标题:用 winpcap 发过 syn 数据包
用 winpcap 发过 syn 数据包

#include <stdlib.h>
#include <stdio.h>
#include <winsock2.h>
#include <pcap.h>
#pragma comment(lib, "wpcap.lib")
#pragma comment(lib, "ws2_32.lib")

typedef struct   _ETHER_HEADER{
    u_char   et_dhost[6];
    u_char   et_shost[6];
    u_short   et_type;  //如果上一层为IP协议。则ether_type的值就是0x0800

typedef struct _IP_HEADER
    unsigned char   h_verlen;
    unsigned char   tos; //type of service
    unsigned short  total_len;
    unsigned short  ident;
    unsigned short  frag_and_flags;
    unsigned char   ttl;
    unsigned char   proto;
    unsigned short  checksum;
    unsigned int    sourceIP;
    unsigned int    destIP;

typedef struct _TCP_HEADER
    USHORT th_sport;
    USHORT th_dport;
    unsigned int th_seq;
    unsigned int th_ack;
    unsigned char th_lenres;
    unsigned char th_flag;
    USHORT th_win;
    USHORT th_sum;
    USHORT th_urp;

typedef struct _psdhdr
    unsigned long saddr;           //Source IP address; 32 bits
    unsigned long daddr;           //Destination IP address; 32 bits
    unsigned char mbz;           //padding
    unsigned char ptcl;           //Protocol; 8 bits
    unsigned short tcpl;           //TCP length; 16 bits

USHORT CheckSum(USHORT *buffer, int size)
    unsigned long cksum = 0;

    while (size > 1)
        cksum += *buffer++;
        size -= sizeof(USHORT);

    if (size)
        cksum += *(UCHAR*)buffer;
    cksum = (cksum >> 16) + (cksum & 0xffff);
    cksum += (cksum >>16);

    return (USHORT)(~cksum);

int main( )
    IP_HEADER ipHeader;
    TCP_HEADER tcpHeader;
    PSDTCP_HEADER psdHeader;
    ETHER_HEADER etherHeader;

    char szSrcIp[] = "";
    char szDstIp[] = "";
    char *g_BehindString = "just a test";

    memset( &ipHeader, 0, sizeof ipHeader );
    memset( &tcpHeader, 0, sizeof tcpHeader );
    memset( &psdHeader, 0, sizeof psdHeader );
    memset( &etherHeader, 0, sizeof etherHeader );

    ipHeader.h_verlen = (4<<4 | sizeof ipHeader / sizeof(unsigned long));//高四位IP版本号,低四位首部长度
    ipHeader.total_len = htons( sizeof ipHeader + sizeof tcpHeader + strlen( g_BehindString ) );//16位总长度(字节)
    ipHeader.ident = 0x14BB;//16位标识
    ipHeader.frag_and_flags = 0x0040;//3位标志位
    ipHeader.ttl = 128;//8位生存时间TTL
    ipHeader.proto = IPPROTO_TCP;//8位协议(TCP,UDP…)
    ipHeader.checksum = 0;//16位IP首部校验和
    ipHeader.sourceIP = inet_addr( szSrcIp );//32位源IP地址
    ipHeader.destIP = inet_addr( szDstIp );//32位目的IP地址

    psdHeader.saddr = ipHeader.sourceIP;
    psdHeader.daddr = ipHeader.destIP; //目的地址
    psdHeader.mbz = 0;
    psdHeader.ptcl = IPPROTO_TCP; //协议类型
    psdHeader.tcpl = htons( sizeof tcpHeader ); //TCP首部长度

    unsigned char ucSrcMac[6] = { 0x64, 0x27, 0x37, 0x7D, 0XF7, 0X72 };
    unsigned char ucDstMac[6] = { 0x88, 0x9F, 0xFA, 0xFD, 0xF4, 0XF2 };
    memcpy( etherHeader.et_dhost, &ucDstMac, sizeof ucDstMac );
    memcpy( etherHeader.et_shost, &ucSrcMac, sizeof ucSrcMac );
    etherHeader.et_type = 0x0008;

    char ucSend[1600];
    int datasize;   
    //----------------Send SYN Packet----------------
    memset( ucSend, 0, sizeof ucSend);
    memcpy( ucSend, &psdHeader,sizeof psdHeader );
    memcpy( ucSend + sizeof psdHeader, &tcpHeader, sizeof tcpHeader );
    memcpy( ucSend + sizeof psdHeader + sizeof tcpHeader, g_BehindString, strlen( g_BehindString ) );
    tcpHeader.th_sum = CheckSum((USHORT *)ucSend, sizeof psdHeader + sizeof tcpHeader + strlen( g_BehindString ) );
    tcpHeader.th_sum = htons( ntohs( tcpHeader.th_sum ) - (USHORT)strlen(g_BehindString));

    memset( ucSend, 0, sizeof ucSend );
    memcpy( ucSend, &ipHeader,sizeof  ipHeader);
    memcpy( ucSend + sizeof ipHeader, &tcpHeader, sizeof tcpHeader );
    memset( ucSend + sizeof ipHeader +sizeof tcpHeader, 0, 4 );
    ipHeader.checksum = CheckSum((USHORT *)ucSend,sizeof ipHeader );

    memset( ucSend, 0, sizeof ucSend );
    memcpy( ucSend, &etherHeader ,sizeof etherHeader );
    memcpy( ucSend + sizeof etherHeader, &ipHeader, sizeof ipHeader );
    memcpy( ucSend + sizeof etherHeader + sizeof ipHeader, &tcpHeader, sizeof tcpHeader );
    memcpy( ucSend + sizeof etherHeader + sizeof ipHeader + sizeof tcpHeader, g_BehindString, strlen(g_BehindString) );
    datasize = sizeof ipHeader + sizeof tcpHeader + sizeof etherHeader + strlen( g_BehindString );
    char *device = "//Device//NPF_{0757BB69-9F82-4C2C-BC18-0FE59116B466}";
    //char *device = "//Device//NPF_{695C0D4A-88B4-451F-9945-E9CF3C994E42}";
    char errbuf[PCAP_ERRBUF_SIZE] = { 0 };
    pcap_t *adhandle = pcap_open( device, 0x10000, PCAP_OPENFLAG_PROMISCUOUS, 1000, NULL, errbuf  );
    if ( NULL == adhandle )
        printf("[pcap_open error] : %s/n", errbuf);
        return 0;

    if ( 0 != pcap_sendpacket(adhandle, (const unsigned char *)ucSend, datasize ) )
        printf("send failed.\n");
        printf("send success.\n");
    return 0;
2014-05-10 11:01
2014-05-10 11:32
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h>
#include <winsock2.h>
#include <iostream>
using namespace std;

#pragma comment(lib, "../common/lib/Packet.lib")
#pragma comment(lib, "../common/lib/wpcap.lib")
#pragma comment(lib, "ws2_32.lib")

/*                       IP报文格式
    0            8           16                        32
    | ver + hlen |  服务类型  |         总长度          |
    |           标识位        |flag|   分片偏移(13位)   |
    |  生存时间  | 高层协议号 |       首部校验和        |
    |                   源 IP 地址                      |
    |                  目的 IP 地址                     |


struct IP_HEADER
    byte versionAndHeader;
    byte serviceType;
    byte totalLen[2];
    byte seqNumber[2];
    byte flagAndFragPart[2];
    byte ttl;
    byte hiProtovolType;
    byte headerCheckSum[2];
    byte srcIpAddr[4];
    byte dstIpAddr[4];

                          TCP 报文
    0                       16                       32    
    |      源端口地址        |      目的端口地址       |
    |                      序列号                      |
    |                      确认号                      |
    |HLEN/4| 保留位 |控制位/6|         窗口尺寸        |
    |         校验和         |         应急指针        |

    byte srcPort[2];
    byte dstPort[2];
    byte seqNumber[4];
    byte ackNumber[4];
    byte headLen;
    byte contrl;
    byte wndSize[2];
    byte checkSum[2];
    byte uragentPtr[2];

    byte srcIpAddr[4];     //Source IP address; 32 bits
    byte dstIpAddr[4];     //Destination IP address; 32 bits 
    byte padding;          //padding
    byte protocol;         //Protocol; 8 bits
    byte tcpLen[2];        //TCP length; 16 bits

} ;

    byte dstMacAddr[6];
    byte srcMacAddr[6];
    byte ethernetType[2];

struct DEVS_INFO
    char szDevName[512];
    char szDevsDescription[512];

int GetAllDevs( DEVS_INFO devsList[] )
    int nDevsNum = 0;
    pcap_if_t *alldevs;
    char errbuf[PCAP_ERRBUF_SIZE];
    if ( pcap_findalldevs(&alldevs,errbuf) == -1 )
        return -1;
        printf("error in pcap_findalldevs_ex: %s\n",errbuf);
    for ( pcap_if_t *d = alldevs; d != NULL; d = d->next )
        strcpy( devsList[nDevsNum].szDevName, d->name );
        strcpy( devsList[nDevsNum].szDevsDescription, d->description );
    return nDevsNum;

char *FormatMacAddr( unsigned char *ucMacAddr, char *szStr )
    szStr[0] = '\0';
    char str[8];
    for ( int i = 0; i < 6; ++i)
        sprintf( str, "0x%02x-", ucMacAddr[i]);
        if ( str[2] >= 'a' && str[2] <= 'z' )
            str[2] = 'A' + str[2] - 'a';
        if ( str[3] >= 'a' && str[3] <= 'z' )
            str[3] = 'A' + str[3] - 'a';
        strcat( szStr, str );
    szStr[strlen(szStr) - 1] = '\0';
    return szStr;

char *FormatIpAddr( unsigned uIpAddr, char szIp[] )
    IN_ADDR addr;
    addr.S_un.S_addr = uIpAddr;
    strcpy( szIp, inet_ntoa( addr ) );
    return szIp;

void DecodeTcpPacket( const byte *packet )
    TCP_HEADER *pTcpHeader = (TCP_HEADER *)packet;
    //printf("%d\n", pTcpHeader->contrl);
    //printf("%d\n", (0x01 << 4) | (0x1 << 1) );

    if ( pTcpHeader->contrl == 18 )// (0x01 << 4) | (0x1 << 1) )

void DecodeIpPacket( const unsigned char *ucPacket )
    IP_HEADER *pIpHeader = ( IP_HEADER *)ucPacket;
    unsigned srcIp = *( unsigned *) pIpHeader->srcIpAddr;
    unsigned dstIp = *( unsigned *) pIpHeader->dstIpAddr;

    memcpy(&srcIp, pIpHeader->srcIpAddr, 4);
    memcpy(&dstIp, pIpHeader->dstIpAddr, 4);

    char szSrcIp[32], szDstIp[32];
    FormatIpAddr( srcIp, szSrcIp );
    FormatIpAddr( dstIp, szDstIp );
    if ( 0 != strcmp("", szDstIp ) || 0 != strcmp("", szSrcIp) ) return;

    if ( pIpHeader->hiProtovolType != 0x06 ) return;

    DecodeTcpPacket( (byte *)(ucPacket + sizeof(IP_HEADER)) );
    //printf("Ip: %s\t%s\n", szSrcIp,szDstIp );


void HandlePacketCallBack(unsigned char *param,const struct pcap_pkthdr* packet_header, const unsigned char *ucCaptureContent)
    ETHERNET_HEADER *pEthHeader = ( ETHERNET_HEADER *)ucCaptureContent;
    if ( *((unsigned short *)(pEthHeader->ethernetType)) == htons(0x0800) )
        ETHERNET_HEADER *pEthHeader = ( ETHERNET_HEADER *)ucCaptureContent;
        unsigned char srcMac[6], dstMac[6];
        memcpy(srcMac, pEthHeader->srcMacAddr, 6);
        memcpy(dstMac, pEthHeader->dstMacAddr, 6);

        char szSrcMac[32], szDstMac[32];
        FormatMacAddr(srcMac, szSrcMac);
        FormatMacAddr(dstMac, szDstMac);
        //printf("MAC: %s\t%s\n", szSrcMac,szDstMac );

        DecodeIpPacket( ucCaptureContent + sizeof (ETHERNET_HEADER) );

unsigned short CheckSum(unsigned short packet[], int size )
    unsigned long cksum = 0;
    while (size > 1) 
        cksum += *packet++;
        size -= sizeof(USHORT);
    if (size) 
        cksum += *(UCHAR*)packet;
    cksum = (cksum >> 16) + (cksum & 0xffff);
    cksum += (cksum >>16);

    return (USHORT)(~cksum);

int main()
    DEVS_INFO devsList[64];
    int nDevsNum = GetAllDevs( devsList );
    if ( nDevsNum < 1 )
        printf("Get adapter infomation failed!");
    int selIndex = 2;
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_t *handle = pcap_open_live(devsList[selIndex-1].szDevName, 65536, 1, 1000, errbuf );
    if ( NULL == handle ) return 0;


    TCP_HEADER tcpHeader;
    memset(&tcpHeader, 0, sizeof tcpHeader );
    *(unsigned short *)tcpHeader.srcPort = htons(9999);
    *(unsigned short *)tcpHeader.dstPort = htons(80);
    *(unsigned int *)tcpHeader.seqNumber = htonl(0xFFFF);
    *(unsigned int *)tcpHeader.ackNumber = htonl(0x00);
    tcpHeader.headLen = 5 << 4; 
    tcpHeader.contrl = 1 << 1;
    *(unsigned short *)tcpHeader.wndSize = htons(0xFFFF);

    PSDTCP_HEADER psdHeader;
    memset(&psdHeader, 0, sizeof psdHeader);
    *(unsigned int *)psdHeader.dstIpAddr = inet_addr("");
    *(unsigned int *)psdHeader.srcIpAddr = inet_addr("");
    psdHeader.protocol = 0x06;
    *(unsigned short *)psdHeader.tcpLen = htons(sizeof(TCP_HEADER));

    char data[] = "Hello world";
    byte psdPacket[1024];
    memset(psdPacket, 0, sizeof psdPacket);
    memcpy( psdPacket, &psdHeader, sizeof psdHeader );
    memcpy( psdPacket + sizeof psdHeader, &tcpHeader, sizeof tcpHeader );
    memcpy( psdPacket + sizeof psdHeader + sizeof tcpHeader, data, sizeof data );

    *(unsigned short *)tcpHeader.checkSum = CheckSum( (unsigned short*) psdPacket, sizeof psdHeader + sizeof tcpHeader );
    //*(unsigned short *)tcpHeader.checkSum = CheckSum( (unsigned short*) &tcpHeader, sizeof tcpHeader );

    IP_HEADER ipHeader;
    memset( &ipHeader, 0, sizeof ipHeader );
    unsigned char versionAndLen = 0x04;
    versionAndLen <<= 4;
    versionAndLen |= sizeof ipHeader / 4; //版本 + 头长度

    ipHeader.versionAndHeader = versionAndLen;
    *(unsigned short *)ipHeader.totalLen = htons( sizeof(IP_HEADER) + sizeof(TCP_HEADER) ); 

    ipHeader.ttl = 0xFF;
    ipHeader.hiProtovolType = 0x06;

    *(unsigned int *)(ipHeader.srcIpAddr) = inet_addr("");
    *(unsigned int *)(ipHeader.dstIpAddr) = inet_addr("");
    *(unsigned short *)(ipHeader.headerCheckSum) = CheckSum( (unsigned short *)&ipHeader, sizeof ipHeader );
    //byte mac[] = {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
    byte srcMac[] = {0x90, 0x2B, 0x34, 0x9A, 0xC2, 0xBB};
    byte dstMac[] = {0x00, 0x00, 0x5e, 0x00, 0x01, 0x48};

    ETHERNET_HEADER ethHeader;
    memset(&ethHeader, 0, sizeof ethHeader);
    memcpy(ethHeader.dstMacAddr, dstMac, 6);
    memcpy(ethHeader.srcMacAddr, srcMac, 6);
    *(unsigned short *)ethHeader.ethernetType = htons(0x0800);

    byte packet[1024];
    memset(packet, 0, sizeof packet);
    memcpy(packet, &ethHeader, sizeof ethHeader);
    memcpy(packet + sizeof ethHeader, &ipHeader, sizeof ipHeader);
    memcpy(packet + sizeof ethHeader + sizeof ipHeader, &tcpHeader, sizeof tcpHeader);
    memcpy(packet + sizeof ethHeader + sizeof ipHeader + sizeof tcpHeader, data, sizeof data );
    int size = sizeof ethHeader + sizeof ipHeader + sizeof tcpHeader;// + sizeof data;
    //while ( 1 )
        pcap_sendpacket(handle, packet, size );

    if ( NULL == handle )
        printf("\nUnable to open the adapter. %s is not supported by WinPcap\n");
        return 0;
    pcap_loop( handle, -1, HandlePacketCallBack, NULL );
    return 0;

2015-04-21 14:40


