Interesting ping ----- Small
Foreword: Say is a small note, of course, the article is very short. The tool you should be familiar is WinPCAP
A few days ago, occasionally reading the book of the network, curious with WinPcap to construct a fake ping, which is ICMP package. Full of a pleasure, waiting for the computer, where know, he did not put one. (In fact, the guy still has a reaction, and I will tell you later) I have to know if I am in cmd, he is old and old.
Some parameters:
My IP: 172.16.99.3 I change my IP to 172.16.99.2 (someone said, why not change Mac, actually is self-satisfaction.)
The guy's IP: 172.16.0.100
Part of the program:
Byte packet [100]; MEMSET (Packet, 0, Sizeof (PACKET)); p_mac_header pmachdr = (p_mac_header) (Byte *) Packet; Pmachdr-> Type = 0x0008; // ip packet
Pmachdr-> DMAC [0] = 0x00; Pmachdr-> DMAC [1] = 0x27; Pmachdr-> DMAC [2] = 0x4; Pmachdr-> DMAC [3] = 0x22; Pmachdr-> DMAC [4] = 0x64; Pmachdr-> DMAC [5] = 0xE;
Pmachdr-> smac [0] = 0x00; Pmachdr-> SMAC [1] = 0x04; Pmachdr-> SMAC [2] = 0x90; Pmachdr-> SMAC [3] = 0x46; Pmachdr-> SMAC [4] = 0x21; Pmachdr-> smac [5] = 0XBE;
P_ip_header piphdr = (p_ip_header) (packet) sizeof (mac_header)); pipHDR-> CRC = 0; piphdr-> daddr.byte1 = 172; piphdr-> daddr.byte2 = 16; piphdr-> Daddr .bete3 = 0; piphdr-> daddr.byte4 = 100; piphdr-> saddr.byte1 = 172; pipHDR-> saddr.byte2 = 16; piphdr-> saddr.byte3 = 99; piphdr-> saddr.byte4 = 2;
Piphdr-> flags_fo = 0; piphdr-> identification = 0x3456; piphdr-> proto = ipproto_icmp; piphdr-> tlen = htons (60); // htons (ip_header) sizeof (ICMP_HEADER)); PipHDR-> TOS = 0; piphdr-> ttl = 128; piphdr-> ver_ihl = (4 << 4) | (sizeof (ip_header) / sizeof (dword));
P_ICMP_HEADER pIcmpHdr = (P_ICMP_HEADER) ((BYTE *) (pIpHdr) sizeof (IP_HEADER)); pIcmpHdr-> type = ICMP_PING_REQUEST; pIcmpHdr-> operation = 0; pIcmpHdr-> ping.spec = 0x2; pIcmpHdr-> ping.seq = 0x8; picmphdr-> CRC = 0; piphdr-> crc = calculateCrc ((byte *) piphdr, (piphdr-> ver_ihl & 0xf) * 4); picmphdr-> crc = calculateCrc ((byte *) Picmphdr, sizeof (icmp_header) ); packetsize = 60 14;
IF (PCAP_SENDPACKET (PCKETSIZE)! = 0) {FPRINTF (stderr, "/ nerror sending the packet: / n", pcap_geterr (adapterHandle); Return 0;}
In fact, those above, just filling data, no good things> _ <. The problem is, after I issue this packet, I found that the other party did not have any ICMP response. Strange also. According to the common sense, although I gave a wrong IP address, Mac is correct. The other party should also take a bubble ~. ~ I originally imagined that after the other handed to this news, I also sent a "IP Error" package in accordance with the address of the Mac. However, the actual situation is not the case. No way, I have to change my IP, this time I finally saw the long-lost ICMP responded. Wait a minute, before replying, I suddenly took an ARP Reply, which is my machine responding to the other party's ARP Request. Everyone is looking at the official, saying that everyone should know the greaters, it is not the other party who does not break ICMP, but the other party receives a ping request, there is no trade in the contract, but very cautious , Broadcast an ARP request, see that the IP is not genuine> ___ <. I fake ICMP Ping Request, but I didn't have a counterfeit ARP Reply, so the other party is not going to be.
I don't know if other platforms support such operations, and it is not clear whether this is RFC's suggestion or standard. But if such an operation is for security considerations, this is not a role. Even we can also use this to hide yourself, and go to ARP others. The method is to find a host A, the host number assumption is 1, I want to find if there is a host number to be 2 guys exist. Just fill in the host number 2, (can change a MAC) and send a ping request to A, natural A will go to the ARP host number is 2 guy 喵 ~ This method is suitable for the machine is subject to some restrictions ~
P.s: Do you know what kind of good materials in the Win XP platform? The entire IP newspaper is 60 bytes, 20 IP heads, and the remaining 40 are used by ICMP. As a result, Windows is filled in two times ABCDE ~ Opqrstuvw is really a pack. (If I am gates, I will write Gates Long live you ~) But this is a good way to give us a secret to your own data. For example, you can use the firewall ....... 喵 ~~ the End ~
