当前位置: 技术问答>linux和unix
LINUX下TCP SYN(半连接)的扫描程序如何实现?请给出源码!100期待
来源: 互联网 发布时间:2014-11-22
本文导语: TCP SYN(半连接)的扫描程序如何实现?请给出源码! 关于工作原理,我已明白,希望给出源码,C语言版。 | 在Linux 上编译通过 /* *编译是这样的 *gcc -o synscan synscan.c -lpthread *by...
TCP SYN(半连接)的扫描程序如何实现?请给出源码!
关于工作原理,我已明白,希望给出源码,C语言版。
关于工作原理,我已明白,希望给出源码,C语言版。
|
在Linux 上编译通过
/*
*编译是这样的
*gcc -o synscan synscan.c -lpthread
*by sztcww
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define SEQ 12345
#define TCPSIZE sizeof(struct tcphdr)
int sendSyn(int sockfd,u_long sourceIP,u_short sourcePort,u_long seqNum,struct sockaddr_in * dst);
void * recv_packet(void * arg);
struct sockaddr_in dest;
int fd;
struct tcphdr * tcp;
u_short sourcePort=1234;
struct servent * sptr;
int startip,hostsums,port;
unsigned short in_cksum(unsigned short * addr,int len)
{/*计算较验和的*/
int nleft=len;
int sum=0;
unsigned short * w=addr;
unsigned short answer=0;
while (nleft>1)
{
sum+=*w++;
nleft-=2;
}
if (nleft==1)
{
*(unsigned char *)(&answer)=*(unsigned char *)w;
sum+=answer;
}
sum=(sum>>16)+(sum & 0xffff);
sum+=(sum>>16);
answer=~sum;
return(answer);
}
void Alarm(int sig)
{
kill(0,SIGHUP);
}
int main(int argc,char **argv)
{
int j;
struct hostent * phe;
pthread_t tid;
struct ifreq if_data;
u_long addr_p;
char * addr;
if (argc!=4)
printf("Usage: %s n",argv[0]),exit(1);
port=atoi(argv[1]);
hostsums=atoi(argv[3]);
if ((fd=socket(AF_INET,SOCK_RAW,IPPROTO_TCP))h_length);
else if (inet_aton(argv[2],&dest.sin_addr)ack && tcp->syn)
{/*这些已经没有什么了,就是系统调用*/
in1=(struct sockaddr_in *)&from;;
srcaddr=inet_ntoa(in1->sin_addr);
printf("SERVER: %s ",srcaddr);
if ((sptr=getservbyport(tcp->source,"tcp"))!=NULL)
{ printf("[32mPort:%5d [31mServer: %s[37mn",ntohs(tcp->source),sptr->s_name);
}
else
printf("[32mPort:%5d [37mn",ntohs(tcp->source));
fflush(stdout);
all++;
continue;
}
}/* end for */
}
int sendSyn(int sendSocket,u_long sourceIP,u_short sourcePort,u_long seq,struct sockaddr_in * dst)
{
unsigned char netPacket[TCPSIZE];
struct tcphdr * tcp;
u_char * pPseudoHead;
u_char pseudoHead[12+sizeof(struct tcphdr)];
u_short tcpHeadLen;
memset(netPacket,0,TCPSIZE);
tcpHeadLen=htons(sizeof(struct tcphdr));
tcp=(struct tcphdr *)netPacket;
tcp->source=htons(sourcePort);
tcp->dest=dst->sin_port;
tcp->seq=htonl(seq);
tcp->ack_seq=0;
tcp->doff=5;
tcp->syn=1; /*Syn的标志*/
tcp->window=htons(10052);
tcp->check=0;
tcp->urg_ptr=0;
pPseudoHead=pseudoHead;
memset(pPseudoHead,0,12+sizeof(struct tcphdr));
memcpy(pPseudoHead,&sourceIP,4);
pPseudoHead+=4;
memcpy(pPseudoHead,&dest.sin_addr,4);
pPseudoHead+=5;
memset(pPseudoHead,6,1);
pPseudoHead++;
memcpy(pPseudoHead,&tcpHeadLen,2);
pPseudoHead+=2;
memcpy(pPseudoHead,tcp,sizeof(struct tcphdr));
tcp->check=in_cksum((u_short *)pseudoHead,sizeof(struct tcphdr)+12);
return (sendto(sendSocket,netPacket,TCPSIZE,0,(struct sockaddr*)dst,sizeof(struct sockaddr_in)));
}
/*
*编译是这样的
*gcc -o synscan synscan.c -lpthread
*by sztcww
*/
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define SEQ 12345
#define TCPSIZE sizeof(struct tcphdr)
int sendSyn(int sockfd,u_long sourceIP,u_short sourcePort,u_long seqNum,struct sockaddr_in * dst);
void * recv_packet(void * arg);
struct sockaddr_in dest;
int fd;
struct tcphdr * tcp;
u_short sourcePort=1234;
struct servent * sptr;
int startip,hostsums,port;
unsigned short in_cksum(unsigned short * addr,int len)
{/*计算较验和的*/
int nleft=len;
int sum=0;
unsigned short * w=addr;
unsigned short answer=0;
while (nleft>1)
{
sum+=*w++;
nleft-=2;
}
if (nleft==1)
{
*(unsigned char *)(&answer)=*(unsigned char *)w;
sum+=answer;
}
sum=(sum>>16)+(sum & 0xffff);
sum+=(sum>>16);
answer=~sum;
return(answer);
}
void Alarm(int sig)
{
kill(0,SIGHUP);
}
int main(int argc,char **argv)
{
int j;
struct hostent * phe;
pthread_t tid;
struct ifreq if_data;
u_long addr_p;
char * addr;
if (argc!=4)
printf("Usage: %s n",argv[0]),exit(1);
port=atoi(argv[1]);
hostsums=atoi(argv[3]);
if ((fd=socket(AF_INET,SOCK_RAW,IPPROTO_TCP))h_length);
else if (inet_aton(argv[2],&dest.sin_addr)ack && tcp->syn)
{/*这些已经没有什么了,就是系统调用*/
in1=(struct sockaddr_in *)&from;;
srcaddr=inet_ntoa(in1->sin_addr);
printf("SERVER: %s ",srcaddr);
if ((sptr=getservbyport(tcp->source,"tcp"))!=NULL)
{ printf("[32mPort:%5d [31mServer: %s[37mn",ntohs(tcp->source),sptr->s_name);
}
else
printf("[32mPort:%5d [37mn",ntohs(tcp->source));
fflush(stdout);
all++;
continue;
}
}/* end for */
}
int sendSyn(int sendSocket,u_long sourceIP,u_short sourcePort,u_long seq,struct sockaddr_in * dst)
{
unsigned char netPacket[TCPSIZE];
struct tcphdr * tcp;
u_char * pPseudoHead;
u_char pseudoHead[12+sizeof(struct tcphdr)];
u_short tcpHeadLen;
memset(netPacket,0,TCPSIZE);
tcpHeadLen=htons(sizeof(struct tcphdr));
tcp=(struct tcphdr *)netPacket;
tcp->source=htons(sourcePort);
tcp->dest=dst->sin_port;
tcp->seq=htonl(seq);
tcp->ack_seq=0;
tcp->doff=5;
tcp->syn=1; /*Syn的标志*/
tcp->window=htons(10052);
tcp->check=0;
tcp->urg_ptr=0;
pPseudoHead=pseudoHead;
memset(pPseudoHead,0,12+sizeof(struct tcphdr));
memcpy(pPseudoHead,&sourceIP,4);
pPseudoHead+=4;
memcpy(pPseudoHead,&dest.sin_addr,4);
pPseudoHead+=5;
memset(pPseudoHead,6,1);
pPseudoHead++;
memcpy(pPseudoHead,&tcpHeadLen,2);
pPseudoHead+=2;
memcpy(pPseudoHead,tcp,sizeof(struct tcphdr));
tcp->check=in_cksum((u_short *)pseudoHead,sizeof(struct tcphdr)+12);
return (sendto(sendSocket,netPacket,TCPSIZE,0,(struct sockaddr*)dst,sizeof(struct sockaddr_in)));
}
|
我想起来了。以前有一本书叫《黑客就这么几招》里讲了SYN扫描的基本原理。还带了一个小的程序。你可以找来看看。我的那本丢了。