네트워크 보안 수업 9일차 - 코리아 정보보안 IT학원

DNS request 패킷 만들기

response 받아야 성공

 tshark -o udp.check_checksum:true -R "dns" -V

패킷 디테일과 udp 헤더의 체크섬 에러 확인 해줌

#include <stdio.h>

#include <string.h>

#include <unistd.h>

#include <sys/socket.h>

#include <sys/types.h>

#include <netinet/ip.h>

#include <net/if.h>

#include <net/if_arp.h>

#include <linux/if_packet.h>

#include <linux/if_ether.h>

#include <net/ethernet.h>

#include <arpa/inet.h>

struct eth_header {

        unsigned char dst[6];

        unsigned char src[6];

        unsigned short type;

} __attribute__((packed));

struct ip_header{

        unsigned char hlen:4;

        unsigned char ver:4;

        unsigned char service;

        unsigned short total;

        unsigned short id;

        unsigned char flag;

        unsigned char offset;

        unsigned char ttl;

        unsigned char type;

        unsigned short chk;

        unsigned int src;

        unsigned int dst;

} __attribute__((packed));

struct udp_header {

        unsigned short src_port;

        unsigned short dst_port;

        unsigned short length;

        unsigned short chksum;

        unsigned short transaction;

        unsigned short flag;

        unsigned short questions;

        unsigned short answer;

        unsigned short authority;

        unsigned short additional;

        unsigned char count1;

        unsigned char sub_domain[3];

        unsigned char count2;

        unsigned char main_domain[4];

        unsigned char count3;

        unsigned char domain[4];

        unsigned short type;

        unsigned short class;

} __attribute__((packed));

struct pseudo_header {

        unsigned long int src;

        unsigned long int dst;

        unsigned char zero;

        unsigned char protocol;

        unsigned short length;

        struct udp_header udp;

} __attribute__((packed));

unsigned short csum ( unsigned short *buf, int nwords )

{

  unsigned long sum;

  u_short oddbyte;

  register u_short answer;

  sum = 0;

  while( nwords > 1 ) {

  sum += *buf++;

  nwords -= 2;

  }

  if( nwords ==1 ) {

  oddbyte = 0;

  *((u_char *)&oddbyte) = *(u_char *)buf;

  sum += oddbyte;

  }

  sum = (sum >> 16) + (sum & 0xffff);

  sum += (sum >> 16);

  answer = ~sum;

  return (answer);

}

int main(int argc, char *argv[])

{

        int sock = 0;

        struct sockaddr_ll sll;

        struct eth_header eth;

        struct ip_header ip;

        struct udp_header udp;

        struct pseudo_header pseudo;

        char data[sizeof( eth ) + sizeof( ip ) + sizeof( udp )] = {0,};

        //create socket

        sock = socket(PF_PACKET, SOCK_RAW, 0);

        //socket struct

        sll.sll_family = PF_PACKET;

        sll.sll_ifindex = if_nametoindex("enp0s3");

        sll.sll_halen = 6;

        //ether header

        //target mac address

        eth.dst[0] = 0x50;

        eth.dst[1] = 0x6a;

        eth.dst[2] = 0x03;

        eth.dst[3] = 0xaf;

        eth.dst[4] = 0x2a;

        eth.dst[5] = 0x98;

        //src mac address

        eth.src[0] = 0x08;

        eth.src[1] = 0x00;

        eth.src[2] = 0x27;

        eth.src[3] = 0x25;

        eth.src[4] = 0x5d;

        eth.src[5] = 0x35;

        //type

        eth.type = htons(0x0800);

        //ip header

        //ver_len

        ip.ver = 0x4;

        ip.hlen  = sizeof( ip ) >> 2;

        //service

        ip.service = 0x00;

        //total

        ip.total   = htons( sizeof( ip ) + sizeof( udp ));

        //id

        ip.id      = htons( 0x1234 );

        //flag & offset

        ip.flag    = 0x00;

        ip.offset  = 0x00;

        //ttl

        ip.ttl     = 0x80;

        //type

        ip.type    = 0x11;

        //chk

        ip.chk     = 0x00;

        //src ip

        ip.src     = inet_addr("192.168.15.140");

        //dst ip

        ip.dst     = inet_addr("168.126.63.1");

        ip.chk = csum( (unsigned short *)&ip, sizeof( ip ) );

        //udp header

        //type

        udp.src_port  = htons(0xe9ed);

        //code

        udp.dst_port  = htons(0x0035);

        //check sum

        udp.length    = htons(sizeof(udp));

        //id

        udp.chksum    = 0x00;

        //dns

        udp.transaction    = htons(0x5065);

        udp.flag           = htons(0x0100);

        udp.questions      = htons(0x0001);

        udp.answer         = htons(0x0000);

        udp.authority      = htons(0x0000);

        udp.additional     = htons(0x0000);

        udp.count1         = 0x03;

        udp.sub_domain[0]  = 0x77;

        udp.sub_domain[1]  = 0x77;

        udp.sub_domain[2]  = 0x77;

        udp.count2         = 0x04;

        udp.main_domain[0] = 0x64;

        udp.main_domain[1] = 0x61;

        udp.main_domain[2] = 0x75;

        udp.main_domain[3] = 0x6d;

        udp.count3         = 0x03;

        udp.domain[0]      = 0x6e;

        udp.domain[1]      = 0x65;

        udp.domain[2]      = 0x74;

        udp.domain[3]      = 0x00;

        udp.type           = htons(0x0001);

        udp.class          = htons(0x0001);

        pseudo.src = ip.src;

        pseudo.dst = ip.dst;

        pseudo.zero = 0;

        pseudo.protocol = 0x11;

        pseudo.length = sizeof(udp);

        memcpy( &pseudo.udp, &udp, sizeof(udp));

        memcpy( data, &eth, sizeof( eth ) );

        memcpy( data + sizeof( eth ), &ip, sizeof( ip ) );

        memcpy( data + sizeof( eth ) + sizeof( ip ), &udp, sizeof( udp ) );

        int i = 0;

        unsigned char *ptr = data;

        for( i = 0; i < sizeof( data ); i++){

                if( i != 0 && i % 16 ==0 ){ printf("\n"); }

                printf("%02x ", *(ptr+i));

        }

        printf("\n");

        //send

        sendto(sock, data, sizeof(data), 0, (struct sockaddr *)&sll, sizeof(sll));

        return 0;

}