两个半连接扫描程序源代码
减小字体
增大字体第一个:
//这是别人写的一个半连接的扫描
//
#include <winsock2.h>
#include <ws2tcpip.h>
#include "mstcpip.h"
#include <stdio.h>
#pragma comment(lib,"ws2_32.lib")
////////////////////////////////////////////////////////////////
//全局变量
////////////////////////////////////////////////////////////////
#define srcPort 88
char srcIP[20] = ; //定义源地址 ----------->>>>>>>
char tgtIP[20] = ; //定义目的地址 -------------->>>>>>>
int portNow; //定义正在扫描的端口
//标准端口列表
int ports[20] =;
typedef struct ip_hdr
{
unsigned char h_verlen; //4位首部长度,4位IP版本号
unsigned char tos; //8位服务类型TOS
unsigned short total_len; //16位总长度(字节)
unsigned short ident; //16位标识
unsigned short frag_and_flags; //3位标志位
unsigned char ttl; //8位生存时间 TTL
unsigned char proto; //8位协议 (TCP, UDP 或其他)
unsigned short checksum; //16位IP首部校验和
unsigned int sourceIP; //32位源IP地址
unsigned int destIP; //32位目的IP地址
}IP_HEADER;
typedef struct tcp_hdr //定义TCP首部
{
USHORT th_sport; //16位源端口
USHORT th_dport; //16位目的端口
unsigned int th_seq; //32位序列号
unsigned int th_ack; //32位确认号
unsigned char th_lenres; //4位首部长度/6位保留字
unsigned char th_flag; //6位标志位
USHORT th_win; //16位窗口大小
USHORT th_sum; //16位校验和
USHORT th_urp; //16位紧急数据偏移量
}TCP_HEADER;
typedef struct tsd_hdr //定义TCP伪首部
{
unsigned long saddr; //源地址
unsigned long daddr; //目的地址
char mbz;
char ptcl; //协议类型
unsigned short tcpl; //TCP长度
}PSD_HEADER;
////////////////////////////////////////////////////////////////
//函数原形
////////////////////////////////////////////////////////////////
int send_packet(); //发送数据函数
int recv_packet(); //监听数据函数
USHORT checksum( USHORT *, int ); //计算检验和函数
void check_port( char * ); //判断端口是否开放函数
//////////////////////////////////////////////////////////////// ------------------------------
//main函数
////////////////////////////////////////////////////////////////
int main( int argc , char *argv[] )
{
int end;
WSADATA WSAData;
DWORD thread_ID = 1;
char FAR hostname[128] = ; //--------->>>>>>>>>>
HANDLE ThreadHandle[20];
struct hostent *phe;
if( argc != 2 )//检查命令行参数是否正确
{
usage( argv[0] );
exit( 0 );
}
if ( WSAStartup(MAKEWORD(2,2) , &WSAData) )
{
printf("WSAStartup Error...\n");
exit(0);
}
strcpy(tgtIP,argv[1]);//得到目标主机的ip地址
gethostname(hostname,128);//获取本机主机名
phe = gethostbyname(hostname);//获取本机ip地址结构
if(phe == NULL)
{
printf("Get LocalIP Error...\n");
}
strcpy(srcIP, inet_ntoa(*((struct in_addr *)phe->h_addr_list[0])));//得到本机ip地址
//调试用,注释掉
//printf("test\t%s\n",tgtIP);
//printf("test\t%s\n",srcIP);
//开启新线程,接受数据包,分析返回的信息
HANDLE RecvHandle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)recv_packet,NULL,0,&thread_ID);
Sleep(500);//休息一下再启动发送数据包函数
for(int tmp = 0; tmp < 20; tmp++)
{
++thread_ID;
//要扫描的端口
portNow = ports[tmp];
//开启新线程,发送数据包
ThreadHandle[tmp] = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)send_packet,NULL,0,&thread_ID);
//防止生成线程过快,休息
Sleep(100);
}
DWORD WaitThread = WaitForMultipleObjects( 20 , ThreadHandle , TRUE , INFINITE );
if( WaitThread != WAIT_FAILED)
{
for( int n = 0 ; n < 20 ; n++ )
{
CloseHandle( ThreadHandle[n] );
}
}
CloseHandle( RecvHandle );
WSACleanup();
scanf("%d",&end);
return 0;
}
//---------------------------------------------------------------------功能函数
//发送数据包的函数
int send_packet()
{
SOCKET sendSocket;
BOOL flag;
int timeout;
SOCKADDR_IN sin;
IP_HEADER ipHeader;
TCP_HEADER tcpHeader;
PSD_HEADER psdHeader;
char szSendBuf[60] = {0}; //发送包的缓冲区
int ret;
unsigned long source_ip;
unsigned long target_ip;
//建立原生数据socket
if((sendSocket = WSASocket(AF_INET, SOCK_RAW, IPPROTO_RAW, NULL, 0, WSA_FLAG_OVERLAPPED)) == INVALID_SOCKET)
{
printf("Socket Setup Error...\n");
return 0;
}
//设置自己填充数据包
if(setsockopt(sendSocket, IPPROTO_IP, IP_HDRINCL, (char *)&flag, sizeof(flag)) == SOCKET_ERROR)
{
printf("Setsockopt IP_HDRINCL Error...\n");
return 0;
}
//设置超时时间
timeout = 1000;
if(setsockopt(sendSocket, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) == SOCKET_ERROR)
{
printf("Setsockopt SO_SNDTIMEO Error...\n");
return 0;
}
target_ip = inet_addr(tgtIP);
source_ip = inet_addr(srcIP);
sin.sin_family = AF_INET;
sin.sin_port = htons(portNow);
sin.sin_addr.S_un.S_addr = target_ip;
//填充IP首部
ipHeader.h_verlen = (4<<4 | sizeof(ipHeader)/sizeof(unsigned long));
ipHeader.total_len = htons(sizeof(ipHeader)+sizeof(tcpHeader));
ipHeader.ident = 1;
ipHeader.frag_and_flags = 0x40;
ipHeader.ttl = 128;
ipHeader.proto = IPPROTO_TCP;
ipHeader.checksum = 0;
ipHeader.sourceIP = source_ip;//源IP
ipHeader.destIP = target_ip;//目的IP
//填充TCP首部
tcpHeader.th_dport = htons(portNow);//目的端口
tcpHeader.th_sport = htons(srcPort); //源端口
tcpHeader.th_seq = 0x12345678;
tcpHeader.th_ack = 0;
tcpHeader.th_lenres = (sizeof(tcpHeader)/4<<4|0);
tcpHeader.th_flag = 2;//syn标志位。0,2,4,8,16,32->FIN,SYN,RST,PSH,ACK,URG(推测,哈哈)
tcpHeader.th_win = htons(512);
tcpHeader.th_urp = 0;
tcpHe
Tags:连接,扫描,程序,源代码
