search

google / gopacket

Provides packet processing capabilities for Go
BSD 3-Clause "New" or "Revised" License
6.34k stars 1.13k forks source link

Operating system sends duplicate packets #1147

Open homelanmder opened 11 months ago

homelanmder commented 11 months ago

I am using centos7 operating system,and there is my code

`package main

import ( "flag" "fmt" "github.com/google/gopacket" "github.com/google/gopacket/layers" "github.com/google/gopacket/pcap" "github.com/google/gopacket/routing" "github.com/mdlayher/arp" "math/rand" "net" "net/netip" "time" "vulScan/common" )

func randSeq() int { seed := rand.NewSource(time.Now().UnixNano()) return rand.New(seed).Intn(4294967296) }

func main() { var ip string var port int flag.StringVar(&ip, "ip", "", "ip") flag.IntVar(&port, "port", 0, "port") flag.Parse() if ip == "" || port == 0 { flag.Usage() return } synScan(ip, port) }

type synScanner struct { Handle *pcap.Handle PortMap map[string]string LocalMac net.HardwareAddr LocalIp net.IP GatewayMac net.HardwareAddr }

func synScan(ip string, port int) { var err error var route routing.Router var ifs net.Interface var gateway net.IP var src net.IP var gatewayAddr netip.Addr var c arp.Client scanner := synScanner{ PortMap: make(map[string]string), }

if route, err = routing.New(); err != nil {
    fmt.Println(err.Error())
    return
}
if ifs, gateway, src, err = route.Route(net.ParseIP(ip)); err != nil {
    fmt.Println(err.Error())
    return
}
scanner.LocalIp = src
scanner.LocalMac = ifs.HardwareAddr
if gatewayAddr, err = netip.ParseAddr(gateway.String()); err != nil {
    fmt.Println(err.Error())
    return
}
if c, err = arp.Dial(ifs); err != nil {
    fmt.Println(err.Error())
    return
}
if scanner.GatewayMac, err = c.Resolve(gatewayAddr); err != nil {
    fmt.Println(err.Error())
    return
}
scanner.Handle, err = pcap.OpenLive(common.InterfaceName, 65536, true, pcap.BlockForever)
scanner.sendSyn(ip, port)

}

func (s *synScanner) sendSyn(dstIp string, dstPort int) { fmt.Println("发送了syn") eth := layers.Ethernet{ SrcMAC: s.LocalMac, DstMAC: s.GatewayMac, EthernetType: layers.EthernetTypeIPv4, } ip4 := layers.IPv4{ SrcIP: s.LocalIp, DstIP: net.ParseIP(dstIp), Version: 4, TTL: 64, Protocol: layers.IPProtocolTCP, } tcp := layers.TCP{ SrcPort: layers.TCPPort(common.LocalPort), DstPort: layers.TCPPort(dstPort), // will trough ports slice SYN: true, Window: 29200, Seq: uint32(randSeq()), Options: []layers.TCPOption{ layers.TCPOption{layers.TCPOptionKindMSS, 4, []byte("\x05\xb4")}, layers.TCPOption{layers.TCPOptionKindSACKPermitted, 2, nil}, layers.TCPOption{layers.TCPOptionKindNop, 1, nil}, layers.TCPOption{layers.TCPOptionKindWindowScale, 3, []byte("\x07")}, }, } tcp.SetNetworkLayerForChecksum(&ip4) buffer := gopacket.NewSerializeBuffer() opts := gopacket.SerializeOptions{ FixLengths: true, ComputeChecksums: true, } gopacket.SerializeLayers(buffer, opts, &eth, &ip4, &tcp) s.Handle.WritePacketData(buffer.Bytes()) }`

homelanmder commented 11 months ago
搜狗截图20231121235530

I used this code to send a tcp syn handshake packet to 192.168.7.131:8080, but when I used tcpdump to capture the packet, I captured two identical tcp syn handshake packets.

homelanmder commented 11 months ago

why is that