util.c

its a full portscan... it works for all type of scanning. here we use libcap

/*
 * Dynamic Port Scanner (DPS)
 * utils.c -- Utility functions implementation
 *
 * Copyright (c) 2006 - 2008 AR Samhuri <ar@securebits.org>
 * ALL RIGHTS RESERVED.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 *
 */

/*
 * My Include
 */
#include "./dps.h"
#include "./ports.h"

/*
 * Util Function Implementations
 */
u_int32_t get_default_gateway()
{
    /* On Linux boxes, the default gateway IP
     * is stored in the "route table" file, that
     * is "/proc/net/route" [FIXME].
     * It is in the line where the destination IP
     * is denoted be 00000000.
     *
     * NOTE: The way and algorithm of getting the 
     * IP address of the gateway presented here are
     * my own way of doing it. If you know a better
     * and more convenient way, please drop me a line:
     * <ar@samhuri.net> ...10NX!
     */
  
    FILE       *in;
    char       filename[] = "/proc/net/route";
    char       line[ 129 ];
    char       *tok;
    u_int32_t  IP = 0;
    int	       i;

    in = fopen( filename, "r" );
    if( in == NULL )
    {
        printf("Could not open the file /proc/net/route\n");
        exit( EXIT_FAILURE );
    }

    /* 
     * Skip the first line in the file as it
     * contains the column names.
     */
    fgets( line, 129, in );

    /* go through a loop and tokenize each line */
    while( !feof( in ) )
    {
        fgets( line, 129, in );
        if( strlen( line ) <= 4 )
            continue;

        tok = strtok( line, "\t" ); /* interface */
        tok = strtok( NULL, "\t" ); /* destination IP */

        if( strcmp( tok, "00000000" ) == 0 )
        {
            tok = strtok( NULL, "\t" ); /* gateway IP */
            /*
             * Now, we have an ASCII string that contains
             * the IP in Big-Endian Hex numbers.
             * We need to convert it to our Language!
             */
            for( i = 0; i < 8; i++ )
                tok[ i ] = ( tok[ i ] > 0X40 ) ? tok[ i ] - 0X37 : tok[ i ] - 0X30;
            for( i = 0; i < 8; i=i+2 )
                IP = ( IP << 0X08 ) | ( ( tok[ i ] << 0X4 ) | ( tok[ i + 1 ] ) );
            tok = NULL;
            break;
        }    
    }

    /* 
     * Return the IP found.
     * The calling function must check the result.
     * if IP = 0, the default gateway couldn't
     * be found...
     */
    return IP;
}


u_int8_t * get_macOfip( u_int32_t IP )
{
    /* 
     * We need to send an ARP request with
     * the folowing data:
     * Source IP       = Local IP Address
     * Destination IP  = IP
     * Source MAC      = Local Eth Address
     * Destination MAC = BROADCAST
     */

    int       i;
    time_t    start_time;
    u_int8_t  *rcv_packet;
    u_int32_t *arp_src_ip;
    u_int32_t *arp_dst_ip;
    u_int8_t  *MAC;
    u_int8_t  *BCAST;
    struct pcap_pkthdr header;

    BCAST = ( u_int8_t * ) malloc( HRD_ADDR_LENGTH );
    for( i = 0; i < HRD_ADDR_LENGTH; i++ )
        BCAST[ i ] = 0XFF;

    /* set the filter code */
    pcap_cfg.f_code = ( char * ) malloc( 100 );
    sprintf(pcap_cfg.f_code,
            "arp and ether[0:2] = 0X%0.2X%0.2X and ether[2:2] = 0X%0.2X%0.2X"
            " and ether[4:2] = 0X%0.2X%0.2X and ether[20:2] = 0X0002\0",
            local_eth_addr[ 0 ], local_eth_addr[ 1 ], local_eth_addr[ 2 ],
            local_eth_addr[ 3 ], local_eth_addr[ 4 ], local_eth_addr[ 5 ]);

    /* compile the filter */
    if( pcap_compile( pcap_cfg.p, &pcap_cfg.f_program,
                      pcap_cfg.f_code, 1, pcap_cfg.netmask ) == -1 )
    {
        printf("Cannot compile the filter code: %s\n", pcap_geterr( pcap_cfg.p ) );
        pcap_close( pcap_cfg.p );
        exit( EXIT_FAILURE );
    }

    free( pcap_cfg.f_code );

    /* Set the filter program on the interface */
    dps_set_filter( pcap_cfg.f_program );

    /* build the ARP request packet */
    dps_build_arp( ARPOP_REQUEST, local_ip_addr, IP, local_eth_addr, BCAST );

    /* write the packet */
    dps_write_packet();

    /* listen for response */
    start_time = time( NULL );

    while( ( start_time + ARP_TIMEOUT ) > time( NULL ) )
    {
        rcv_packet = ( u_int8_t * ) pcap_next( pcap_cfg.p, &header );
        if( rcv_packet == NULL || rcv_packet == 0 )
            continue;

        arp_src_ip = ( u_int32_t * ) ( rcv_packet + LIBNET_ETH_H + LIBNET_ARP_H + 6 );
        arp_dst_ip = ( u_int32_t * ) ( rcv_packet + LIBNET_ETH_H + LIBNET_ARP_H + 16 );

        /*
         * arp_src_ip must equal the IP being ARPed
         * arp_dst_ip must equal the local IP
         */
        if( *arp_src_ip != IP || *arp_dst_ip != local_ip_addr )
            continue;

        MAC = ( u_int8_t * ) malloc( HRD_ADDR_LENGTH );
        for( i = 0; i < HRD_ADDR_LENGTH; i++ )
            MAC[ i ] = rcv_packet[ LIBNET_ETH_H + LIBNET_ARP_H + i ];

        return MAC;
    }

    return NULL;
}

u_int32_t generate_random_ip( u_int32_t network, u_int32_t netmask )
{
    /* 
     * This function generates a random IP address
     * that is in the same subnet of the the local machine
     */
    u_int32_t   IP;

    /* Seed the randomizer */
    if( libnet_seed_prand( libnet_cfg.l ) == -1 )
    {
        printf("Cannot seed the randomizer\n");
        exit( EXIT_FAILURE );
    }

    /* make random 32-bit IP address */
    IP = libnet_get_prand( LIBNET_PRu32 );

    /* 
     * make the randomly-generated IP fall
     * within the same subnet as the local
     * system.
     */
 
    /* convert subnet mask to a wildcard mask */
    netmask = netmask ^ 0XFFFFFFFF;

    /* AND (&) the IP with the wildcard mask. Then,
     * OR (|) the result with the network address */
    IP = ( IP & netmask ) | network;

    return IP;
}

u_int16_t generate_random_port( int flag )
{
    /* This function generates 16-bit port address */
    u_int16_t   PORT;

    /* Seed the randomizer */
    if( libnet_seed_prand( libnet_cfg.l ) == -1 )
    {
        printf("Cannot seed the randomizer\n");
        exit( EXIT_FAILURE );
    }

    /* make random 16-bit port address */
    PORT = libnet_get_prand( LIBNET_PRu16 );

    /*
     * if flag = 0, then, PORT is from    0 - 65535
     * if flag = 1, then, PORT is from    0 - 1024
     * if flag = 2, then, PORT is from 1025 - 65535
     */
    if( flag == 1 && PORT > 1024 )
        PORT %= 1024;
    else if( flag == 2 && PORT < 1025 )
        PORT += 1025;

    return PORT;
}

char *b_search( u_int16_t port_number )
{
    struct port *ent;
    int start, end, diff, mid;
 
    start = 0;
    end = sizeof( port_table ) / sizeof( port_table[ 0 ] );
 
    /* approxmiately O(log n) running time */
    while( end > start )
    {
        mid = ( start + end ) / 2;

        ent = &port_table[ mid ];
 
        diff = port_number - ent->port_number;
 
        if( diff == 0 )
        {
            return( ent->service_name );
        }

        if( diff < 0 )
            /* cut the list in half from the front half */
            end = mid;
        else
            /* cut the list in half from the last half */
            start = mid + 1;
    }
    /* no match */
    return ("unknown");
}

/* EOF */