18,356
社区成员
发帖
与我相关
我的任务
分享libnet模拟TCP三次握手的问题(急)
请教各位高手:
使用WinPcap和Libnet编程,使用Libnet发送TCP数据包,使用WinPcap监视收到的数据,现在遇到的问题是:
第一个TCP SYN(seq=1000)包送出去后,能获得服务器端的SYN(seq=2000)&ACK(ack=1001)回应包,接着发送ACK(seq=1001;ack=2001)包和HTTP请求ACK&PUSH(seq=1001;ack=2001)包后,
出现情况:1.服务器端无任何响应;
2.服务器端重发SYN(seq=2000)&ACK(ack=1001)回应包;
我通过Analyser分析了我用Libnet发送的数据包和用socket发送的数据包,发现两者除了seq和ack、checksum变化外,其他都是一样的,另外我自己收到握手回应包后发送第三次握手消息包的时间间隔比用socket的要稍微长一点,但整个过程也控制在几十毫秒以内,应该不会是超时的原因吧?
请各位高手帮忙分析一下,跪谢 orz
使用WinPcap和Libnet编程,使用Libnet发送TCP数据包,使用WinPcap监视收到的数据,现在遇到的问题是:
第一个TCP SYN(seq=1000)包送出去后,能获得服务器端的SYN(seq=2000)&ACK(ack=1001)回应包,接着发送ACK(seq=1001;ack=2001)包和HTTP请求ACK&PUSH(seq=1001;ack=2001)包后,
出现情况:1.服务器端无任何响应;
2.服务器端重发SYN(seq=2000)&ACK(ack=1001)回应包;
我通过Analyser分析了我用Libnet发送的数据包和用socket发送的数据包,发现两者除了seq和ack、checksum变化外,其他都是一样的,另外我自己收到握手回应包后发送第三次握手消息包的时间间隔比用socket的要稍微长一点,但整个过程也控制在几十毫秒以内,应该不会是超时的原因吧?
请各位高手帮忙分析一下,跪谢 orz
...全文
请发表友善的回复…
发表回复
zouqiang122 2006-12-17
- 打赏
- 举报
好象第三次握手有点问题,不过我还没有看明白,加一些注释~~~
encyc 2006-12-17
- 打赏
- 举报
查明白了,是防火墙阻止了端口,而window自动发出了RST。唉!
结帖,给分
结帖,给分
encyc 2006-12-13
- 打赏
- 举报
if (l == NULL)
{
TRACE("libnet_init() failed: %s", m_szErrBuf);
return FALSE;
}
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
m_seq, /* sequence number */
m_ack, /* acknowledgement num */
TH_ACK|TH_PUSH, /* control flags */
65535, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + payload_s, /* TCP packet size */
(u_char*)payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H+payload_s, /* length */
0, /* TOS */
m_id+1, /* IP ID */
0x4000, /* IP Frag */
128, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
libnet_cq_add(l, "http request");
/*
* send acknowledgement packet
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
m_szInterface, /* network interface */
m_szErrBuf); /* error buffer */
if (l == NULL)
{
TRACE("libnet_init() failed: %s", m_szErrBuf);
return FALSE;
}
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
m_seq, /* sequence number */
m_ack, /* acknowledgement num */
TH_ACK, /* control flags */
65535, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H, /* length */
0, /* TOS */
m_id+1, /* IP ID */
0x4000, /* IP Frag */
128, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
libnet_cq_add(l, "tcp acknowledgement");
/*
* Write it to the wire.
*/
for(l=libnet_cq_head(); libnet_cq_last(); l=libnet_cq_next())
{
dwCount = libnet_write(l);
if (dwCount == SOCKET_ERROR)
{
TRACE("Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
TRACE("Wrote %d byte TCP packet; check the wire.\n", dwCount);
}
}
libnet_cq_destroy();
bad:
libnet_destroy(l);
return FALSE;
}
{
TRACE("libnet_init() failed: %s", m_szErrBuf);
return FALSE;
}
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
m_seq, /* sequence number */
m_ack, /* acknowledgement num */
TH_ACK|TH_PUSH, /* control flags */
65535, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H + payload_s, /* TCP packet size */
(u_char*)payload, /* payload */
payload_s, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H+payload_s, /* length */
0, /* TOS */
m_id+1, /* IP ID */
0x4000, /* IP Frag */
128, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
libnet_cq_add(l, "http request");
/*
* send acknowledgement packet
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
m_szInterface, /* network interface */
m_szErrBuf); /* error buffer */
if (l == NULL)
{
TRACE("libnet_init() failed: %s", m_szErrBuf);
return FALSE;
}
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
m_seq, /* sequence number */
m_ack, /* acknowledgement num */
TH_ACK, /* control flags */
65535, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H, /* length */
0, /* TOS */
m_id+1, /* IP ID */
0x4000, /* IP Frag */
128, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
libnet_cq_add(l, "tcp acknowledgement");
/*
* Write it to the wire.
*/
for(l=libnet_cq_head(); libnet_cq_last(); l=libnet_cq_next())
{
dwCount = libnet_write(l);
if (dwCount == SOCKET_ERROR)
{
TRACE("Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
TRACE("Wrote %d byte TCP packet; check the wire.\n", dwCount);
}
}
libnet_cq_destroy();
bad:
libnet_destroy(l);
return FALSE;
}
encyc 2006-12-13
- 打赏
- 举报
这是我模拟三次握手的函数
BOOL CWinpcap::sendtcppacket(char *szSrcIP, char *szDstIP, u_short src_prt, u_short dst_prt, char *payload)
{
libnet_t *l;
libnet_ptag_t t;
u_short payload_s=0;
u_long src_ip = 0, dst_ip = 0;
bpf_program bpf_filter;
char bpf_filter_string[100]="";
bpf_u_int32 net_mask;
bpf_u_int32 net_ip;
int res;
struct pcap_pkthdr *header;
const u_char *pkt_data;
DWORD dwCount;
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
m_szInterface, /* network interface */
m_szErrBuf); /* error buffer */
if (l == NULL)
{
TRACE("libnet_init() failed: %s", m_szErrBuf);
return FALSE;
}
if(payload)
{
payload_s = strlen(payload);
}
if ((dst_ip = libnet_name2addr4(l, szDstIP, LIBNET_RESOLVE)) == -1)
{
TRACE("Bad destination IP address: %s\n", szDstIP);
goto bad;
}
if ((src_ip = libnet_name2addr4(l, szSrcIP, LIBNET_RESOLVE)) == -1)
{
TRACE("Bad source IP address: %s\n", szSrcIP);
goto bad;
}
if (!dst_prt || !dst_ip || !src_prt || !src_ip)
{
goto bad;
}
/*
* Create seq and identification.
*/
libnet_seed_prand(l);
m_seq = libnet_get_prand(LIBNET_PRu32);
m_id = libnet_get_prand(LIBNET_PRu16);
sprintf(bpf_filter_string,"tcp and (src net %s)", szDstIP);
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
m_seq, /* sequence number */
m_ack, /* acknowledgement num */
TH_SYN, /* control flags */
65535, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H, /* length */
0, /* TOS */
m_id++, /* IP ID */
0x4000, /* IP Frag */
128, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
dwCount=libnet_write(l);
if (dwCount == SOCKET_ERROR)
{
TRACE("Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
TRACE("Wrote %d byte TCP packet; check the wire.\n", dwCount);
}
libnet_destroy(l);
/*
* Initialize the pcap_t.
*/
pcap_lookupnet(m_szInterface,&net_ip,&net_mask,m_szErrBuf);
m_pcap_handle = pcap_open_live(m_szInterface, BUFSIZ,PCAP_OPENFLAG_PROMISCUOUS, 1000, m_szErrBuf);
if(pcap_compile(m_pcap_handle, &bpf_filter, bpf_filter_string,0,net_ip)==SOCKET_ERROR)
{
pcap_close(m_pcap_handle);
m_pcap_handle=NULL;
return FALSE;
}
pcap_setfilter(m_pcap_handle, &bpf_filter);
if(pcap_datalink(m_pcap_handle)!=DLT_EN10MB)
{
pcap_close(m_pcap_handle);
m_pcap_handle=NULL;
return FALSE;
}
//start the capture
while((res = pcap_next_ex( m_pcap_handle, &header, &pkt_data)) >= 0)
{
if(res == 0)
/* Timeout elapsed */
continue;
tcp_header *tcp_protocol = (tcp_header*)(pkt_data+14+20);
m_seq++;
m_ack = ntohl(tcp_protocol->tcp_sequence);
m_ack++;
break;
}
pcap_close(m_pcap_handle);
m_pcap_handle=NULL;
//return TRUE;
/*
* send http request
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
m_szInterface, /* network interface */
m_szErrBuf); /* error buffer */
BOOL CWinpcap::sendtcppacket(char *szSrcIP, char *szDstIP, u_short src_prt, u_short dst_prt, char *payload)
{
libnet_t *l;
libnet_ptag_t t;
u_short payload_s=0;
u_long src_ip = 0, dst_ip = 0;
bpf_program bpf_filter;
char bpf_filter_string[100]="";
bpf_u_int32 net_mask;
bpf_u_int32 net_ip;
int res;
struct pcap_pkthdr *header;
const u_char *pkt_data;
DWORD dwCount;
/*
* Initialize the library. Root priviledges are required.
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
m_szInterface, /* network interface */
m_szErrBuf); /* error buffer */
if (l == NULL)
{
TRACE("libnet_init() failed: %s", m_szErrBuf);
return FALSE;
}
if(payload)
{
payload_s = strlen(payload);
}
if ((dst_ip = libnet_name2addr4(l, szDstIP, LIBNET_RESOLVE)) == -1)
{
TRACE("Bad destination IP address: %s\n", szDstIP);
goto bad;
}
if ((src_ip = libnet_name2addr4(l, szSrcIP, LIBNET_RESOLVE)) == -1)
{
TRACE("Bad source IP address: %s\n", szSrcIP);
goto bad;
}
if (!dst_prt || !dst_ip || !src_prt || !src_ip)
{
goto bad;
}
/*
* Create seq and identification.
*/
libnet_seed_prand(l);
m_seq = libnet_get_prand(LIBNET_PRu32);
m_id = libnet_get_prand(LIBNET_PRu16);
sprintf(bpf_filter_string,"tcp and (src net %s)", szDstIP);
t = libnet_build_tcp(
src_prt, /* source port */
dst_prt, /* destination port */
m_seq, /* sequence number */
m_ack, /* acknowledgement num */
TH_SYN, /* control flags */
65535, /* window size */
0, /* checksum */
0, /* urgent pointer */
LIBNET_TCP_H, /* TCP packet size */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build TCP header: %s\n", libnet_geterror(l));
goto bad;
}
t = libnet_build_ipv4(
LIBNET_IPV4_H + LIBNET_TCP_H, /* length */
0, /* TOS */
m_id++, /* IP ID */
0x4000, /* IP Frag */
128, /* TTL */
IPPROTO_TCP, /* protocol */
0, /* checksum */
src_ip, /* source IP */
dst_ip, /* destination IP */
NULL, /* payload */
0, /* payload size */
l, /* libnet handle */
0); /* libnet id */
if (t == SOCKET_ERROR)
{
TRACE("Can't build IP header: %s\n", libnet_geterror(l));
goto bad;
}
/*
* Write it to the wire.
*/
dwCount=libnet_write(l);
if (dwCount == SOCKET_ERROR)
{
TRACE("Write error: %s\n", libnet_geterror(l));
goto bad;
}
else
{
TRACE("Wrote %d byte TCP packet; check the wire.\n", dwCount);
}
libnet_destroy(l);
/*
* Initialize the pcap_t.
*/
pcap_lookupnet(m_szInterface,&net_ip,&net_mask,m_szErrBuf);
m_pcap_handle = pcap_open_live(m_szInterface, BUFSIZ,PCAP_OPENFLAG_PROMISCUOUS, 1000, m_szErrBuf);
if(pcap_compile(m_pcap_handle, &bpf_filter, bpf_filter_string,0,net_ip)==SOCKET_ERROR)
{
pcap_close(m_pcap_handle);
m_pcap_handle=NULL;
return FALSE;
}
pcap_setfilter(m_pcap_handle, &bpf_filter);
if(pcap_datalink(m_pcap_handle)!=DLT_EN10MB)
{
pcap_close(m_pcap_handle);
m_pcap_handle=NULL;
return FALSE;
}
//start the capture
while((res = pcap_next_ex( m_pcap_handle, &header, &pkt_data)) >= 0)
{
if(res == 0)
/* Timeout elapsed */
continue;
tcp_header *tcp_protocol = (tcp_header*)(pkt_data+14+20);
m_seq++;
m_ack = ntohl(tcp_protocol->tcp_sequence);
m_ack++;
break;
}
pcap_close(m_pcap_handle);
m_pcap_handle=NULL;
//return TRUE;
/*
* send http request
*/
l = libnet_init(
LIBNET_RAW4, /* injection type */
m_szInterface, /* network interface */
m_szErrBuf); /* error buffer */
encyc 2006-12-13
- 打赏
- 举报
以下代码是我打包http request的函数
void CNetThread::PacketRequest(CString url)
{
memset(m_szPayload, 0x00, sizeof(m_szPayload));
CString reqeust;
CString page=_T("");
url.MakeLower();
if(url.Left(7)=="http://")
{
url = url.Right(url.GetLength()-7);
}
int npos=url.Find("/");
if(npos!=-1)
{
page = url.Right(url.GetLength()-npos-1);
url = url.Left(npos);
}
reqeust = "GET /";
reqeust += page;
reqeust += " HTTP/1.1\r\n";
reqeust += "Accept: text/vnd.wap.wml, image/gif, image/vnd.wap.wbmp, */*\r\n";
reqeust +="Host: ";
reqeust +=url;
reqeust +="\r\n\r\n";
memcpy(m_szPayload,reqeust,reqeust.GetLength());
}
void CNetThread::PacketRequest(CString url)
{
memset(m_szPayload, 0x00, sizeof(m_szPayload));
CString reqeust;
CString page=_T("");
url.MakeLower();
if(url.Left(7)=="http://")
{
url = url.Right(url.GetLength()-7);
}
int npos=url.Find("/");
if(npos!=-1)
{
page = url.Right(url.GetLength()-npos-1);
url = url.Left(npos);
}
reqeust = "GET /";
reqeust += page;
reqeust += " HTTP/1.1\r\n";
reqeust += "Accept: text/vnd.wap.wml, image/gif, image/vnd.wap.wbmp, */*\r\n";
reqeust +="Host: ";
reqeust +=url;
reqeust +="\r\n\r\n";
memcpy(m_szPayload,reqeust,reqeust.GetLength());
}
husheng34 2006-12-12
- 打赏
- 举报
看我用WinPcap写的代码
http://community.csdn.net/Expert/topic/4910/4910196.xml?temp=.4962732
http://community.csdn.net/Expert/topic/4910/4910196.xml?temp=.4962732
husheng34 2006-12-12
- 打赏
- 举报
会不会是http请求最后没有加 \r\n ,这样服务器认为命令还没发完,就不会响应
