Hacking - The Art of Exploitation, 2nd Edition
Networking 227 u_char buffer[9000]; if ((sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP)) == -1) fatal("in socket"); for(i=0; i ...
228 0x400 0x442 libpcap Sniffer A standardized programming library called libpcap can be used to smooth out the inconsistencies ...
Networking 229 pcap_handle = pcap_open_live(device, 4096, 1, 0, errbuf); if(pcap_handle == NULL) pcap_fatal("pcap_open_live", er ...
230 0x400 05 a8 2b 3f 00 00 01 01 08 0a 02 47 27 6c 26 b6 | ..+?.......G'l&. a7 76 | .v Got a 84 byte packet 00 01 6c eb 1d ...
Networking 231 reader@hacking:~/booksrc $ $ grep -R "typedef.*be16" /usr/include /usr/include/linux/types.h:typedef u16 bitwise ...
232 0x400 u_int16_t frag_off; u_int8_t ttl; u_int8_t protocol; u_int16_t check; u_int32_t saddr; u_int32_t daddr; /*The options ...
Networking 233 The compiler padding, as mentioned earlier, will align this structure on a 4-byte boundary by padding the rest of ...
234 0x400 | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ...
Networking 235 Now that the headers are defined as structures, we can write a program to decode the layered headers of each pack ...
236 0x400 pcap_t *pcap_handle; device = pcap_lookupdev(errbuf); if(device == NULL) pcap_fatal("pcap_lookupdev", errbuf); printf( ...
Networking 237 The caught_packet() function gets called whenever pcap_loop() captures a packet. This function uses the header le ...
238 0x400 if(tcp_header->tcp_flags & TCP_URG) printf("URG "); printf(" }\n"); return header_size; } The decoding function ...
Networking 239 With the headers decoded and separated into layers, the TCP/IP connec- tion is much easier to understand. Notice ...
240 0x400 Spoofing is the first step in sniffing packets on a switched network. The other two interesting details are found in A ...
Networking 241 Due to timeout values, the victim machines will periodically send out real ARP requests and receive real ARP repl ...
242 0x400 told that 192.168.0.118 is also at 00:00:AD:D1:C7:ED. These spoofed ARP packets can be injected using a command-line p ...
Networking 243 reader@hacking:~/booksrc $ sudo nemesis arp -v -r -d eth0 -S 192.168.0.1 -D 192.168.0.118 -h 00:00:AD:D1:C7:ED -m ...
244 0x400 > sudo nemesis arp -v -r -d eth0 -S 192.168.0.1 -D 192.168.0.118 -h 00:00:AD:D1:C7:ED -m 00:C0:F0:79:3D:30 -H 00:00 ...
Networking 245 data structures for the packet header information. The nemesis_arp() function shown below is called in nemesis.c ...
246 0x400 typedef struct libnet_dns_hdr DNShdr; typedef struct libnet_ethernet_hdr ETHERhdr; typedef struct libnet_icmp_hdr ICMP ...
«
8
9
10
11
12
13
14
15
16
17
»
Free download pdf