Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 702
  • Last Modified:

raw packet syn

I would like to know how I can send a raw packet syn to a machine on my network. I'm using delphi 6 enterprise edition. And show me an example please, the ip that I want to send a syn raw packet is . Thanks, Alexandre Santos.
  • 4
  • 3
1 Solution
Hi, I found this somewhere on the internet, this should help you, yet you have to modify it a bit.

How can I send raw IP Packets?
This example just showes how to send an UDP packet with customized (spoofed) source ip+port. You could
design your own protocol, SYN Floods, or whatever.  

 Raw Packet Sender
 using: Delphi + Winsock 2

 Copyright (c) 2000 by E.J.Molendijk (


 Using raw sockets you can send packets over the (inter)net
 containing whatever you like.  This gives you the possiblity
 to design your own protocol. Though receiving might be a bit
 more difficult. Wanne-be hackers might use it to create a
 SYN flooder. And IP spoofing is also prety easy.

 Keep in mind:

 1. I think this source only works under Window 2000.

 2. You must be Administrator to run this.

 3. This unit requires a form containing a button and a memo.

 Mail me at if you create something using this
 example! I'm always interested in Delphi source of this kind.

 Before you run your program, you must change the SrcIP+SrcPort+
 DestIP+DestPort to suitable values!
 If you don't understand what this source does: Don't run it.
unit main;


 Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
 StdCtrls, OleCtrls, Registry;

 SrcIP       = '';
 SrcPort     = 1234;
 DestIP      = '';
 DestPort    = 4321;

 Max_Message = 4068;
 Max_Packet  = 4096;


 TPacketBuffer = Array[0..Max_Packet-1] of byte;

 TForm1 = class(TForm)
   Button1: TButton;
   Memo1: TMemo;
   procedure Button1Click(Sender: TObject);
   { Private declarations }
   { Public declarations }
   procedure SendIt;

// IP Header
 T_IP_Header = record
   ip_verlen       : Byte;
   ip_tos          : Byte;
   ip_totallength  : Word;
   ip_id           : Word;
   ip_offset       : Word;
   ip_ttl          : Byte;
   ip_protocol     : Byte;
   ip_checksum     : Word;
   ip_srcaddr      : LongWord;
   ip_destaddr     : LongWord;

// UDP Header
 T_UDP_Header = record
   src_portno    : Word;
   dst_portno    : Word;
   udp_length    : Word;
   udp_checksum  : Word;

// Some Winsock 2 type declarations
 u_char  = Char;
 u_short = Word;
 u_int   = Integer;
 u_long  = Longint;

 SunB = packed record
   s_b1, s_b2, s_b3, s_b4: u_char;
 SunW = packed record
   s_w1, s_w2: u_short;
 in_addr = record
   case integer of
     0: (S_un_b: SunB);
     1: (S_un_w: SunW);
     2: (S_addr: u_long);
 TInAddr = in_addr;
 Sockaddr_in = record
   case Integer of
     0: (sin_family: u_short;
         sin_port: u_short;
         sin_addr: TInAddr;
         sin_zero: array[0..7] of Char);
     1: (sa_family: u_short;
         sa_data: array[0..13] of Char)
 TSockAddr = Sockaddr_in;
 TSocket = u_int;

 WSASYS_STATUS_LEN      =   128;

 PWSAData = ^TWSAData;
 WSAData = record // !!! also WSDATA
   wVersion: Word;
   wHighVersion: Word;
   szDescription: array[0..WSADESCRIPTION_LEN] of Char;
   szSystemStatus: array[0..WSASYS_STATUS_LEN] of Char;
   iMaxSockets: Word;
   iMaxUdpDg: Word;
   lpVendorInfo: PChar;
 TWSAData = WSAData;

// Define some winsock 2 functions
function closesocket(s: TSocket): Integer; stdcall;
function socket(af, Struct, protocol: Integer): TSocket; stdcall;
function sendto(s: TSocket; var Buf; len, flags: Integer; var addrto: TSockAddr;
 tolen: Integer): Integer; stdcall;{}
function setsockopt(s: TSocket; level, optname: Integer; optval: PChar;
 optlen: Integer): Integer; stdcall;
function inet_addr(cp: PChar): u_long; stdcall; {PInAddr;}  { TInAddr }
function htons(hostshort: u_short): u_short; stdcall;
function WSAGetLastError: Integer; stdcall;
function WSAStartup(wVersionRequired: word; var WSData: TWSAData): Integer; stdcall;
function WSACleanup: Integer; stdcall;

 AF_INET         = 2;               // internetwork: UDP, TCP, etc.

 IP_HDRINCL      = 2;               // IP Header Include

 SOCK_RAW        = 3;               // raw-protocol interface

 IPPROTO_IP      = 0;               // dummy for IP
 IPPROTO_TCP     = 6;               // tcp
 IPPROTO_UDP     = 17;              // user datagram protocol
 IPPROTO_RAW     = 255;             // raw IP packet

 SOCKET_ERROR                  = -1;

 Form1: TForm1;


// Import Winsock 2 functions
const WinSocket = 'WS2_32.DLL';

function closesocket;       external    winsocket name 'closesocket';
function socket;            external    winsocket name 'socket';
function sendto;            external    winsocket name 'sendto';
function setsockopt;        external    winsocket name 'setsockopt';
function inet_addr;         external    winsocket name 'inet_addr';
function htons;             external    winsocket name 'htons';
function WSAGetLastError;   external    winsocket name 'WSAGetLastError';
function WSAStartup;        external    winsocket name 'WSAStartup';
function WSACleanup;        external    winsocket name 'WSACleanup';

{$R *.DFM}

// Function: checksum
// Description:
//    This function calculates the 16-bit one's complement sum
//    for the supplied buffer
function CheckSum(Var Buffer; Size : integer) : Word;
 TWordArray = Array[0..1] of Word;
 ChkSum : LongWord;
 i      : Integer;
 ChkSum := 0;
 i := 0;
 While Size > 1 do begin
   ChkSum := ChkSum + TWordArray(Buffer)[i];
   Size := Size - SizeOf(Word);

 if Size=1 then ChkSum := ChkSum + Byte(TWordArray(Buffer)[i]);

 ChkSum := (ChkSum shr 16) + (ChkSum and $FFFF);
 ChkSum := ChkSum + (Chksum shr 16);

 Result := Word(ChkSum);

procedure BuildHeaders(
 FromIP      : String;
 iFromPort   : Word;
 ToIP        : String;
 iToPort     : Word;
 StrMessage  : String;
 Var Buf         : TPacketBuffer;
 Var remote      : TSockAddr;
 Var iTotalSize  : Word
 dwFromIP    : LongWord;
 dwToIP      : LongWord;

 iIPVersion  : Word;
 iIPSize     : Word;
 ipHdr       : T_IP_Header;
 udpHdr      : T_UDP_Header;

 iUdpSize    : Word;
 iUdpChecksumSize : Word;
 cksum       : Word;

 Ptr         : ^Byte;

 procedure IncPtr(Value : Integer);
   ptr := pointer(integer(ptr) + Value);

  // Convert ip address'ss

  dwFromIP    := inet_Addr(PChar(FromIP));
  dwToIP      := inet_Addr(PChar(ToIP));

   // Initalize the IP header
   iTotalSize := sizeof(ipHdr) + sizeof(udpHdr) + length(strMessage);

   iIPVersion := 4;
   iIPSize := sizeof(ipHdr) div sizeof(LongWord);
   // IP version goes in the high order 4 bits of ip_verlen. The
   // IP header length (in 32-bit words) goes in the lower 4 bits.
   ipHdr.ip_verlen := (iIPVersion shl 4) or iIPSize;
   ipHdr.ip_tos := 0;                         // IP type of service
   ipHdr.ip_totallength := htons(iTotalSize); // Total packet len
   ipHdr.ip_id := 0;                 // Unique identifier: set to 0
   ipHdr.ip_offset := 0;             // Fragment offset field
   ipHdr.ip_ttl := 128;              // Time to live
   ipHdr.ip_protocol := $11;         // Protocol(UDP)
   ipHdr.ip_checksum := 0 ;          // IP checksum
   ipHdr.ip_srcaddr := dwFromIP;     // Source address
   ipHdr.ip_destaddr := dwToIP;      // Destination address
   // Initalize the UDP header
   iUdpSize := sizeof(udpHdr) + length(strMessage);

   udpHdr.src_portno := htons(iFromPort) ;
   udpHdr.dst_portno := htons(iToPort) ;
   udpHdr.udp_length := htons(iUdpSize) ;
   udpHdr.udp_checksum := 0 ;
   // Build the UDP pseudo-header for calculating the UDP checksum.
   // The pseudo-header consists of the 32-bit source IP address,
   // the 32-bit destination IP address, a zero byte, the 8-bit
   // IP protocol field, the 16-bit UDP length, and the UDP
   // header itself along with its data (padded with a 0 if
   // the data is odd length).
   iUdpChecksumSize := 0;

   ptr := @buf[0];
   FillChar(Buf, SizeOf(Buf), 0);

   Move(ipHdr.ip_srcaddr, ptr^, SizeOf(ipHdr.ip_srcaddr));

   iUdpChecksumSize := iUdpChecksumSize + sizeof(ipHdr.ip_srcaddr);

   Move(ipHdr.ip_destaddr, ptr^, SizeOf(ipHdr.ip_destaddr));

   iUdpChecksumSize := iUdpChecksumSize + sizeof(ipHdr.ip_destaddr);



   Move(ipHdr.ip_protocol, ptr^, sizeof(ipHdr.ip_protocol));
   iUdpChecksumSize := iUdpChecksumSize + sizeof(ipHdr.ip_protocol);

   Move(udpHdr.udp_length, ptr^, sizeof(udpHdr.udp_length));
   iUdpChecksumSize := iUdpChecksumSize + sizeof(udpHdr.udp_length);

   move(udpHdr, ptr^, sizeof(udpHdr));
   iUdpChecksumSize := iUdpCheckSumSize + sizeof(udpHdr);

   Move(StrMessage[1], ptr^, Length(strMessage));

   iUdpChecksumSize := iUdpChecksumSize + length(strMessage);

   cksum := checksum(buf, iUdpChecksumSize);
   udpHdr.udp_checksum := cksum;

   // Now assemble the IP and UDP headers along with the data
   //  so we can send it
   FillChar(Buf, SizeOf(Buf), 0);
   Ptr := @Buf[0];

   Move(ipHdr, ptr^, SizeOf(ipHdr));      IncPtr(SizeOf(ipHdr));
   Move(udpHdr, ptr^, SizeOf(udpHdr));    IncPtr(SizeOf(udpHdr));
   Move(StrMessage[1], ptr^, length(StrMessage));

   // Apparently, this SOCKADDR_IN structure makes no difference.
   // Whatever we put as the destination IP addr in the IP header
   // is what goes. Specifying a different destination in remote
   // will be ignored.
   remote.sin_family := AF_INET;
   remote.sin_port := htons(iToPort);
   remote.sin_addr.s_addr := dwToIP;

procedure TForm1.SendIt;
 sh          : TSocket;
 bOpt        : Integer;
 ret         : Integer;
 Buf         : TPacketBuffer;
 Remote      : TSockAddr;
 Local       : TSockAddr;
 iTotalSize  : Word;
 wsdata      : TWSAdata;

 // Startup Winsock 2
 ret := WSAStartup($0002, wsdata);
 if ret<>0 then begin
   memo1.lines.add('WSA Startup failed.');
 with memo1.lines do begin
   add('WSA Startup:');
   add('Desc.:  '+wsData.szDescription);
   add('Status: '+wsData.szSystemStatus);

   // Create socket
   sh := Socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
   if (sh = INVALID_SOCKET) then begin
     memo1.lines.add('Socket() failed: '+IntToStr(WSAGetLastError));
   Memo1.lines.add('Socket Handle = '+IntToStr(sh));

   // Option: Header Include
   bOpt := 1;
   ret := SetSockOpt(sh, IPPROTO_IP, IP_HDRINCL, @bOpt, SizeOf(bOpt));
   if ret = SOCKET_ERROR then begin
     Memo1.lines.add('setsockopt(IP_HDRINCL) failed: '+IntToStr(WSAGetLastError));

   // Build the packet
   BuildHeaders( SrcIP,  SrcPort,
                 DestIP, DestPort,
                 'THIS IS A TEST PACKET',
                 Buf, Remote, iTotalSize );

   // Send the packet
   ret := SendTo(sh, buf, iTotalSize, 0, Remote, SizeOf(Remote));
   if ret = SOCKET_ERROR then
     Memo1.Lines.Add('sendto() failed: '+IntToStr(WSAGetLastError))
     Memo1.Lines.Add('send '+IntToStr(ret)+' bytes.');

   // Close socket
   // Close Winsock 2

procedure TForm1.Button1Click(Sender: TObject);

alsantosAuthor Commented:
Please, if possible, send me an example of syn flood.

Alexandre Santos
i'm not going to make an example.. :p

tcp is a protocol that uses a 3 messages to connect. the syn flood means that you don't send your last message. that's it. Read about it somewhere.. or buy yourself a book.

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

alsantosAuthor Commented:
why you can't make an example? :P tell me any site where I can read informations about raw packet syn. :)

look at:

this one should help you further.
still alive??? are you gonna grade this one?
alsantosAuthor Commented:
yes... do you know the answer?
Force Accepted

Community Support Moderator @Experts Exchange
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now