以下完整、简单的Sniffer代码代码是用SOCK_RAW写的.SP2已经不支持RAW
#include <winsock2.h> #include <windows.h> #include <ws2tcpip.h> #include <stdio.h> #include <stdlib.h> #define MAX_HOSTNAME_LAN 255 #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) #define MAX_ADDR_LEN 16 typedef struct tcpheader { unsigned short int sport; unsigned short int dport; unsigned int th_seq; unsigned int th_ack; unsigned char th_x2:4; unsigned char th_off:4; unsigned char Flags; unsigned short int th_win; unsigned short int th_sum; unsigned short int th_urp; }TCP_HDR; struct ipheader { unsigned char ip_hl:4, ip_v:4; /* this means that each member is 4 bits */ unsigned char ip_tos; unsigned short int ip_len; unsigned short int ip_id; unsigned short int ip_off; unsigned char ip_ttl; unsigned char ip_p; unsigned short int ip_sum; unsigned int ip_src; unsigned int ip_dst; }; /* total ip header length: 20 bytes (=160 bits) */ // Psuedo Header typedef struct ps_hdr { unsigned int source_address; // Source Address => 4 Bytes unsigned int dest_address; // Destination Address => 4 Bytes unsigned char placeholder; // Place Holder => 1 Bytes unsigned char protocol; // Protocol => 1 Bytes unsigned short tcp_length; // TCP Length => + 2 Bytes // = 12 Bytes struct tcpheader tcp; }PS_HDR; typedef struct udphdr { unsigned short sport; unsigned short dport; unsigned short len; unsigned short cksum; }UDP_HDR; void hexdump(char *pointer) { if ((*(pointer)>0)) printf("//x%2.2i",*(pointer)); else printf("//x%2.2i",(*(pointer))*(-1)+82); } void main() { SOCKET sock; WSADATA wsd; char RecvBuf[65535] = {0}; DWORD dwBytesRet; int pCount=0; unsigned int optval = 1; //the pointer , which shows us the payload begin unsigned char *datatcp=NULL; //the pointer , which shows us the payload begin unsigned char *dataudp=NULL; int lentcp=0, lenudp; WSAStartup(MAKEWORD(2,1),&wsd); if((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP))==SOCKET_ERROR) { exit(1); } char FAR name[MAX_HOSTNAME_LAN]; gethostname(name, MAX_HOSTNAME_LAN); struct hostent FAR * pHostent; pHostent = (struct hostent * )malloc(sizeof(struct hostent)); pHostent = gethostbyname(name); SOCKADDR_IN sa; sa.sin_family = AF_INET; sa.sin_port = htons(6000); memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length); bind(sock, (SOCKADDR *)&sa, sizeof(sa)); //if you don't have raw socket support (win 95/98/me/win2kuser) it calls the exit(1) function if ((WSAGetLastError())==10013) exit(1); WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL); struct udphdr *pUdpheader; struct ipheader *pIpheader; struct tcpheader *pTcpheader; char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN]; SOCKADDR_IN saSource, saDest; pIpheader = (struct ipheader *)RecvBuf; pTcpheader = (struct tcpheader *)(RecvBuf+ sizeof(struct ipheader )); pUdpheader = (struct udphdr *) (RecvBuf+ sizeof(struct ipheader )); while (1) { memset(RecvBuf, 0, sizeof(RecvBuf)); recv(sock, RecvBuf, sizeof(RecvBuf), 0); saSource.sin_addr.s_addr = pIpheader->ip_src; strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN); //Check Dest IP saDest.sin_addr.s_addr = pIpheader->ip_dst; strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN); lentcp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct tcpheader))); lenudp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct udphdr))); if( (pIpheader->ip_p)==IPPROTO_TCP&&lentcp!=0) { printf("*******************************************/n"); pCount++; datatcp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct tcpheader); printf("-TCP-/n"); printf("/nDestination address->%s/n",szDestIP); printf("/nDestination port->%i/n",ntohs(pTcpheader->dport)); printf("datatcp address->%x/n",datatcp); printf("size of ipheader->%i/n",sizeof(struct ipheader)); printf("size of tcpheader->%i/n",sizeof(struct tcpheader)); printf("size of the hole packet->%i/n",ntohs(pIpheader->ip_len)); printf("/nchar Packet%i []=/"",pCount,lentcp); for (int i=0;i<lentcp;i++) { printf("//x%.2x",*(datatcp+i)); //hexdump(datatcp+i); if(i%10==0) { printf("/""); printf("/n/""); } } printf("/";/n/n/n"); for (int i2=0;i2<lentcp;i2++) { if( *(datatcp+i2)<=127&&*(datatcp+i2)>=20) printf("%c",*(datatcp+i2)); else printf("."); } printf("/n/n"); printf("*******************************************/n"); } if( (pIpheader->ip_p)==IPPROTO_UDP&&lentcp!=0) { pCount++; dataudp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct udphdr); printf("-UDP-/n"); printf("/nDestination address->%s/n",szDestIP); printf("/nDestination port->%d/n",ntohs(pTcpheader->dport)); printf("dataudp address->%x/n",dataudp); printf("size of ipheader->%i/n",sizeof(struct ipheader)); printf("size of udpheader->%i/n",sizeof(struct udphdr)); printf("size of the hole packet->%i/n",ntohs(pIpheader->ip_len)); printf("/nchar Packet%i []=/"",pCount,lenudp); for (int x=0;x<lenudp;x++) { printf("//x%.2x",*(dataudp+x)); if (x%10==0) { printf("/""); printf("/n/""); } } printf("/";/n/n/n"); for (int x2=0;x2<lenudp;x2++) { if( *(dataudp+x2)<=127&&*(dataudp+x2)>=20) printf("%c",*(dataudp+x2)); else printf("."); } printf("/n/n"); printf("*******************************************/n"); } } 要用"伪造数据包"的方法,来禁止一切TCP连接,用Winpcap改写的代码为: #include <winsock2.h> #include <windows.h> #include <ws2tcpip.h> #include <stdio.h> #include <stdlib.h> #pragma comment(lib,"ws2_32.lib") #define MAX_HOSTNAME_LAN 255 #define SIO_RCVALL _WSAIOW(IOC_VENDOR,1) #define MAX_ADDR_LEN 16 struct ipheader { unsigned char ip_hl:4, ip_v:4; /* this means that each member is 4 bits */ unsigned char ip_tos; unsigned short int ip_len; unsigned short int ip_id; unsigned short int ip_off; unsigned char ip_ttl; unsigned char ip_p; unsigned short int ip_sum; unsigned int ip_src; unsigned int ip_dst; }; /* total ip header length: 20 bytes (=160 bits) */ typedef struct tcpheader { unsigned short int sport; unsigned short int dport; unsigned int th_seq; unsigned int th_ack; unsigned char th_x:4; unsigned char th_off:4; unsigned char Flags; unsigned short int th_win; unsigned short int th_sum; unsigned short int th_urp; }TCP_HDR; typedef struct udphdr { unsigned short sport; unsigned short dport; unsigned short len; unsigned short cksum; }UDP_HDR; void main() { SOCKET sock; WSADATA wsd; DWORD dwBytesRet; unsigned int optval = 1; unsigned char *dataudp,*datatcp; int i,pCount=0,lentcp, lenudp; SOCKADDR_IN sa,saSource, saDest; struct hostent FAR * pHostent; char FAR name[MAX_HOSTNAME_LAN]; char szSourceIP[MAX_ADDR_LEN], szDestIP[MAX_ADDR_LEN],RecvBuf[65535] = {0}; struct udphdr *pUdpheader; struct ipheader *pIpheader; struct tcpheader *pTcpheader; WSAStartup(MAKEWORD(2,1),&wsd); if ((sock = socket(AF_INET, SOCK_RAW, IPPROTO_IP))==SOCKET_ERROR)exit(1); gethostname(name, MAX_HOSTNAME_LAN); pHostent = gethostbyname(name); sa.sin_family = AF_INET; sa.sin_port = htons(6000); memcpy(&sa.sin_addr.S_un.S_addr, pHostent->h_addr_list[0], pHostent->h_length); bind(sock, (SOCKADDR *)&sa, sizeof(sa)); if ((WSAGetLastError())==10013)exit(1); WSAIoctl(sock, SIO_RCVALL, &optval, sizeof(optval), NULL, 0, &dwBytesRet, NULL, NULL); pIpheader = (struct ipheader *)RecvBuf; pTcpheader = (struct tcpheader *)(RecvBuf+ sizeof(struct ipheader )); pUdpheader = (struct udphdr *) (RecvBuf+ sizeof(struct ipheader )); while (1) { memset(RecvBuf, 0, sizeof(RecvBuf)); recv(sock, RecvBuf, sizeof(RecvBuf), 0); saSource.sin_addr.s_addr = pIpheader->ip_src; strncpy(szSourceIP, inet_ntoa(saSource.sin_addr), MAX_ADDR_LEN); saDest.sin_addr.s_addr = pIpheader->ip_dst; strncpy(szDestIP, inet_ntoa(saDest.sin_addr), MAX_ADDR_LEN); lentcp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct tcpheader))); lenudp =(ntohs(pIpheader->ip_len)-(sizeof(struct ipheader)+sizeof(struct udphdr))); if((pIpheader->ip_p)==IPPROTO_TCP&&lentcp!=0) { printf("*******************************************/n"); pCount++; datatcp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct tcpheader); printf("-TCP-/n"); printf("/nDestination address->%s/n",szDestIP); printf("/nDestination port->%i/n",ntohs(pTcpheader->dport)); printf("datatcp address->%x/n",datatcp); printf("size of ipheader->%i/n",sizeof(struct ipheader)); printf("size of tcpheader->%i/n",sizeof(struct tcpheader)); printf("size of the hole packet->%i/n",ntohs(pIpheader->ip_len)); printf("/nchar Packet%i [%i]=/"",pCount,lentcp-1); for (i=0;i<lentcp;i++) { printf("//x%.2x",*(datatcp+i)); if (i%10==0)printf("/"/n/""); } printf("/";/n/n/n"); for (i=0;i<lentcp;i++) { if( *(datatcp+i)<=127&&*(datatcp+i)>=20)printf("%c",*(datatcp+i)); else printf("."); } printf("/n/n*******************************************/n"); } if((pIpheader->ip_p)==IPPROTO_UDP&&lentcp!=0) { pCount++; dataudp=(unsigned char *) RecvBuf+sizeof(struct ipheader)+sizeof(struct udphdr); printf("-UDP-/n"); printf("/nDestination address->%s/n",szDestIP); printf("/nDestination port->%d/n",ntohs(pTcpheader->dport)); printf("dataudp address->%x/n",dataudp); printf("size of ipheader->%i/n",sizeof(struct ipheader)); printf("size of udpheader->%i/n",sizeof(struct udphdr)); printf("size of the hole packet->%i/n",ntohs(pIpheader->ip_len)); printf("/nchar Packet%i [%i]=/"",pCount,lenudp-1); for (i=0;i<lenudp;i++) { printf("//x%.2x",*(dataudp+i)); if (i%10==0)printf("/"/n/""); } printf("/";/n/n/n"); for (i=0;i<lenudp;i++) { if( *(dataudp+i)<=127&&*(dataudp+i)>=20)printf("%c",*(dataudp+i)); else printf("."); } printf("/n/n*******************************************/n"); } } }
