ERROR)
{
printf("WSAIoctl failed with error %d\n", WSAGetLastError());
closesocket(RecSocket);
return 0;
}
hCon = GetStdHandle(STD_OUTPUT_HANDLE);
CONSOLE_SCREEN_BUFFER_INFO bInfo;
GetConsoleScreenBufferInfo(hCon, &bInfo);
if (QueryPerformanceFrequency(&nFreq))
{
QueryPerformanceCounter(&StartTime);
for (int p = PortStart; p <= PortEnd; p++)
{
SendTCPSYNPacket(p);
while (true)
{
memset(RecvBuf, 0, sizeof(RecvBuf));
Result = recv(RecSocket, RecvBuf, sizeof(RecvBuf), 0);
if (Result == SOCKET_ERROR)
{
printf("recv failed with error %d\n", WSAGetLastError());
closesocket(RecSocket);
return 0;
}
Result = PacketAnalyzer(RecvBuf);
if (Result == 0)
{
continue;
}
else
{
break;
}
}
SetConsoleTextAttribute(hCon, 14);
QueryPerformanceCounter(&EndTime);
}
}
double fInterval = EndTime.QuadPart - StartTime.QuadPart;
printf("Total Time:%fms\n", fInterval *1000 / (double)nFreq.QuadPart);
SetConsoleTextAttribute(hCon, bInfo.wAttributes);
if (closesocket(RecSocket) == SOCKET_ERROR)
{
printf("closesocket failed with error %d\n", WSAGetLastError());
return 0;
}
if (WSACleanup() == SOCKET_ERROR)
{
printf("WSACleanup failed with error %d\n", WSAGetLastError());
return 0;
}
return 1;
}
...全文
100 7 打赏 收藏 转发到动态 举报
写回复
用AI写文章
7 条回复
切换为时间正序
请发表友善的回复…
发表回复
saintwang 2011-05-30
  • 打赏
  • 举报
 回复
顶,一下。
ma747959177 2011-05-27
  • 打赏
  • 举报
 回复
自己顶啊,高手求解
ma747959177 2011-05-27
  • 打赏
  • 举报
 回复
mstcpip.h的内容如下:



// Copyright (C) Microsoft Corporation, 1996-1999
#if _MSC_VER > 1000
#pragma once
#endif

/* Argument structure for SIO_KEEPALIVE_VALS */

struct tcp_keepalive {
u_long onoff;
u_long keepalivetime;
u_long keepaliveinterval;
};

// New WSAIoctl Options

#define SIO_RCVALL _WSAIOW(IOC_VENDOR,1)
#define SIO_RCVALL_MCAST _WSAIOW(IOC_VENDOR,2)
#define SIO_RCVALL_IGMPMCAST _WSAIOW(IOC_VENDOR,3)
#define SIO_KEEPALIVE_VALS _WSAIOW(IOC_VENDOR,4)
#define SIO_ABSORB_RTRALERT _WSAIOW(IOC_VENDOR,5)
#define SIO_UCAST_IF _WSAIOW(IOC_VENDOR,6)
#define SIO_LIMIT_BROADCASTS _WSAIOW(IOC_VENDOR,7)
#define SIO_INDEX_BIND _WSAIOW(IOC_VENDOR,8)
#define SIO_INDEX_MCASTIF _WSAIOW(IOC_VENDOR,9)
#define SIO_INDEX_ADD_MCAST _WSAIOW(IOC_VENDOR,10)
#define SIO_INDEX_DEL_MCAST _WSAIOW(IOC_VENDOR,11)

ma747959177 2011-05-27
  • 打赏
  • 举报
 回复
USHORT checksum(USHORT *buffer, int size)
{
unsigned long cksum = 0;
while (size > 1)
{
cksum += *buffer++;
size -= sizeof(USHORT);
}
if (size)
{
cksum += *(UCHAR*)buffer;
}
cksum = (cksum >> 16) + (cksum &0xffff);
cksum += (cksum >> 16);
return (USHORT)(~cksum);
}

int SendTCPSYNPacket(int Port)
{
typedef struct IpHeader
{
u_char Version_HLen;
u_char TOS;
short Length;
short Ident;
short Flags_Offset;
u_char TTL;
u_char Protocol;
short Checksum;
unsigned int SourceAddr;
unsigned int DestinationAddr;
} Ip_Header;
typedef struct PsdTcpHeader
{
unsigned long SourceAddr;
unsigned long DestinationAddr;
char Zero;
char Protcol;
unsigned short TcpLen;
} PSD_Tcp_Header;
typedef struct tcp_hdr
{
USHORT SrcPort;
USHORT DstPort;
unsigned int SequenceNum;
unsigned int Acknowledgment;
unsigned char HdrLen;
unsigned char Flags;
USHORT AdvertisedWindow;
USHORT Checksum;
USHORT UrgPtr;
} Tcp_Header;
struct in_addr localaddr;
char HostName[255];
struct hostent *Hostent;
WSADATA wsaData;
SOCKET SendSocket;
SOCKADDR_IN addr_in,addr_out;
Ip_Header ipHeader;
Tcp_Header tcpHeader;
PSD_Tcp_Header psdHeader;
char szSendBuf[1024] =
{
0
};
BOOL flag;
int nTimeOver;
int Result;
Result = WSAStartup(MAKEWORD(2, 1), &wsaData);
if (Result == SOCKET_ERROR)
{
printf("WSAStartup failed with error %d\n", Result);
return 0;
}
if ((SendSocket = WSASocket(AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET)
{
printf("WSASocket failed with error %d\n\n", WSAGetLastError());
return false;
}
Result = gethostname(HostName, 255);
if (Result == SOCKET_ERROR)
{
printf("gethostname failed with error %d\n", WSAGetLastError());
return 0;
}
Hostent = (struct hostent*)malloc(sizeof(struct hostent));
Hostent = gethostbyname(HostName);

char* ip = inet_ntoa (*(struct in_addr *)Hostent->h_addr_list[1]);
flag = true;

addr_in.sin_family = AF_INET;
addr_in.sin_port = htons(1000);
addr_in.sin_addr.S_un.S_addr = inet_addr(ip);
addr_out.sin_family = AF_INET;
addr_out.sin_port = htons(1000);
addr_out.sin_addr.S_un.S_addr = inet_addr(DestIpAddr);

memcpy(&localaddr, Hostent->h_addr_list[1], Hostent->h_length);
ipHeader.Version_HLen = (4 << 4 | sizeof(ipHeader) / sizeof(unsigned long));
ipHeader.TOS = 0;
ipHeader.Length = htons(sizeof(ipHeader) + sizeof(tcpHeader));
ipHeader.Ident = 1;
ipHeader.Flags_Offset = 0;
ipHeader.TTL = 128;
ipHeader.Protocol = IPPROTO_TCP;
ipHeader.Checksum = 0;
ipHeader.SourceAddr = localaddr.S_un.S_addr;
ipHeader.DestinationAddr = inet_addr(DestIpAddr);
tcpHeader.DstPort = htons(Port);
tcpHeader.SrcPort = htons(6666);
tcpHeader.SequenceNum = htonl(0);
tcpHeader.Acknowledgment = 0;
tcpHeader.HdrLen = (sizeof(tcpHeader) / 4 << 4 | 0);
tcpHeader.Flags = 2;
tcpHeader.AdvertisedWindow = htons(512);
tcpHeader.UrgPtr = 0;
tcpHeader.Checksum = 0;
psdHeader.SourceAddr = ipHeader.SourceAddr;
psdHeader.DestinationAddr = ipHeader.DestinationAddr;
psdHeader.Zero = 0;
psdHeader.Protcol = IPPROTO_TCP;
psdHeader.TcpLen = htons(sizeof(tcpHeader));
memcpy(szSendBuf, &psdHeader, sizeof(psdHeader));
memcpy(szSendBuf + sizeof(psdHeader), &tcpHeader, sizeof(tcpHeader));
tcpHeader.Checksum = checksum((USHORT*)szSendBuf, sizeof(psdHeader) + sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
memcpy(szSendBuf + sizeof(ipHeader), &tcpHeader, sizeof(tcpHeader));
memset(szSendBuf + sizeof(ipHeader) + sizeof(tcpHeader), 0, 4);
ipHeader.Checksum = checksum((USHORT*)szSendBuf, sizeof(ipHeader) + sizeof(tcpHeader));
memcpy(szSendBuf, &ipHeader, sizeof(ipHeader));
if ( bind( SendSocket,(SOCKADDR*) &addr_in, sizeof(addr_in) ) == SOCKET_ERROR )
{
printf("gethostname failed with error23456 %d\n", WSAGetLastError()); return 0;
}
if (setsockopt(SendSocket, SOL_SOCKET, SO_SNDTIMEO, (char*) &nTimeOver, sizeof(nTimeOver)) == SOCKET_ERROR)
{
printf("setsockopt failed with error %d\n\n", WSAGetLastError());
return false;
}
Result = sendto(SendSocket, szSendBuf, sizeof(ipHeader) + sizeof(tcpHeader)+ sizeof(psdHeader), 0, (struct sockaddr*) &addr_out, sizeof(addr_out));
if (Result == SOCKET_ERROR)
{
printf("gethostname failed with error %d\n", WSAGetLastError());
return 0;
} if (closesocket(SendSocket) == SOCKET_ERROR)
{
printf("closesocket failed with error %d\n", WSAGetLastError());
return 0;
}
if (WSACleanup() == SOCKET_ERROR)
{
printf("WSACleanup failed with error %d\n", WSAGetLastError());
return 0;
}
return 1;
}

int PacketAnalyzer(char *PacketBuffer)
{
Ip_Header *pIpheader;
int iProtocol, iTTL;
char szSourceIP[16], szDestIP[16];
SOCKADDR_IN saSource, saDest;
pIpheader = (Ip_Header*)PacketBuffer;
HANDLE hCon = GetStdHandle(STD_OUTPUT_HANDLE);
CONSOLE_SCREEN_BUFFER_INFO bInfo;
GetConsoleScreenBufferInfo(hCon, &bInfo);
iProtocol = pIpheader->Protocol;
saSource.sin_addr.s_addr = pIpheader->SourceAddr;
::strcpy(szSourceIP, inet_ntoa(saSource.sin_addr));
saDest.sin_addr.s_addr = pIpheader->DestinationAddr;
::strcpy(szDestIP, inet_ntoa(saDest.sin_addr));
iTTL = pIpheader->TTL;
int iIphLen = sizeof(unsigned long)*(pIpheader->Version_HLen &0x0f);
if (iProtocol == IPPROTO_TCP)
{
Tcp_Header *pTcpHeader;
pTcpHeader = (Tcp_Header*)(PacketBuffer + iIphLen);
if (pIpheader->SourceAddr == inet_addr(DestIpAddr))
{
if (pTcpHeader->Flags &RST)
{
SetConsoleTextAttribute(hCon, 10);
printf("Port %d Close\n", ntohs(pTcpHeader->SrcPort));
return 1;
}
else if ((pTcpHeader->Flags &SYN) && (pTcpHeader->Flags &ACK))
{
SetConsoleTextAttribute(hCon, 14);
printf("Port %d Open\n", ntohs(pTcpHeader->SrcPort));
return 1;
}
}
}
SetConsoleTextAttribute(hCon, bInfo.wAttributes);
return 0;
}
ma747959177 2011-05-27
  • 打赏
  • 举报
 回复
但是我sendto 和recv都没有错误啊,难道是自己电脑返回的包??哎 困扰一天了!
kyotrue 2011-05-27
  • 打赏
  • 举报
 回复
对方没收到你的包吧,UDP的多半是本机或路由器返回的IGMP包了,比如目标不可达啥的。。。
Yofoo 2011-05-27
  • 打赏
  • 举报
 回复
现在的系统 xp sp2后不允许直接构造ip包发送, 你的代码不行的
计算机网络 传输层 TCPUDP协议
Re: 计算机网络 传输层 TCPUDP协议 # 传输层协议 TCPUDP 的应用场景 要发送的内容多,需要将发送的内容分成多个数据发送(TCP) 要发送的内容少,一个数据就能发送全部内容(UDP) # 传输层协议和应用层...
TCP SYN扫描分析探密
[内容摘要]:TCP SYN扫描之所以叫...端口扫描是入侵技术的基础,而TCP SYN扫描又是其中常用的扫描方法,但遗憾的是相当一部份网络技术爱好者,对这种扫描方法的认识仅仅停留在使用上,而对TCP协议TCP SYN扫描中...
端口存活判断(TCP connect、TCP SYNTCP FIN和UDP的区别)
优点:1.TCP连接可靠,当出现丢会重新发送SYN帧。2.因为进行TCP全连接,所以测试相对准确。 缺点:扫描间较长,容易被目标主机发现。 TCP SYN(半连接) 扫描器会向服务器目标端口发送SUN数据帧,服务器...
【nmap】常用五种扫描原理详解 -TCP SYN、完整TCPTCP ACK、TCP FIN/Xmas/NULL、UDP
【nmap】常用五种扫描原理详解 -TCP SYN、完整TCPTCP ACK、TCP FIN/Xmas/NULL、UDP
TCPUDP及NMAP扫描
UDP协议的全称是用户数据报协议,在网络中它与TCP协议一样用于处理数据,是一种无连接的协议。 建立TCP连接的三次握手: 第一次握手:建立连接,客户端发送synsyn=j)到服务器,并进入SYN_SENT状态,等待...
网络编程

18,356

社区成员

64,214

社区内容

发帖
与我相关
我的任务
社区描述
VC/MFC 网络编程
c++c语言开发语言 技术论坛(原bbs)
社区管理员
  • 网络编程
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章