Several days ago I wrote a spoofing SYN c++ program, I execute it on one PC, sending the spoofed syn to my own computer. But I can't see any SYN packets by running ethereal on my own computer. I captured only one IP(but protocol I set in the spoofed syn is TCP) packet, the info is: IPv6 hop-by-hop option(0x00) , and this IP packet used the real source ip, not the spoofed source ip I set in the program... I want to know if there is anything wrong with my program? Can anyone help me? Thanks in advance. Both computers' system are XP, and the program is the following:
int _tmain(int argc, _TCHAR* argv[])
{
class SpoofSocket spoof_socket;
WSADATA WSAData;
int ret=WSAStartup(MAKEWORD(2,
//Create Raw_Socket
bool ip_hdrincl=true;
int SendTimeOver=1000;
SOCKET raw_sock=WSASocket(AF_INET
setsockopt(raw_sock,IPPROT
setsockopt(raw_sock,SOL_SO
unsigned int s_ipAddress=inet_addr("192
unsigned int d_ipAddress=inet_addr("192
unsigned short s_port=2006;
unsigned short d_port=8000;
unsigned int seq=0x00000000;
unsigned int ack=0x00000001;
//Spoof buffer for sending
spoof_socket.SetIP_Head_Bu
spoof_socket.SetTCP_Head_B
int len=spoof_socket.tcp_head_
SOCKADDR_IN addr_client1_in;
addr_client1_in.sin_family
addr_client1_in.sin_port=h
addr_client1_in.sin_addr.S
int send_bytes=sendto(raw_sock
Console::WriteLine(S"Send one SYN+ACK success!!!");
closesocket(raw_sock);
WSACleanup();
char i;
cin>>i;
return 0;
}
spoofsocket.cpp:
unsigned short SpoofSocket::checksum(unsi
unsigned short cksum=0;
while(size>1)
{
cksum+=*buffer++;
size-=sizeof(unsigned short);
}
if(size)
{
cksum+=*(unsigned char*)buffer;
}
cksum=(cksum>>16) + (cksum&0xffff);
cksum+=(cksum>>16);
return cksum;
};
void SpoofSocket::SetIP_Head_Bu
//Set ip_header
ip_header.h_lenver=(4<<4|s
ip_header.tos=0;
ip_header.total_len=htons(
ip_header.ident=1;
ip_header.flags=0;
ip_header.ttl=(unsigned char)GetTickCount()%87+123
ip_header.proto=IPPROTO_TC
ip_header.checksum=0;
ip_header.sourceIP=SourceA
ip_header.destIP=DestAddre
};
void SpoofSocket::SetTCP_Head_B
//Set tcp_Header
tcp_header.th_dport=htons(
tcp_header.th_sport=htons(
tcp_header.th_seq=htonl(se
tcp_header.th_ack=htonl(ac
tcp_header.th_lenres=(size
tcp_header.th_flags=flag;/
tcp_header.th_win=htons(51
tcp_header.th_urp=0;
tcp_header.th_sum=0;
//Set TCP psudHeader
psd_header.saddr=ip_header
psd_header.daddr=ip_header
psd_header.mbz=0;
psd_header.ptcl=IPPROTO_TC
psd_header.tcpl=htons(size
//Get header length
psd_head_len=sizeof(psd_he
tcp_head_len=sizeof(tcp_he
ip_head_len=sizeof(ip_head
send_buffer=new BYTE[psd_head_len+tcp_head
//Compute the Checksum value
memset(send_buffer,0,psd_h
memcpy(send_buffer,&psd_he
memcpy(send_buffer+psd_hea
tcp_header.th_sum=checksum
send_buffer=new BYTE[tcp_head_len+ip_head_
//put spoofed IP and TCP header into the SendBuffer
memset(send_buffer,0,tcp_h
memcpy(send_buffer,&ip_hea
memcpy(send_buffer+ip_head
ip_header.checksum=checksu
memset(send_buffer,0,tcp_h
memcpy(send_buffer,&ip_hea
memcpy(send_buffer+ip_head
char SendBuffer[60]={0};
memcpy(SendBuffer,send_buf
};
spoofsocket.h
typedef struct ip_head{
unsigned char h_lenver; //four bits for header length;four bits for IP version
unsigned char tos; //eight bits for Type of Service
unsigned short total_len;// 16bits for total length
unsigned short ident;
unsigned short flags; //3flags
unsigned char ttl;
unsigned char proto;
unsigned short checksum;
unsigned int sourceIP; //32bits source IP
unsigned int destIP;//32bits destination IP
}IPHEADER;
typedef struct tcp_head{
unsigned short th_sport;//16bits source port
unsigned short th_dport;//16bits destination port
unsigned int th_seq;//32bits sequence number
unsigned int th_ack;//32bits confirmation number
unsigned char th_lenres;//four bits for header length;four bits for restoring key words
unsigned char th_flags;//6flags
unsigned short th_win;//16bits windows size
unsigned short th_sum;//16bits checksum
unsigned short th_urp;//16bits urgent data offsets
}TCPHEADER;
//define TCP pseudHeader
typedef struct ts_head{
unsigned long saddr;
unsigned long daddr;
char mbz;
char ptcl;//protocol type
unsigned short tcpl;//TCP length
}PSDHEADER;
class SpoofSocket {
public:
SpoofSocket(){};
~SpoofSocket(){};
unsigned short checksum(unsigned short *,int);
void SetIP_Head_Buffer(unsigned
void SetTCP_Head_Buffer(unsigne
unsigned short psd_sport;
bool result;
char SendBuffer[60];
BYTE * send_buffer;
int psd_head_len;
int tcp_head_len;
int ip_head_len;
TCPHEADER tcp_header;
PSDHEADER psd_header;
IPHEADER ip_header;
};
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
This usually means the packet has a bad checksum so everybody ignores it.
Can you set etherreal to accept "bad" packets too?
another possibility-- if your PC's are hooked together by something other than a really dumb hub, that little box may be tossing out packets that are obviously faked. have you been able to make a good unspoofed packet and receive it on the other PC? I'd try that first.
>>>> Any firewall software anywhere?
With XP SP 2 you got a firewall that would prevent packages from passing. You would need to switch off the firewall (you can do that if your internet connection does *not* use the same LAN and C-Net 192.168.0) or configure the firewall to open ports 2006 and 8000.
Regards, Alex
>>>> but why I captured a packet from the sending-spoofed-packet machine?
Maybe you should explain your configuration a little more in detail. Actually, I don't know what a sending-spoofed-packet machine is and what might be different to the machine where it doesn't work. What's about your XP firewalls? Are they on or off?
Your router or XP's routers and firewalls may be blocking spoofed packets.
Routers and firewalls are smart enough to notice that a particular hardware address that has been saying it's 192.168.8.2 for the last 343,432 packets, is now claiming to be 33.55.66.77. Of course that is impossible. So the packet gets dropped.
You need a dumb HUB, one that doesnt inspect each packet. They're available on eBay for $0.99 to $4.99 usually.
Business Accounts
Answer for Membership
by: itsmeandnobodyelsePosted on 2006-02-13 at 08:46:11ID: 15942718
Did you check WSAGetLastError() after sendto has failed?
send_bytes has a value of -1 if sendto failed.
Regards, Alex