new: net.probe now also sends multicast dns queries to force mDNS traffic and responses

2025-08-20 21:43:18 -07:00 · 2018-09-06 17:41:51 +03:00 · 2018-09-06 17:41:51 +03:00 · e993bf73f8
commit e993bf73f8
parent 84228f532f
3 changed files with 69 additions and 0 deletions
--- a/packets/mdns.go
+++ b/packets/mdns.go
@ -1,6 +1,7 @@
 package packets

 import (
+	"net"
 	"strings"

 	"github.com/bettercap/bettercap/core"
@ -11,6 +12,11 @@ import (

 const MDNSPort = 5353

+var (
+	MDNSDestMac = net.HardwareAddr{0x01, 0x00, 0x5e, 0x00, 0x00, 0xfb}
+	MDNSDestIP  = net.ParseIP("224.0.0.251")
+)
+
 func MDNSGetMeta(pkt gopacket.Packet) map[string]string {
 	if ludp := pkt.Layer(layers.LayerTypeUDP); ludp != nil {
 		if udp := ludp.(*layers.UDP); udp != nil && udp.SrcPort == MDNSPort && udp.DstPort == MDNSPort {
@ -59,3 +65,43 @@ func MDNSGetHostname(pkt gopacket.Packet) string {
 	}
 	return ""
 }
+
+func NewMDNSProbe(from net.IP, from_hw net.HardwareAddr) (error, []byte) {
+	eth := layers.Ethernet{
+		SrcMAC:       from_hw,
+		DstMAC:       MDNSDestMac,
+		EthernetType: layers.EthernetTypeIPv4,
+	}
+
+	ip4 := layers.IPv4{
+		Protocol: layers.IPProtocolUDP,
+		Version:  4,
+		TTL:      64,
+		SrcIP:    from,
+		DstIP:    MDNSDestIP,
+	}
+
+	udp := layers.UDP{
+		SrcPort: layers.UDPPort(12345),
+		DstPort: layers.UDPPort(MDNSPort),
+	}
+
+	dns := layers.DNS{
+		ID:     1,
+		RD:     true,
+		OpCode: layers.DNSOpCodeQuery,
+		Questions: []layers.DNSQuestion{
+			layers.DNSQuestion{
+				Name:  []byte("_services._dns-sd._udp.local"),
+				Type:  layers.DNSTypePTR,
+				Class: layers.DNSClassIN,
+			},
+		},
+	}
+
+	if err := udp.SetNetworkLayerForChecksum(&ip4); err != nil {
+		return err, nil
+	}
+
+	return Serialize(&eth, &ip4, &udp, &dns)
+}