前言: 说是小记,当然文章很短啦。 你应当熟悉的工具是winpcap
前几日,偶尔在看网络的书,好奇的用winpcap去构造了一个假冒的ping,就是icmp包拉。满心欢喜等着那台电脑上当,哪里知道,他连屁都没放一个。(事实上,那个家伙还是有反应的,容我稍候叙述) 要知道,如果我在cmd中ping的话,他可是老老实实的回话哦。
一些参数:
我的ip: 172.16.99.3 我把我的ip改成了 172.16.99.2 (有人说,为什么不改mac,其实是自便的啦。)
那个家伙的ip: 172.16.0.100
部分程式:
BYTE packet[100];
memset( packet,0, sizeof(packet) );
P_MAC_HEADER pMacHdr = (P_MAC_HEADER)(BYTE*)packet;
pMacHdr->type = 0x0008;//IP PACKET
pMacHdr->dmac[0] = 0x00;
pMacHdr->dmac[1] = 0x27;
pMacHdr->dmac[2] = 0x4;
pMacHdr->dmac[3] = 0x22;
pMacHdr->dmac[4] = 0x64;
pMacHdr->dmac[5] = 0xe;
pMacHdr->smac[0] = 0x00;
pMacHdr->smac[1] = 0x04;
pMacHdr->smac[2] = 0x90;
pMacHdr->smac[3] = 0x46;
pMacHdr->smac[4] = 0x21;
pMacHdr->smac[5] = 0xbe;
P_IP_HEADER pIpHdr = (P_IP_HEADER)((BYTE*)(packet)+sizeof(MAC_HEADER));
pIpHdr->crc = 0;
pIpHdr->daddr.byte1 = 172;
pIpHdr->daddr.byte2 = 16;
pIpHdr->daddr.byte3 = 0;
pIpHdr->daddr.byte4 = 100;
pIpHdr->saddr.byte1 = 172;
pIpHdr->saddr.byte2 = 16;
pIpHdr->saddr.byte3 = 99;
pIpHdr->saddr.byte4 = 2;
pIpHdr->flags_fo = 0;
pIpHdr->identification = 0x3456;
pIpHdr->proto = IPPROTO_ICMP;
pIpHdr->tlen = htons(60);//htons(sizeof(IP_HEADER)+sizeof(ICMP_HEADER));
pIpHdr->tos = 0;
pIpHdr->ttl = 128;
pIpHdr->ver_ihl = (4<<4) | ( sizeof(IP_HEADER)/sizeof(DWORD) );
P_ICMP_HEADER pIcmpHdr = (P_ICMP_HEADER)((BYTE*)(pIpHdr)+sizeof(IP_HEADER));
pIcmpHdr->type = ICMP_PING_REQUEST;
pIcmpHdr->operation = 0;
pIcmpHdr->ping.spec = 0x2;
pIcmpHdr->ping.seq = 0x8;
pIcmpHdr->crc = 0;
pIpHdr->crc = CalculateCRC( (BYTE*)pIpHdr, (pIpHdr->ver_ihl&0xF)*4 );
pIcmpHdr->crc = CalculateCRC( (BYTE*)pIcmpHdr, sizeof(ICMP_HEADER) );
packetSize = 60+14;
if( pcap_sendpacket( adapterHandle, packet, packetSize ) != 0 )
{
fprintf(stderr,"\nError sending the packet: \n", pcap_geterr(adapterHandle));
return 0;
}
本文地址:http://com.8s8s.com/it/it22981.htm