troubleshooting Question

Can't capture my Spoofed SYN packet by ethereal...

Avatar of gotdough
gotdough asked on
11 Comments2 Solutions446 ViewsLast Modified:
Several days ago I wrote a spoofing SYN c++ program, I execute it on one PC, sending the spoofed syn to my own computer. But I can't see any SYN packets by running ethereal on my own computer. I captured only one IP(but protocol I set in the spoofed syn is TCP) packet, the info is: IPv6 hop-by-hop option(0x00) , and this IP packet used the real source ip, not the spoofed source ip I set in the program... I want to know if there is anything wrong with my program? Can anyone help me? Thanks in advance. Both computers' system are XP, and the program is the following:

int _tmain(int argc, _TCHAR* argv[])
                class SpoofSocket spoof_socket;

      WSADATA WSAData;
      int ret=WSAStartup(MAKEWORD(2,2),&WSAData);

      //Create Raw_Socket
      bool ip_hdrincl=true;
      int SendTimeOver=1000;

      SOCKET raw_sock=WSASocket(AF_INET,SOCK_RAW,IPPROTO_IP,NULL,0,WSA_FLAG_OVERLAPPED);                  
      setsockopt(raw_sock,IPPROTO_IP,IP_HDRINCL,(char *)&ip_hdrincl,sizeof(ip_hdrincl));      
      setsockopt(raw_sock,SOL_SOCKET,SO_SNDTIMEO,(char *)&SendTimeOver,sizeof(SendTimeOver));
      unsigned int s_ipAddress=inet_addr("");
      unsigned int d_ipAddress=inet_addr("");
      unsigned short s_port=2006;
      unsigned short d_port=8000;
      unsigned int seq=0x00000000;
      unsigned int ack=0x00000001;

      //Spoof buffer for sending
      int len=spoof_socket.tcp_head_len+spoof_socket.ip_head_len;
      SOCKADDR_IN addr_client1_in;
      int send_bytes=sendto(raw_sock,spoof_socket.SendBuffer,len,0,(struct sockaddr*)&addr_client1_in,sizeof(addr_client1_in));
      Console::WriteLine(S"Send one SYN+ACK success!!!");


      char i;
      return 0;

unsigned short SpoofSocket::checksum(unsigned short *buffer,int size){

      unsigned short cksum=0;
            size-=sizeof(unsigned short);
            cksum+=*(unsigned char*)buffer;
      cksum=(cksum>>16) + (cksum&0xffff);

      return cksum;


void SpoofSocket::SetIP_Head_Buffer(unsigned long SourceAddress,unsigned long DestAddress){

      //Set ip_header
      ip_header.h_lenver=(4<<4|sizeof(ip_header)/sizeof(unsigned int));
      ip_header.ttl=(unsigned char)GetTickCount()%87+123;

void SpoofSocket::SetTCP_Head_Buffer(unsigned short SourcePort,unsigned short DestPort,unsigned char flag,unsigned long seqNumber,unsigned long ackNumber){

      //Set tcp_Header
      tcp_header.th_flags=flag;//flag=2 is SYN; flag=16 is ACK; flag=12 is SYN_ACK

      //Set TCP psudHeader

      //Get header length

      send_buffer=new BYTE[psd_head_len+tcp_head_len];

      //Compute the Checksum value
      tcp_header.th_sum=checksum((unsigned short *)send_buffer,psd_head_len+tcp_head_len);

      send_buffer=new BYTE[tcp_head_len+ip_head_len];

      //put spoofed IP and TCP header into the SendBuffer
      ip_header.checksum=checksum((unsigned short *)send_buffer,ip_head_len+tcp_head_len);

      char SendBuffer[60]={0};

typedef struct ip_head{

      unsigned char h_lenver; //four bits for header length;four bits for IP version
      unsigned char tos;     //eight bits for Type of Service
      unsigned short total_len;// 16bits for total length
      unsigned short ident;
      unsigned short flags; //3flags
      unsigned char ttl;
      unsigned char proto;
      unsigned short checksum;
      unsigned int sourceIP; //32bits source IP
      unsigned int destIP;//32bits destination IP


typedef struct tcp_head{

      unsigned short th_sport;//16bits source port
      unsigned short th_dport;//16bits destination port
      unsigned int th_seq;//32bits sequence number
      unsigned int th_ack;//32bits confirmation number
      unsigned char th_lenres;//four bits for header length;four bits for restoring key words
      unsigned char th_flags;//6flags
      unsigned short th_win;//16bits windows size
      unsigned short th_sum;//16bits checksum
      unsigned short th_urp;//16bits urgent data offsets


//define TCP pseudHeader
typedef struct ts_head{

      unsigned long saddr;
      unsigned long daddr;
      char mbz;
      char ptcl;//protocol type
      unsigned short tcpl;//TCP length


class SpoofSocket {

      unsigned short checksum(unsigned short *,int);
      void SetIP_Head_Buffer(unsigned long SourceAddress,unsigned long DestAddress);
      void SetTCP_Head_Buffer(unsigned short SourcePort,unsigned short DestPort,unsigned char flag,unsigned long seqNumber,unsigned long ackNumber);
      unsigned short psd_sport;
      bool result;
      char SendBuffer[60];
      BYTE * send_buffer;
      int psd_head_len;
      int tcp_head_len;
      int ip_head_len;

      TCPHEADER tcp_header;
      PSDHEADER psd_header;
      IPHEADER ip_header;      
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 2 Answers and 11 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 11 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros